Tech Support Forum banner
Cancel

slowly working xp tr/agent.mup.616 and tr/spy.409088.1

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
V

· Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Good morning,
Sorry for my bad english. I'm wondering if you can help me. Working on a PC windows xp sp3 based, it is becoming very slow doing any kind of task. Initially protected with AVG, I tried with Avira and it constantly display 2 messages finding tr/agent.mup.616 and tr/spy.409088.1. I'm not able to delete this trojans or whatever they are. I don't know if there are any other problems. Please be kind to help me.

Here is the dds text:

DDS (Ver_09-10-26.01) - NTFSx86
Run by papa at 22:24:17,76 on 22/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1023.591 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\papa\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg8\avgssie.dll
BHO: MessengerUpdate Class: {5948a52a-ba3a-49a8-bcaf-d578502bda9d} - c:\documents and settings\papa\datos de programa\messenger\drivers\MsgUpdate.dll
BHO: gooochi browser enhancer: {8c3f217d-5f71-5789-ddd8-9e6a5a589060} - c:\windows\system32\lfvudqpbnfpfzk.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [OM_Monitor] c:\archivos de programa\olympus\olympus master\Monitor.exe -NoStart
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\archivos de programa\archivos comunes\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IgfxSys] rundll32.exe "c:\documents and settings\papa\datos de programa\messenger\drivers\IgfxSys.dll",StartProtector
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [OM_Monitor] c:\archivos de programa\olympus\olympus master\FirstStart.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\archivos de programa\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [uoqzkfbcpdddd] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\lfvudqpbnfpfzk.dll"
mRun: [avgnt] "c:\archivos de programa\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\hpdigi~1.lnk - c:\archivos de programa\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\micros~1.lnk - c:\archivos de programa\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
Trusted Zone: catsalut.net\ar01
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224320091038
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {FCFE2508-8E61-4D01-8F76-D7CF647562B7} = 80.58.61.250,80.58.61.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\archivos de programa\archivos comunes\microsoft shared\web folders\PKMCDO.DLL
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\avira\antivir desktop\sched.exe [2009-11-22 108289]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\archivos de programa\nos\bin\getPlus_HelperSvc.exe [2008-10-19 33752]

=============== Created Last 30 ================

2009-11-22 17:21:31 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-22 17:21:07 0 d-----w- c:\docume~1\alluse~1\datosd~1\Avira
2009-11-22 17:21:07 0 d-----w- c:\archivos de programa\Avira
2009-11-19 11:18:27 48277 ----a-w- c:\windows\system32\zdlarbzvizzn.exe
2009-11-15 19:23:27 0 d-----w- c:\docume~1\papa\datosd~1\Smart-Ads-Solutions
2009-11-15 19:23:19 0 d-----w- c:\docume~1\papa\datosd~1\Messenger
2009-11-15 19:23:18 0 d-----w- c:\archivos de programa\Smart-Ads-Solutions
2009-11-15 19:17:25 0 d-----w- c:\archivos de programa\Free Audio Pack
2009-11-09 17:55:20 0 d-----w- c:\archivos de programa\archivos comunes\HP
2009-11-09 17:51:38 0 d-----w- c:\archivos de programa\archivos comunes\Hewlett-Packard
2009-11-09 17:50:42 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-09 17:50:40 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-09 17:50:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-11-09 17:50:04 48128 ----a-w- c:\windows\system32\hpzll054.dll
2009-11-09 17:49:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-09 17:49:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-09 17:48:47 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-11-09 17:48:47 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-11-09 17:48:47 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-11-09 17:48:46 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-11-09 17:48:46 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-11-09 17:48:46 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-11-09 17:46:56 0 d-----w- c:\archivos de programa\HP
2009-11-09 17:42:58 128796 ----a-w- c:\windows\hpoins11.dat
2009-11-09 17:39:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-09 17:39:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-02 14:29:31 134 ----a-w- c:\documents and settings\papa\neoteris_write_4067003.reg
2009-11-01 18:50:25 0 d-----w- c:\docume~1\papa\datosd~1\Spotify
2009-11-01 18:50:14 0 d-----w- c:\archivos de programa\Spotify

==================== Find3M ====================

2009-11-18 20:07:24 395776 ----a-w- c:\windows\system32\lfvudqpbnfpfzk.dll
2009-10-25 07:32:44 68818 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-25 07:32:44 439754 ----a-w- c:\windows\system32\perfh00A.dat
2009-09-11 14:18:29 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04:33 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01:17 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 22:24:51,69 ===============
 

Attachments

tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#2 ·
Hello, vmontane and Welcome to TSF. Your English is just fine.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please be sure to allow ComboFix to install Windows Recovery Console as part of it's routine.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.
 
tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#3 ·
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
tetonbob
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top