Jump to content

rundll

tivia

By tivia
in Resolved Malware Removal Logs

 Share

Recommended Posts

tivia

tivia

Posted
Posted

when i start up pc, my antivir guard showing TR/agent2 otor trojan. i deny access, that goes away. then i get rundll error loading c:\windows\dmsimg.dll the specified module could not be found, i have run by antivir guard and malwarebytes. but i know they will not solve this problem, any ideas would be most help full

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello tivia! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

In short, this means that your system is infected.

Please follow these instructions and post all logs if you can:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites
tivia

tivia

Posted
  • Author
Posted

www.malwarebytes.org

Database version: 4397

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

06/08/2010 11:12:25

mbam-log-2010-08-06 (11-12-25).txt

Scan type: Quick scan

Objects scanned: 198065

Time elapsed: 31 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
tivia

tivia

Posted
  • Author
Posted

Avira AntiVir Personal

Report file date: 06 August 2010 12:01

Scanning for 2682432 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : YAROM

Version information:

BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/20/2009 08:54:45

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 08:54:41

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 08:54:41

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:01:47

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 17:41:01

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 22:47:43

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:02:58

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 13:26:36

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 13:08:03

VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 13:08:03

VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 13:08:03

VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 13:08:03

VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 13:08:03

VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 13:08:03

VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 06:29:04

VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 08:31:21

VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 15:00:31

VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 19:02:49

VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 11:00:20

VBASE018.VDF : 7.10.10.85 1536 Bytes 8/6/2010 11:00:21

VBASE019.VDF : 7.10.10.86 1536 Bytes 8/6/2010 11:00:21

VBASE020.VDF : 7.10.10.87 1536 Bytes 8/6/2010 11:00:21

VBASE021.VDF : 7.10.10.88 1536 Bytes 8/6/2010 11:00:21

VBASE022.VDF : 7.10.10.89 1536 Bytes 8/6/2010 11:00:21

VBASE023.VDF : 7.10.10.90 1536 Bytes 8/6/2010 11:00:21

VBASE024.VDF : 7.10.10.91 1536 Bytes 8/6/2010 11:00:21

VBASE025.VDF : 7.10.10.92 1536 Bytes 8/6/2010 11:00:21

VBASE026.VDF : 7.10.10.93 1536 Bytes 8/6/2010 11:00:21

VBASE027.VDF : 7.10.10.94 1536 Bytes 8/6/2010 11:00:22

VBASE028.VDF : 7.10.10.95 1536 Bytes 8/6/2010 11:00:22

VBASE029.VDF : 7.10.10.96 1536 Bytes 8/6/2010 11:00:22

VBASE030.VDF : 7.10.10.97 1536 Bytes 8/6/2010 11:00:22

VBASE031.VDF : 7.10.10.99 9728 Bytes 8/6/2010 11:00:22

Engineversion : 8.2.4.32

AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 08:31:37

AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 7/30/2010 08:31:36

AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 06:22:52

AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 09:25:46

AERDL.DLL : 8.1.8.2 614772 Bytes 7/20/2010 15:01:47

AEPACK.DLL : 8.2.3.3 471414 Bytes 7/30/2010 08:31:34

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/21/2010 17:09:49

AEHEUR.DLL : 8.1.2.10 2830711 Bytes 7/30/2010 08:31:32

AEHELP.DLL : 8.1.13.2 242039 Bytes 7/20/2010 15:00:35

AEGEN.DLL : 8.1.3.18 393589 Bytes 7/30/2010 08:31:27

AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 09:25:43

AECORE.DLL : 8.1.16.2 192887 Bytes 7/20/2010 15:00:23

AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 09:25:42

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 9/8/2009 20:33:01

AVREP.DLL : 8.0.0.7 159784 Bytes 2/17/2010 18:24:30

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 4/28/2009 07:39:53

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/10/2009 06:06:59

RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/20/2009 08:54:37

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: 06 August 2010 12:01

Starting search for hidden objects.

'86671' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'wltuser.exe' - '1' Module(s) have been scanned

Scan process 'SCServer.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'ycommon.exe' - '1' Module(s) have been scanned

Scan process 'hposts08.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned

Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned

Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'BTHelpNotifier.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned

Scan process 'realplay.exe' - '1' Module(s) have been scanned

Scan process 'QTTask.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'soundman.exe' - '1' Module(s) have been scanned

Scan process 'CLSched.exe' - '1' Module(s) have been scanned

Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'SeaPort.exe' - '1' Module(s) have been scanned

Scan process 'McciCMService.exe' - '1' Module(s) have been scanned

Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned

Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned

Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

59 processes with 59 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '70' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\MORAY\Application Data\Nius\effao.exe

[DETECTION] Is the TR/Spy.99840.100 Trojan

C:\Documents and Settings\MORAY\Local Settings\Temporary Internet Files\Content.IE5\COUKRY72\107abecb5edfc9ae958277ee420b429028973012711[1].js

[DETECTION] Contains recognition pattern of the JS/FakeAlert.B Java script virus

C:\System Volume Information\_restore{1E827FEA-C1CA-4779-8180-5FD4C976D44A}\RP327\A0058883.exe

[DETECTION] Is the TR/Agent2.ctqc Trojan

C:\System Volume Information\_restore{1E827FEA-C1CA-4779-8180-5FD4C976D44A}\RP333\A0060593.exe

[DETECTION] Is the TR/Agent2.ctor Trojan

Beginning disinfection:

C:\Documents and Settings\MORAY\Application Data\Nius\effao.exe

[DETECTION] Is the TR/Spy.99840.100 Trojan

[NOTE] The file was moved to '4cc1fcfb.qua'!

C:\Documents and Settings\MORAY\Local Settings\Temporary Internet Files\Content.IE5\COUKRY72\107abecb5edfc9ae958277ee420b429028973012711[1].js

[DETECTION] Contains recognition pattern of the JS/FakeAlert.B Java script virus

[NOTE] The file was moved to '4c92fcc6.qua'!

C:\System Volume Information\_restore{1E827FEA-C1CA-4779-8180-5FD4C976D44A}\RP327\A0058883.exe

[DETECTION] Is the TR/Agent2.ctqc Trojan

[NOTE] The file was moved to '4c8bfcc6.qua'!

C:\System Volume Information\_restore{1E827FEA-C1CA-4779-8180-5FD4C976D44A}\RP333\A0060593.exe

[DETECTION] Is the TR/Agent2.ctor Trojan

[NOTE] The file was moved to '4d572c97.qua'!

End of the scan: 06 August 2010 13:14

Used time: 1:07:49 Hour(s)

The scan has been done completely.

11126 Scanned directories

256216 Files were scanned

4 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

4 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

256210 Files not concerned

6923 Archives were scanned

2 Warnings

6 Notes

86671 Objects were scanned with rootkit scan

0 Hidden objects were found

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.