Win32 Agent ODG Trojan Virus

View previous topic View next topic Go down

Win32 Agent ODG Trojan Virus

Post by kmbutts on 16th April 2009, 11:49 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:38 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
e:\autorun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Desktop\JavaRa\JavaRa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: torrents.to Toolbar - {b7f907ee-0a1b-43b8-a611-b429a184ad6b} - C:\Program Files\torrents.to\tbtorr.dll
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O2 - BHO: (no name) - {165b93d6-daf0-4f47-837a-e722d8bf84e4} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: torrents.to Toolbar - {b7f907ee-0a1b-43b8-a611-b429a184ad6b} - C:\Program Files\torrents.to\tbtorr.dll
O2 - BHO: (no name) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - (no file)
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - (no file)
O3 - Toolbar: torrents.to Toolbar - {b7f907ee-0a1b-43b8-a611-b429a184ad6b} - C:\Program Files\torrents.to\tbtorr.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Nuance.ctfmngr] C:\Program Files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe /restore
O4 - HKLM\..\Run: [GroupManager] C:\Program Files\Adobe Acrobat 9 Pro\groupmanager.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kkocayobiquyep] rundll32.exe "C:\WINDOWS\Pmicucowo.dll",e
O4 - HKLM\..\Run: [75a17511] rundll32.exe "C:\WINDOWS\system32\nefaneji.dll",b
O4 - HKLM\..\Run: [CPM7692468d] Rundll32.exe "c:\windows\system32\yezumoyu.dll",a
O4 - HKLM\..\Run: [Rlinerul] rundll32.exe "C:\WINDOWS\ukofoceqozuz.dll",e
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [bofinamima] Rundll32.exe "C:\WINDOWS\system32\bupufana.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [bofinamima] Rundll32.exe "C:\WINDOWS\system32\bupufana.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bofinamima] Rundll32.exe "C:\WINDOWS\system32\bupufana.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Launch ResidentServices.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Save Page As PDF ... - [You must be registered and logged in to see this link.] Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\mclsp.dll' missing
O12 - Plugin for .NPSSView: C:\Program Files\Common Files\Crystal Decisions\2.0\crystalreportviewers\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - [You must be registered and logged in to see this link.]


Part 1

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 16th April 2009, 11:50 pm

Part 2

O18 - Protocol: bw+0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\yizodonu.dll c:\windows\system32\yezumoyu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yezumoyu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yezumoyu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 23033 bytes

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 17th April 2009, 12:10 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
    O1 - Hosts: 82.98.231.89 best-click-scanner.info
    O2 - BHO: (no name) - {165b93d6-daf0-4f47-837a-e722d8bf84e4} - (no file)
    O2 - BHO: (no name) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - (no file)
    O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O3 - Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - (no file)
    O4 - HKLM\..\Run: [Kkocayobiquyep] rundll32.exe "C:\WINDOWS\Pmicucowo.dll",e
    O4 - HKLM\..\Run: [75a17511] rundll32.exe "C:\WINDOWS\system32\nefaneji.dll",b
    O4 - HKLM\..\Run: [CPM7692468d] Rundll32.exe "c:\windows\system32\yezumoyu.dll",a
    O4 - HKLM\..\Run: [Rlinerul] rundll32.exe "C:\WINDOWS\ukofoceqozuz.dll",e
    O4 - HKLM\..\Run: [bofinamima] Rundll32.exe "C:\WINDOWS\system32\bupufana.dll",s
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-19\..\Run: [bofinamima] Rundll32.exe "C:\WINDOWS\system32\bupufana.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [bofinamima] Rundll32.exe "C:\WINDOWS\system32\bupufana.dll",s (User 'NETWORK SERVICE')
    O18 - Protocol: bw+0 - {B3F2503E-0F07-4E46-9BA8-8FF531BC926E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    Fix ALL these O18 items too
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - (no file)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\yizodonu.dll c:\windows\system32\yezumoyu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yezumoyu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yezumoyu.dll



  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 12:30 am

doing it now..... will post the txt file on completion

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 1:05 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "seneka" found!
ImagePath: \systemroot\system32\drivers\senekalsmpikka.sys
Driver disabled successfully.
Rootkit scan completed.

Completed script processing.
*******************
Finished! Terminate.


I noticed that you are a WWE fan .....I have some pics for you

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[url=https://servimg.com/image_preview.php?i=7&u=13790796][/url

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 17th April 2009, 1:11 am

LOL, that's from WWF time. Nice pics though. Smile

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
seneka

Files to delete:
C:\WINDOWS\system32\drivers\senekalsmpikka.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 1:15 am

photos were taken before the HOF ceremony@ Wrestlemania 25.

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 17th April 2009, 1:25 am

Ah. I watched the second half of that (Stonecold/Ricky Steamboat/Rick Flair half)

Standing by for avenger report.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 1:31 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "seneka" deleted successfully.
File "C:\WINDOWS\system32\drivers\senekalsmpikka.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.


Not quite; I had them both custom made...they are both ring ready and although the larger one has some elements of the Attitude Era belt, it is very different...the smaller belt is the one that Jerry "The King" Lawler won after defeating Kerry Von Erich at Super Clash III back in 1988....Lawler's belt was dual plated and named the USWA Unified Title. I opted for gold plating on mine.

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 1:36 am

Was part of the ring crew for NWA/WCW during the mid to late 80's; got to know the 4 horsemen, Sting, Luger, The Road Warriors and some of the other guys quite well before I took another job with Eastern airlines....I should have stayed with wrestling!!!

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 17th April 2009, 2:01 pm

[You must be registered and logged in to see this link.] wrote:Was part of the ring crew for NWA/WCW during the mid to late 80's; got to know the 4 horsemen, Sting, Luger, The Road Warriors and some of the other guys quite well before I took another job with Eastern airlines....I should have stayed with wrestling!!!

ASDFA. I love you. LMBO or ROFL
Lugar/Sting were my favourites back in WCW. So were the 4 four horsemen.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 5:38 pm

Malwarebytes' Anti-Malware 1.36
Database version: 1994
Windows 5.1.2600 Service Pack 3
4/17/2009 1:34:46 PM
mbam-log-2009-04-17 (13-34-46).txt
Scan type: Quick Scan
Objects scanned: 87841
Time elapsed: 12 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CMVideoPlugin (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rlinerul (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\CMVideoPlugin (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Pmicucowo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\govegomu.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaapjcgxmk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekagtstetej.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\caowmerxsn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\WINDOWS\ukofoceqozuz.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaqjnbgrkd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adobe Acrobat 9 Pro\groupmanager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekahrnvotkw.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekawykmpmdl.dat (Trojan.Agent) -> Quarantined and deleted successfully.

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 17th April 2009, 6:03 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 6:29 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2005 12:24:08 AM
System Uptime: 4/17/2009 1:40:06 PM (1 hours ago)
Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon(tm) 64 Processor 3200+ | U23 | 1994/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 93 GiB total, 13.56 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7300_Help
7300Trb
7400
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
AiO_Scan
AiOSoftware
Album Art Fixer
Apple Mobile Device Support
Apple Software Update
Ares 2.1.1
Ashampoo AudioCD Burner
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
Batch Update
Bible Data Type System Files
Bonjour
BufferChm
Clause Visualizer
Comcast Toolbar
Common System Files
Conexant AC-Link Audio
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
Crystal Report ActiveX Viewer
CueTour
Data Fax SoftModem with SmartCP
Destinations
Director
DivX
DNA
DocProc
DocumentViewer
Dragon NaturallySpeaking 10
ESET NOD32 Antivirus
ESPN RunTime
eyeQ
Fax
ffdshow [rev 1723] [2007-12-24]
FixTunes (remove only)
GalleryPlayer Images
Google Earth
Google Photos Screensaver
Google Updater
Google Video Player
GoToMeeting/GoToWebinar 3.0.0.198
Graphical Query Editor
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
HP Extended Capabilities 4.7
HP Help and Support
HP Image Zone 4.7
HP Image Zone Express
HP Pavillion zv6000 User Guides
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HP Wireless Assistant 1.01 A3
HPODiscovery
HpSdpAppCoreApp
HPSystemDiagnostics
ImageMixer VCD2
InstantShare
InterActual Player
InterVideo WinDVD
iTunes
Java(TM) 6 Update 13
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LLS Resource Driver
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech SetPoint
LS_HSI
Macromedia Flash Player
Mah Jong Tiles Deluxe
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office FrontPage 2003 Step by Step
Microsoft Office Live Meeting 2005
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 4.0 - SE
Octoshape add-in for Adobe Flash Player
OEB Resource Driver
OneStepSearch 1.0 build 210
overland
Palo Alto Software's Application Manager 8.2
PanoStandAlone
PCsync
PDF Download for Internet Explorer
PDF Resource Driver
PhotoGallery
Picasa 3
PixiePack Codec Pack
PrintScreen
ProductContext
QFolder
Quick Launch Buttons 5.10 B5
QuickProjects
QuickTime
RapidPlayer v5.0 ActiveX Control
Readme
RegCure 1.5.0.1
Remote Control USB Driver
ResidentServices
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SkinsHP1
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 8
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
torrents.to Toolbar
TrayApp
Tribler (remove only)
TVersity Codec Pack 1.2
TVersity Media Server 1.0.0.11 RC7
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
UserGuides
Visual C++ Runtime for Dragon NaturallySpeaking
Vuze Toolbar
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Easy Transfer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Service Pack 3
WinRAR archiver
WinZip
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Zone Deluxe Games
==== Event Viewer Messages From Past Week ========
4/16/2009 9:24:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde lzmic ViaIde
4/16/2009 8:46:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: lzmic
4/16/2009 6:33:56 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.
4/16/2009 6:33:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/16/2009 6:15:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/16/2009 6:00:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eabfiltr eeCtrl ehdrv Fips Processor
4/16/2009 6:00:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/14/2009 6:48:22 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/14/2009 5:48:22 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/14/2009 5:18:22 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/14/2009 5:03:22 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/13/2009 11:21:05 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
4/13/2009 10:14:51 AM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 0014A51D389A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/11/2009 6:21:29 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/11/2009 2:47:34 AM, error: Service Control Manager [7000] - The Vongo Service service failed to start due to the following error: The system cannot find the path specified.
4/11/2009 2:47:34 AM, error: Service Control Manager [7000] - The HP Pci Information service failed to start due to the following error: The system cannot find the path specified.
4/11/2009 2:25:32 AM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
4/11/2009 2:21:33 AM, error: Service Control Manager [7034] - The MBackMonitor service terminated unexpectedly. It has done this 1 time(s).
4/10/2009 8:57:46 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/10/2009 8:03:05 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
4/10/2009 7:04:18 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
4/10/2009 6:26:52 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Real-time Scanner service, but this action failed with the following error: An instance of the service is already running.
4/10/2009 6:25:55 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/10/2009 4:22:26 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/10/2009 2:09:15 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A0717E52-8AC8-4DD9-8682-0B76775125E6} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
==== End Of File ===========================

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 17th April 2009, 7:11 pm

Wrong log. LMBO or ROFL That's attach.txt, I need to see DDS.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 7:19 pm

Sorry about that!!!! said it was to big to send.......here is the first section:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 14:25:53.71 on Fri 04/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.229 [GMT -4:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JNZER9QD\Tribler_5.0[1].exe
C:\Program Files\AskBarDis\unins000.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\_iu14D2N.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: torrents.to Toolbar: {b7f907ee-0a1b-43b8-a611-b429a184ad6b} - c:\program files\torrents.to\tbtorr.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: torrents.to Toolbar: {b7f907ee-0a1b-43b8-a611-b429a184ad6b} - c:\program files\torrents.to\tbtorr.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: torrents.to Toolbar: {b7f907ee-0a1b-43b8-a611-b429a184ad6b} - c:\program files\torrents.to\tbtorr.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Nuance.ctfmngr] c:\program files\nuance\naturallyspeaking10\program\ctfmngr.exe /restore
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\program files\residentservices\ResidentServices.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Save Page As PDF ... - [You must be registered and logged in to see this link.] files\nitro pdf\pdf download\nitroweb.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
LSP: c:\windows\system32\mclsp.dll
Trusted Zone: alohaenterprise.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - [You must be registered and logged in to see this link.]
TCP: {93E347B4-72F5-4D22-A70B-91FD4CE9DBE3} = 68.87.68.162,68.87.74.162
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\yizodonu.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pq73lptv.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pq73lptv.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pq73lptv.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: XUL Cache: {9E021692-91E3-4F3E-B365-4026822B0729} - c:\documents and settings\owner\local settings\application data\{9E021692-91E3-4F3E-B365-4026822B0729}
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-3-24 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-3-24 234888]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2006-2-2 137344]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2006-2-2 12032]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
S0 lzmic;lzmic;c:\windows\system32\drivers\kopn.sys --> c:\windows\system32\drivers\kopn.sys [?]
S2 OneStepSrch Service;OneStepSrch Service; [x]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\owner\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\owner\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2006-2-24 69120]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007-8-8 23840]

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 7:20 pm

section 2:


=============== Created Last 30 ================
2009-04-17 14:19 --d----- c:\program files\Tribler
2009-04-17 13:17 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-17 13:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-17 13:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 13:17 -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 13:17 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-17 03:00 285 a------- c:\windows\system32\MRT.INI
2009-04-17 03:00 --d----- c:\windows\system32\MpEngineStore
2009-04-17 02:01 --d----- c:\program files\common files\NetDragon
2009-04-16 19:25 --d----- c:\documents and settings\owner\.SunDownloadManager
2009-04-16 19:20 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 19:20 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 19:20 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 19:20 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 19:20 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 19:20 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 19:20 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 19:20 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 19:20 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 19:20 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 19:18 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 19:18 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 19:18 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 19:15 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 18:45 -cd----- C:\Sun
2009-04-16 13:27 20,480 a------- c:\windows\system32\ak1.exe
2009-04-15 14:49 -cd----- C:\Acrobat Pro.exe
2009-04-11 02:37 --d----- c:\program files\ESET
2009-04-11 02:04 74 a------- c:\windows\st_affiliate.ini
2009-04-11 01:45 0 a------- c:\windows\Pcuvibug.bin
2009-04-11 01:45 158,208 a------- c:\windows\Xjiqazob.dat
2009-04-07 19:00 --d----- c:\program files\iPod
2009-04-07 19:00 -cd----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 18:33 --d----- c:\docume~1\owner\applic~1\McAfee
2009-04-07 18:27 --d----- c:\program files\FixTunes
2009-04-07 16:45 -cd----- c:\docume~1\alluse~1\applic~1\Citrix
2009-04-07 16:40 61,224 a------- c:\documents and settings\owner\GoToAssistDownloadHelper.exe
2009-04-03 22:07 --d----- c:\program files\iPod(2)
2009-04-03 22:07 -cd----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 17:59 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-25 17:59 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-25 17:33 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-25 17:28 --d----- c:\program files\Bonjour
2009-03-24 23:40 --dsh--- c:\documents and settings\owner\IECompatCache
2009-03-24 03:14 --d----- c:\program files\Adobe Acrobat 9 Pro
2009-03-24 00:12 --d----- c:\program files\AskBarDis
2009-03-24 00:12 --d----- c:\docume~1\owner\applic~1\Azureus
2009-03-24 00:12 --d----- c:\program files\Vuze
2009-03-24 00:09 --d----- c:\program files\Conduit
2009-03-24 00:09 --d----- c:\program files\torrents.to
2009-03-23 21:34 --d----- c:\docume~1\owner\applic~1\mjusbsp
2009-03-23 21:34 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-03-23 21:34 60,032 a------- c:\windows\system32\dllcache\usbaudio.sys
2009-03-22 23:56 1,086 a------- c:\windows\system32\tversity.cookies
2009-03-22 23:40 6,144 a------- c:\windows\system32\ff_acm.acm
2009-03-22 23:40 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-03-22 23:40 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-03-22 23:40 --d----- c:\program files\ffdshow
2009-03-22 23:34 --d----- c:\program files\TVersity Codec Pack
2009-03-22 23:14 --d----- c:\program files\TVersity
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 15:20 --d----- c:\program files\WOT
2009-03-19 15:18 --d----- c:\program files\Nitro PDF
2009-03-19 15:02 --dsh--- c:\documents and settings\owner\PrivacIE
2009-03-19 15:00 --dsh--- c:\documents and settings\owner\IETldCache
2009-03-19 14:58 --d----- c:\windows\ie8updates
2009-03-19 14:53 -cd-h--- c:\windows\ie8
2009-03-19 14:50 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-19 11:45 93,848 a------- c:\windows\system32\drivers\epfwtdir.sys
2009-03-19 11:44 107,256 a------- c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 113,960 a------- c:\windows\system32\drivers\eamon.sys
==================== Find3M ====================
2009-04-10 20:08 51,200 a--sh--- c:\windows\system32\yokanate.exe
2009-03-08 15:49 3,714 a------- c:\docume~1\owner\applic~1\SAS7_000.DAT
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 04:06 361,600 a------- c:\windows\system32\dllcache\TCPIP.SYS
2009-02-07 00:25 1,560 a------- c:\windows\checkip.dat
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-04 18:38 80,964 a---h--- c:\windows\system32\mlfcache.dat
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-01-22 19:51 56,912 a------- c:\documents and settings\owner\g2mdlhlpx.exe
2007-04-04 17:57 292 a---h--- c:\docume~1\owner\applic~1\wklnhst.dat
2007-01-10 20:17 560 a---h--- c:\docume~1\owner\applic~1\ViewerApp.dat
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-09-21 14:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat
============= FINISH: 14:27:06.79 ===============

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 17th April 2009, 7:27 pm

I see that you are running Ares.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Ares is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Ares 2.1.1
  • Torrents.to Toolbar
  • Vuze Toolbar

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    ASKUpgrade
    OneStepSrch Service
    pciinfo
    Boonty Games

    :files
    c:\windows\system32\ak1.exe
    C:\Acrobat Pro.exe
    c:\windows\Xjiqazob.dat
    c:\windows\Pcuvibug.bin
    c:\program files\AskBarDis
    c:\docume~1\owner\applic~1\Azureus
    c:\program files\Vuze
    c:\program files\torrents.to
    c:\windows\system32\yokanate.exe

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 17th April 2009, 7:56 pm

taking the wife out to dinner; will work on this tomorrow.

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 18th April 2009, 7:14 am

GooredFix v1.92 by jpshortstuff
Log created at 03:13 on 18/04/2009 running Option #2 (Owner)
Firefox version 3.0.8 (en-US)
=====Goored Deletions=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{9E021692-91E3-4F3E-B365-4026822B0729}"="C:\Documents and Settings\Owner\Local Settings\Application Data\{9E021692-91E3-4F3E-B365-4026822B0729}"
->Backing up value... Done.
->Deleting value... Done.
C:\Documents and Settings\Owner\Local Settings\Application Data\{9E021692-91E3-4F3E-B365-4026822B0729}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{9B64D64B-3C8F-4D05-A0A0-173DB8C2A0AC}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[You must be registered and logged in to see this link.]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3112ca9c-de6d-4884-a869-9855de68056c}"="C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}"

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 18th April 2009, 7:16 am

do I need to uninstall each of these tools after running them to free up space on my hdd?

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 18th April 2009, 7:20 am

========== SERVICES/DRIVERS ==========
Service\Driver ASKUpgrade not found.
Service\Driver ASKUpgrade not found.
Service\Driver ASKUpgrade not found.
Service\Driver OneStepSrch Service deleted successfully.
Service\Driver ASKUpgrade not found.
Service\Driver pciinfo deleted successfully.
Service\Driver ASKUpgrade not found.
Service\Driver Boonty Games deleted successfully.
========== FILES ==========
c:\windows\system32\ak1.exe moved successfully.
C:\Acrobat Pro.exe moved successfully.
c:\windows\Xjiqazob.dat moved successfully.
c:\windows\Pcuvibug.bin moved successfully.
File/Folder c:\program files\AskBarDis not found.
File/Folder c:\docume~1\owner\applic~1\Azureus not found.
File/Folder c:\program files\Vuze not found.
File/Folder c:\program files\torrents.to not found.
c:\windows\system32\yokanate.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_031829

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 18th April 2009, 1:47 pm

Oksy, post a new DDS log now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 18th April 2009, 11:00 pm

Here ya go!!!

Part 1:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:57:55.35 on Sat 04/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.244 [GMT -4:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Nuance.ctfmngr] c:\program files\nuance\naturallyspeaking10\program\ctfmngr.exe /restore
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\program files\residentservices\ResidentServices.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Save Page As PDF ... - [You must be registered and logged in to see this link.] files\nitro pdf\pdf download\nitroweb.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
LSP: c:\windows\system32\mclsp.dll
Trusted Zone: alohaenterprise.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - [You must be registered and logged in to see this link.]
TCP: {93E347B4-72F5-4D22-A70B-91FD4CE9DBE3} = 68.87.68.162,68.87.74.162
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pq73lptv.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pq73lptv.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pq73lptv.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 18th April 2009, 11:00 pm

Part 2:

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2006-2-2 137344]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2006-2-2 12032]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
S0 lzmic;lzmic;c:\windows\system32\drivers\kopn.sys --> c:\windows\system32\drivers\kopn.sys [?]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007-8-8 23840]

=============== Created Last 30 ================

2009-04-18 03:18 -cd----- C:\_OTMoveIt
2009-04-18 01:25 10 a------- c:\windows\WININIT.INI
2009-04-17 13:17 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-17 13:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-17 13:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 13:17 -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 13:17 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-17 03:00 285 a------- c:\windows\system32\MRT.INI
2009-04-17 03:00 --d----- c:\windows\system32\MpEngineStore
2009-04-17 02:01 --d----- c:\program files\common files\NetDragon
2009-04-16 19:25 --d----- c:\documents and settings\owner\.SunDownloadManager
2009-04-16 19:20 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 19:20 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 19:20 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 19:20 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 19:20 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 19:20 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 19:20 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 19:20 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 19:20 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 19:20 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 19:18 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 19:18 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 19:18 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 19:15 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 18:45 -cd----- C:\Sun
2009-04-11 02:37 --d----- c:\program files\ESET
2009-04-11 02:04 74 a------- c:\windows\st_affiliate.ini
2009-04-07 19:00 --d----- c:\program files\iPod
2009-04-07 19:00 -cd----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 18:27 --d----- c:\program files\FixTunes
2009-04-07 16:45 -cd----- c:\docume~1\alluse~1\applic~1\Citrix
2009-04-03 22:07 -cd----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 17:59 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-25 17:59 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-25 17:28 --d----- c:\program files\Bonjour
2009-03-24 23:40 --dsh--- c:\documents and settings\owner\IECompatCache
2009-03-24 03:14 --d----- c:\program files\Adobe Acrobat 9 Pro
2009-03-23 21:34 --d----- c:\docume~1\owner\applic~1\mjusbsp
2009-03-23 21:34 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-03-23 21:34 60,032 a------- c:\windows\system32\dllcache\usbaudio.sys
2009-03-22 23:56 1,086 a------- c:\windows\system32\tversity.cookies
2009-03-22 23:34 --d----- c:\program files\TVersity Codec Pack
2009-03-22 23:14 --d----- c:\program files\TVersity
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-18 01:44 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-19 11:45 93,848 a------- c:\windows\system32\drivers\epfwtdir.sys
2009-03-19 11:44 107,256 a------- c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 113,960 a------- c:\windows\system32\drivers\eamon.sys
2009-03-08 15:49 3,714 a------- c:\docume~1\owner\applic~1\SAS7_000.DAT
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-28 00:55 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 04:06 361,600 a------- c:\windows\system32\dllcache\TCPIP.SYS
2009-02-07 00:25 1,560 a------- c:\windows\checkip.dat
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-04 18:38 80,964 a---h--- c:\windows\system32\mlfcache.dat
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-01-22 19:51 56,912 a------- c:\documents and settings\owner\g2mdlhlpx.exe
2007-04-04 17:57 292 a---h--- c:\docume~1\owner\applic~1\wklnhst.dat
2007-01-10 20:17 560 a---h--- c:\docume~1\owner\applic~1\ViewerApp.dat
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-09-21 14:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

============= FINISH: 18:58:46.98 ===============

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 18th April 2009, 11:38 pm

Hello.
Looks okay, one last driver to kill off. Run this next OTMoveIt script.


  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :servics
    lzmic


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 19th April 2009, 4:57 am

Error: Unable to interpret <:servics> in the current context!
Error: Unable to interpret in the current context!

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04192009_005501


This is all I get when pasting the above mentioned text and clicking on move it.

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 19th April 2009, 2:10 pm

Darn my typing, spelt services wrong. LMBO or ROFL

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 19th April 2009, 7:48 pm

Much faster now, and ESET has been doing a great job of detecting and deleting anything that tries to attack the pc. Thx for all your help!

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 19th April 2009, 8:09 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 19th April 2009, 8:43 pm

System Restore has been turned off during this process.....I just re-enabled it and Automatic updates is also enabled....I am also familiar with Ad Aware SE as well.

I do have firefox installed, but I keep Internet Explorer on because you can't install updates from microsoft from FireFox; unless you know of an add-on that mozilla has. All of this started with my ISP...they offered "free McAfee" on the browser and it was the one that allowed all of the infections in.

I had a license for ESET NOD32 that is good until September and I removed McAfee and installed ESET. Nephew installed all the p2p software on the pc.

I do have movies and music that I stream to my pc from tv versity, but would like to find an appropriate site to purchase and download music, movies, and videos without using torrent sites which I know are now security risks and ILLEGAL!!! Any suggestions other than I tunes?

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by Belahzur on 19th April 2009, 8:50 pm

There is no safe way to download via P2P, Limewire or other P2P are bound to have infections on them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32 Agent ODG Trojan Virus

Post by kmbutts on 19th April 2009, 9:10 pm

I have just downloaded Spyware Doctor and Full version of Ad Aware Pro since this pc is also used for business, it is a tax write off. Any others you think I need? Will any of these conflict with ESET NOD32?

kmbutts
Novice
Novice

Posts Posts : 30
Joined Joined : 2009-04-16
OS OS : XP
Points Points : 27992
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum