Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

slowly working xp tr/agent.mup.616 and tr/spy.409088.1

This is a discussion on slowly working xp tr/agent.mup.616 and tr/spy.409088.1 within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Good morning, Sorry for my bad english. I'm wondering if you can help me. Working on a PC windows xp

Thread Tools Search this Thread
Old 11-22-2009, 11:51 PM   #1
Registered Member
Join Date: Nov 2009
Posts: 1
OS: windows xp sp3

Good morning,
Sorry for my bad english. I'm wondering if you can help me. Working on a PC windows xp sp3 based, it is becoming very slow doing any kind of task. Initially protected with AVG, I tried with Avira and it constantly display 2 messages finding tr/agent.mup.616 and tr/spy.409088.1. I'm not able to delete this trojans or whatever they are. I don't know if there are any other problems. Please be kind to help me.

Here is the dds text:

DDS (Ver_09-10-26.01) - NTFSx86
Run by papa at 22:24:17,76 on 22/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1023.591 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\papa\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg8\avgssie.dll
BHO: MessengerUpdate Class: {5948a52a-ba3a-49a8-bcaf-d578502bda9d} - c:\documents and settings\papa\datos de programa\messenger\drivers\MsgUpdate.dll
BHO: gooochi browser enhancer: {8c3f217d-5f71-5789-ddd8-9e6a5a589060} - c:\windows\system32\lfvudqpbnfpfzk.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [OM_Monitor] c:\archivos de programa\olympus\olympus master\Monitor.exe -NoStart
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\archivos de programa\archivos comunes\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IgfxSys] rundll32.exe "c:\documents and settings\papa\datos de programa\messenger\drivers\IgfxSys.dll",StartProtector
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [OM_Monitor] c:\archivos de programa\olympus\olympus master\FirstStart.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\archivos de programa\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [uoqzkfbcpdddd] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\lfvudqpbnfpfzk.dll"
mRun: [avgnt] "c:\archivos de programa\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\hpdigi~1.lnk - c:\archivos de programa\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\micros~1.lnk - c:\archivos de programa\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
Trusted Zone: catsalut.net\ar01
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224320091038
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {FCFE2508-8E61-4D01-8F76-D7CF647562B7} =,
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\archivos de programa\archivos comunes\microsoft shared\web folders\PKMCDO.DLL
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\avira\antivir desktop\sched.exe [2009-11-22 108289]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\archivos de programa\nos\bin\getPlus_HelperSvc.exe [2008-10-19 33752]

=============== Created Last 30 ================

2009-11-22 17:21:31 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-22 17:21:07 0 d-----w- c:\docume~1\alluse~1\datosd~1\Avira
2009-11-22 17:21:07 0 d-----w- c:\archivos de programa\Avira
2009-11-19 11:18:27 48277 ----a-w- c:\windows\system32\zdlarbzvizzn.exe
2009-11-15 19:23:27 0 d-----w- c:\docume~1\papa\datosd~1\Smart-Ads-Solutions
2009-11-15 19:23:19 0 d-----w- c:\docume~1\papa\datosd~1\Messenger
2009-11-15 19:23:18 0 d-----w- c:\archivos de programa\Smart-Ads-Solutions
2009-11-15 19:17:25 0 d-----w- c:\archivos de programa\Free Audio Pack
2009-11-09 17:55:20 0 d-----w- c:\archivos de programa\archivos comunes\HP
2009-11-09 17:51:38 0 d-----w- c:\archivos de programa\archivos comunes\Hewlett-Packard
2009-11-09 17:50:42 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-09 17:50:40 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-09 17:50:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-11-09 17:50:04 48128 ----a-w- c:\windows\system32\hpzll054.dll
2009-11-09 17:49:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-09 17:49:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-09 17:48:47 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-11-09 17:48:47 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-11-09 17:48:47 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-11-09 17:48:46 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-11-09 17:48:46 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-11-09 17:48:46 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-11-09 17:46:56 0 d-----w- c:\archivos de programa\HP
2009-11-09 17:42:58 128796 ----a-w- c:\windows\hpoins11.dat
2009-11-09 17:39:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-09 17:39:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-02 14:29:31 134 ----a-w- c:\documents and settings\papa\neoteris_write_4067003.reg
2009-11-01 18:50:25 0 d-----w- c:\docume~1\papa\datosd~1\Spotify
2009-11-01 18:50:14 0 d-----w- c:\archivos de programa\Spotify

==================== Find3M ====================

2009-11-18 20:07:24 395776 ----a-w- c:\windows\system32\lfvudqpbnfpfzk.dll
2009-10-25 07:32:44 68818 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-25 07:32:44 439754 ----a-w- c:\windows\system32\perfh00A.dat
2009-09-11 14:18:29 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04:33 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01:17 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 22:24:51,69 ===============
Attached Files
File Type: zip ark.zip (3.9 KB, 14 views)
vmontane is offline  
Sponsored Links
Old 11-24-2009, 02:10 PM   #2
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
tetonbob's Avatar
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,189
OS: XP Pro; XP Home; Win7 x86 & x64

Hello, vmontane and Welcome to TSF. Your English is just fine.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.


Please visit this webpage for download links, and instructions for running combofix:


Please be sure to allow ComboFix to install Windows Recovery Console as part of it's routine.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-30-2009, 10:52 AM   #3
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
tetonbob's Avatar
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,189
OS: XP Pro; XP Home; Win7 x86 & x64

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ

All times are GMT -7. The time now is 12:33 PM.

vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Copyright 2001 - 2015, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts


Partially Powered By Products Found At Lampwrights.com