R2D2B9
Posts: 64 +0
McAfee gives an error:
"The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll"
Computer constantly redirects or opens pop-ups during web browsing.
Log files posted below:
-----------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.11.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Owner :: YOUR-D0F670B45A [administrator]
4/11/2012 5:16:55 PM
mbam-log-2012-04-11 (17-16-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216501
Time elapsed: 39 minute(s), 20 second(s)
Memory Processes Detected: 1
C:\WINDOWS\system32\0uN0drVDp.com (Backdoor.Agent.H) -> 1964 -> Delete on reboot.
Memory Modules Detected: 1
C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Delete on reboot.
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Krypt) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 18
C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Delete on reboot.
C:\WINDOWS\system32\0uN0drVDp.com_ (Backdoor.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\0uN0drVDp.com (Backdoor.Agent.H) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\sghj0.6884074251720731.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.01720785359643806.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.1432090184478646.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.34209091113649404.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.382014815493416.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.40010392119493454.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.5235407241632137.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.7574299220759129.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.7885395720864793.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.8548748101895046.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki2406.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dpqpws\setup.exe (Trojan.Krypt) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ggndao\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\Security Updates.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jika0.7963916282801337.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
(end)
--------------------------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-11 18:19:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD1600JS-60NCB1 rev.10.02E02
Running: kpu00bdf.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\uflcraoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF20BF6C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF20BF91C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEE3138B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEE313B5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEE31375]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEE313CB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEE3139F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
"The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll"
Computer constantly redirects or opens pop-ups during web browsing.
Log files posted below:
-----------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.11.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Owner :: YOUR-D0F670B45A [administrator]
4/11/2012 5:16:55 PM
mbam-log-2012-04-11 (17-16-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216501
Time elapsed: 39 minute(s), 20 second(s)
Memory Processes Detected: 1
C:\WINDOWS\system32\0uN0drVDp.com (Backdoor.Agent.H) -> 1964 -> Delete on reboot.
Memory Modules Detected: 1
C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Delete on reboot.
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Krypt) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 18
C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Delete on reboot.
C:\WINDOWS\system32\0uN0drVDp.com_ (Backdoor.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\0uN0drVDp.com (Backdoor.Agent.H) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\sghj0.6884074251720731.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.01720785359643806.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.1432090184478646.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.34209091113649404.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.382014815493416.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.40010392119493454.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.5235407241632137.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.7574299220759129.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.7885395720864793.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.8548748101895046.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki2406.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dpqpws\setup.exe (Trojan.Krypt) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ggndao\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\Security Updates.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jika0.7963916282801337.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
(end)
--------------------------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-11 18:19:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD1600JS-60NCB1 rev.10.02E02
Running: kpu00bdf.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\uflcraoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF20BF6C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF20BF91C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEE3138B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEE313B5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEE31375]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEE313CB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEE3139F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----