Jump to content

Virus/Malware Closes MB in mid scan


dsxdawn

Recommended Posts

Attached dds.txt and attach.txt [Done in safe mode on the admin account]

Hello MalwareByte Forums!~

I desperately need your assistance today.

I've been struggling with this issue for a few days already and it even bested my friends :(

Any assistance would be greatly appreciated! :unsure:

Details/Symptoms :

- I'm using Windows Xp service pack 3, Home Edition if that matters

- this particular virus/malware strips my power of opening things when it feels threaten or I'm on to it. ["Windows can not access this specific file. You may not have permission to access this file."]

- non stop redirects and pop ups while surfing web

- closes any anti-virus program [MalwareBytes/KasperSky/Regcure] as soon as i start a scan [*Won't let me scan using GMER Rootkit Scanner. So no ark.txt available.]

- svchost.exe is off the charts [ 500k~800k ++ of mem usage when i'm jut sitting there]

- a hidden log file named wodzifjky appears on the desktop as a hidden file and contains all my user-names/passwords [ it reappears despite the number of times i delete it.]

Dds.txt

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Administrator at 17:30:28 on 2011-09-22

Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1534.1217 [GMT -7:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\1616094398:1096527007.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

C:\WINDOWS\system32\conime.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/postinstall/win/en

mURLSearchHooks: H - No File

BHO: {003b40a9-33bf-40df-af36-7d0ffc58c692} - c:\windows\system32\wscui32.dll

BHO: {0070bd20-49fa-4d4f-936e-b3d8ffb6ed72} - c:\windows\system32\wscui32.dll

BHO: {00768153-33bf-40df-af36-7d0ffc58c692} - c:\windows\system32\wscui32.dll

BHO: {00e17a41-49fa-4d4f-936e-b3d8ffb6ed72} - c:\windows\system32\wscui32.dll

BHO: {00ed02a6-33bf-40df-af36-7d0ffc58c692} - c:\windows\system32\wscui32.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim] "c:\program files\aim\aim.exe" ${LAUNCH_PARAMS}

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_Plugin.exe -update plugin

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [.minecraftUpdate] c:\documents and settings\admin shadow\application data\.minecraft\.minecraftupdate\.minecraftupdt32.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287651779109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{96E2D4A5-2441-4FBB-AFC7-DB6526862D9B} : DhcpNameServer = 192.168.0.1

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\cufysnsu.default\

FF - component: c:\program files\kaspersky lab\kaspersky internet security 2011\ffext\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\kaspersky lab\kaspersky internet security 2011\ffext\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - component: c:\program files\kaspersky lab\kaspersky internet security 2011\ffext\virtualkeyboard@kaspersky.ru\components\ffvkplugin.dll

FF - plugin: c:\documents and settings\all users\application data\nexon\nexonplug\npPlugWire_1.0.0.0.dll

FF - plugin: c:\documents and settings\all users\application data\nexon\ngm\npNxGame.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdap.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Anti-Banner: KavAntiBanner@kaspersky.ru_bak - c:\program files\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru_bak - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: XUL Cache: {3dd38bdd-3962-423d-8754-e3fc0d11387c} - %profile%\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}

FF - Ext: XUL Cache: {aabc33a4-599e-4207-8d5a-22df6acfa933} - %profile%\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}

FF - Ext: XUL Cache: {e0711003-28ce-406e-9522-2b1df5240f82} - %profile%\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\kaspersky lab\kaspersky internet security 2011\ffext\virtualKeyboard@kaspersky.ru

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\kaspersky lab\kaspersky internet security 2011\ffext\KavAntiBanner@kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\kaspersky lab\kaspersky internet security 2011\ffext\linkfilter@kaspersky.ru

.

============= SERVICES / DRIVERS ===============

.

R0 10509902;10509902;c:\windows\system32\drivers\10509902.sys [2011-9-7 133208]

R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2008-8-29 27648]

R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [2008-8-29 7680]

R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [2008-8-29 27648]

R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [2008-8-29 33408]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2008-8-29 45056]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-29 17920]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [2008-8-29 9809]

S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-9-7 475736]

S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-10 136176]

S3 EagleX64;EagleX64;\??\c:\documents and settings\admin shadow\local settings\temp\eaglex64.sys --> c:\documents and settings\admin shadow\local settings\temp\EagleX64.sys [?]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-10 136176]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2010-9-29 987648]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2010-9-29 251904]

.

=============== Created Last 30 ================

.

2011-09-22 23:59:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-22 23:59:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-22 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-21 23:15:48 -------- d-----w- c:\program files\AhnLab

2011-09-11 19:38:23 279552 ----a-w- c:\windows\system32\wscui32.dll

2011-09-11 19:38:21 111104 ----a-w- c:\documents and settings\all users\application data\AppleProfileOnline.dll

2011-09-08 05:58:10 133208 ----a-w- c:\windows\system32\drivers\10509902.sys

2011-09-08 02:54:55 -------- d-----w- c:\program files\Universal Shield

2011-09-08 02:42:26 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak\components\abhelperxpcom.dll

2011-09-08 02:42:21 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll

2011-09-08 02:42:01 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-09-08 02:42:01 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-09-08 02:39:53 -------- d-----w- c:\program files\Kaspersky Lab

2011-09-08 02:39:53 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

2011-09-08 01:22:01 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files

2011-09-08 01:04:25 -------- d-----w- c:\program files\Unlocker

.

==================== Find3M ====================

.

.

============= FINISH: 17:31:04.26 ===============

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.