Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ Registery Defender & google not working


  • This topic is locked This topic is locked
2 replies to this topic

#1 surfergurly

surfergurly

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 07 November 2009 - 06:34 PM

THANKS:
First off I just wanted to thank you for taking time to help everyone out. I love this forum & have cleared most problems up by just searching the posts.
A little off topic, but I'm sceduled to delivery my first baby this Friday. I doubt if I'll have any time after the baby to spend anytime fixing my laptop. Hopefully someone can help me before she comes
Thanks a million, :(
Kimberly AKA Surfergurly
_____________________________________________________________________________________________________

PROBLEMS:
Infected with Registry Defender and perhaps a few other viruses. Malwares Bytes didn't remove completely.

-I can only access IE intermittently (internet connection is properly working). I canít open my home page, (google or yahoo). The websites that I can open will shut down after a few minutes.

-When I am able to access internet, new tabs with bogus link have appeared alongside my opened page:
auditexperiment.com/hitin.php?land=20&affid=06300
searchtcentro.com/ac.php?aid=11&sid=nkr13
alert4find.com/searchfast/ac.php?q=leslie&aid=11&sid=nkr13


-System restore was disabled, but I was able to enable again, saved data is gone

-When I restart my computer, file popup appears that it cannot find (vitumepa.dll)

-AVG popup wil find file, but canít deleted or heal (explicit rogue scanner type 871) and
(indiasecurityworld.com/index.php?affid=06300)
_____________________________________________________________________________________________________

DDS LOG:


DDS (Ver_09-10-26.01) - NTFSx86
Run by kim at 13:33:46.84 on Sat 11/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.540 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1356 [VPS 091107-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\kim\LOCALS~1\Temp\winhbt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\jetsuite\jsdaemon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\kim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BackUp Windows 2009] c:\docume~1\kim\locals~1\temp\qihpl.exe
uRun: [winhbt.exe] c:\docume~1\kim\locals~1\temp\winhbt.exe
uRun: [mvwmwhxq] c:\documents and settings\kim\local settings\application data\oipxfn\yuntsysguard.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [mvwmwhxq] c:\documents and settings\kim\local settings\application data\oipxfn\yuntsysguard.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {10B7EAD8-9880-4CF5-BF42-8FB7808476F9} = 77.74.48.113
TCP: {2C4F7DDA-1F06-4B8E-9D24-1A19416C90FC} = 77.74.48.113
Filter: text/html - {b2feb265-b4bc-4927-8e7c-09966374a529} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
STS: MtgraphiMsf.Mtgraphi: {201ce528-154b-4ff3-9c6f-012e28454f0a} - c:\windows\system32\mtgraphi.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli vitumepa.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-26 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-6 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-15 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-15 108552]
R1 jsmux;jsmux;c:\windows\system32\drivers\JSMUX.SYS [2009-6-18 173880]
R1 jsscan;jsscan;c:\windows\system32\drivers\JSSCAN.SYS [2009-6-18 56672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-6 20560]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-15 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-15 297752]
R2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe [2009-6-4 451904]
R2 jsfax;jsfax;c:\windows\system32\drivers\JSFAX.SYS [2009-6-18 59604]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-15 57408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-9-25 297472]
S4 jsdbg;jsdbg;c:\windows\system32\drivers\JSDBG.SYS [2009-6-18 50352]
S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]

=============== Created Last 30 ================


==================== Find3M ====================

2009-11-07 01:55:47 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-13 23:07:32 74240 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 05:59:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 01:12:57 376956 --sha-w- c:\windows\system32\dasalura.exe
2006-01-31 21:09:52 32768 --sha-r- c:\windows\system32\hayesetcf.dll
2009-08-07 01:12:57 39424 --sha-w- c:\windows\system32\nisuniga.dll
2009-08-07 01:12:58 45056 --sha-w- c:\windows\system32\ragumoze.dll
2009-08-07 01:12:57 114176 --sha-w- c:\windows\system32\zuragiwu.exe

============= FINISH: 13:34:10.34 ===============

Attached Files


Edited by surfergurly, 07 November 2009 - 06:36 PM.


BC AdBot (Login to Remove)

 


#2 surfergurly

surfergurly
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 12 November 2009 - 03:48 AM

Hi Please cancel this post. I ended up reformatting my hard drive.

Thanks for a great site :(
Kimberly

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:33 AM

Posted 12 November 2009 - 07:02 PM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know. :(

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users