Jump to content

tfindley604

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I've attached the 2 scans. Thanks Tina OTL2.Txt Extras2.Txt
  2. Here's the new DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by Parent at 11:59:33.59 on Thu 12/30/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1283 [GMT -5:00] AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Parent\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.k12.com/ uDefault_Page_URL = hxxp://www.k12.com uInternet Connection Wizard,ShellNext = iexplore mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100812101007.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Vmuruwesebe] rundll32.exe "c:\windows\ofspldsp.dll",Startup uRun: [126453] c:\docume~1\parent\locals~1\temp\126453.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Mzoli] rundll32.exe "c:\windows\upeqeruzonahuko.dll",Startup IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-6-18 184888] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 214664] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2002-12-31 44800] S2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2010-8-10 14144] S2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2010-8-10 144704] S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-8-10 282824] S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 79816] S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 35272] S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-8-10 34248] S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] =============== Created Last 30 ================ 2010-12-29 22:30:58 -------- d-----w- c:\docume~1\parent\applic~1\Malwarebytes 2010-12-29 22:30:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-29 22:30:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-12-29 22:30:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-29 22:30:48 -------- d-----w- C:\me 2010-12-29 22:27:16 -------- d-----w- c:\windows\system32\Lang 2010-12-29 21:47:34 -------- d-----w- c:\program files\julie 2010-12-29 21:44:45 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\good 2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\bad 2010-12-29 17:42:17 -------- d-----w- c:\windows\system32\appmgmt 2010-12-27 19:19:51 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-18 02:33:00 350208 ----a-w- c:\windows\system32\mssph.dll 2010-12-18 02:32:12 -------- d-----w- c:\docume~1\parent\locals~1\applic~1\ApplicationHistory 2010-12-18 02:26:57 -------- d-----w- c:\program files\Microsoft 2010-12-18 02:24:31 -------- d-----w- c:\program files\common files\Windows Live 2010-12-18 02:23:10 -------- d-----w- c:\program files\Windows Desktop Search 2010-12-18 02:22:05 -------- d-----w- c:\windows\system32\URTTEMP 2010-12-11 21:33:24 0 ----a-w- c:\windows\Byizilawetidalu.bin 2010-12-11 19:02:45 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2010-12-11 19:02:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2010-12-11 19:02:44 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2010-12-11 19:02:44 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2010-12-11 19:02:43 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe 2010-12-11 19:01:17 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2010-12-11 19:01:17 465920 -c--a-w- c:\windows\system32\dllcache\imapi2fs.dll 2010-12-11 19:01:17 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-12-11 19:01:17 317952 -c--a-w- c:\windows\system32\dllcache\imapi2.dll 2010-12-11 19:01:17 317952 ------w- c:\windows\system32\imapi2.dll 2010-12-05 17:04:28 -------- d-----w- c:\program files\Windows Media Connect 2 ==================== Find3M ==================== 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 11:59:54.03 ===============
  3. As my computer starts up .. I get two error messages error loading c:\windows\ofspldsp.dll error loading c:\upeqeruzonahuko.dll Here was the report afterwards ... it cured something win32? Thanks Tina 2010/12/30 10:17:20.0875 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/30 10:17:20.0875 ================================================================================ 2010/12/30 10:17:20.0875 SystemInfo: 2010/12/30 10:17:20.0875 2010/12/30 10:17:20.0875 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/30 10:17:20.0875 Product type: Workstation 2010/12/30 10:17:20.0875 ComputerName: K12-6000A467406 2010/12/30 10:17:20.0875 UserName: Parent 2010/12/30 10:17:20.0875 Windows directory: C:\WINDOWS 2010/12/30 10:17:20.0875 System windows directory: C:\WINDOWS 2010/12/30 10:17:20.0875 Processor architecture: Intel x86 2010/12/30 10:17:20.0875 Number of processors: 1 2010/12/30 10:17:20.0875 Page size: 0x1000 2010/12/30 10:17:20.0875 Boot type: Normal boot 2010/12/30 10:17:20.0875 ================================================================================ 2010/12/30 10:17:21.0078 Initialize success
  4. Sorry about that .. Is this what you are looking for (see attached)??? Thank you ahead of time for working this out with me! We homeschool our kids and use the internet a lot; it's been a pain not being able to use it! Thanks again Tina
  5. DDS (Ver_10-12-12.02) - NTFSx86 Run by Parent at 17:36:23.42 on Wed 12/29/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1202 [GMT -5:00] AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\McAfee\Managed VirusScan\Agent\UpdDlg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\2WXM6F2K\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.k12.com/ uDefault_Page_URL = hxxp://www.k12.com uInternet Connection Wizard,ShellNext = iexplore mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100812101007.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Vmuruwesebe] rundll32.exe "c:\windows\ofspldsp.dll",Startup uRun: [126453] c:\docume~1\parent\locals~1\temp\126453.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Mzoli] rundll32.exe "c:\windows\upeqeruzonahuko.dll",Startup mRunOnce: [Malwarebytes' Anti-Malware] c:\me\mbamgui.exe /install /silent IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-6-18 184888] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 214664] R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2010-8-10 14144] R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2010-8-10 144704] R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-8-10 282824] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2002-12-31 44800] R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 79816] R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 35272] S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-8-10 34248] S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] =============== Created Last 30 ================ 2010-12-29 22:30:58 -------- d-----w- c:\docume~1\parent\applic~1\Malwarebytes 2010-12-29 22:30:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-29 22:30:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-12-29 22:30:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-29 22:30:48 -------- d-----w- C:\me 2010-12-29 22:27:16 -------- d-----w- c:\windows\system32\Lang 2010-12-29 21:47:38 -------- d-----w- c:\program files\Kodak 2010-12-29 21:47:34 -------- d-----w- c:\program files\julie 2010-12-29 21:44:45 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\good 2010-12-29 18:01:15 -------- d-----w- c:\windows\system32\wbem\mof\bad 2010-12-29 17:42:17 -------- d-----w- c:\windows\system32\appmgmt 2010-12-27 19:19:51 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-18 02:33:00 350208 ----a-w- c:\windows\system32\mssph.dll 2010-12-18 02:32:12 -------- d-----w- c:\docume~1\parent\locals~1\applic~1\ApplicationHistory 2010-12-18 02:26:57 -------- d-----w- c:\program files\Microsoft 2010-12-18 02:24:31 -------- d-----w- c:\program files\common files\Windows Live 2010-12-18 02:23:10 -------- d-----w- c:\program files\Windows Desktop Search 2010-12-18 02:22:05 -------- d-----w- c:\windows\system32\URTTEMP 2010-12-11 21:33:24 0 ----a-w- c:\windows\Byizilawetidalu.bin 2010-12-11 19:02:45 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2010-12-11 19:02:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2010-12-11 19:02:44 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2010-12-11 19:02:44 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2010-12-11 19:02:43 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe 2010-12-11 19:01:17 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2010-12-11 19:01:17 465920 -c--a-w- c:\windows\system32\dllcache\imapi2fs.dll 2010-12-11 19:01:17 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-12-11 19:01:17 317952 -c--a-w- c:\windows\system32\dllcache\imapi2.dll 2010-12-11 19:01:17 317952 ------w- c:\windows\system32\imapi2.dll 2010-12-05 17:04:28 -------- d-----w- c:\program files\Windows Media Connect 2 ==================== Find3M ==================== 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_____ rev.03.0 -> Harddisk0\DR0 -> \Device\Scsi\ahcix861 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89CE1555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ce77b0]; MOV EAX, [0x89ce782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A5848C8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89CC8118] \Driver\ahcix86[0x8A5C33E8] -> IRP_MJ_CREATE -> 0x89CE1555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Scsi\ahcix861Port0Path0Target0Lun0 -> \??\SCSI#Disk&Ven_WDC&Prod_WD1600AAJS-60Z0A&Rev_03.0#4&13a82458&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 17:37:44.57 =============== ark.zip Mine2.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.