Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Defender Virus of Some Sort


  • This topic is locked This topic is locked
2 replies to this topic

#1 mrinfected

mrinfected

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 05 December 2009 - 12:18 AM

Please help,

Computer infected with some sort of virus.
-Unusual pop ups
-One consistent pop up is "install registry defender"
-Variety of other pop ups, at least a dozen, "nexplore search 2
debt consolidation", "google, work from home and make $5000"
-Computer is very slow
-Windows crash and freeze every few minutes

Need to get this computer working to look for a shelter and get ready for my court case! THANK YOU! :(

----------------------------------------------------------------

DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 20:54:11.35 on ??? 2009-12-04
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.86.1033.18.958.371 [GMT -8:00]

AV: avast! antivirus 4.8.1367 [VPS 091125-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\program files\vzmyysvtdtaaa\xjnammg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\vzmyysvtdtaaa\xjnammg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Aim6]
uRun: [Aim6]
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [bifoboneh] Rundll32.exe "c:\windows\system32\yoguyutu.dll",a
mRun: [bifoboneh] Rundll32.exe "c:\windows\system32\yoguyutu.dll",a
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\owner\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {1F1BBA3D-C2D2-4F2A-87AE-DC5CC64ABD9B} = 83.149.115.182
TCP: {32454184-A83E-45D1-AA33-F98AE8545F59} = 83.149.115.182
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\lazikito.dll c:\windows\system32\dewirasu.dll kekuveka.dll c:\windows\system32\yoguyutu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: gevoyusew - {e95010e2-596e-4e39-9bb0-c87cc065da1d} - c:\windows\system32\dewirasu.dll
SSODL: minorepad - {c256c695-951d-4c8e-9f37-3cd19062ef6d} - c:\windows\system32\yoguyutu.dll
STS: mujuzedij: {e95010e2-596e-4e39-9bb0-c87cc065da1d} - c:\windows\system32\dewirasu.dll
STS: gahurihor: {c256c695-951d-4c8e-9f37-3cd19062ef6d} - c:\windows\system32\yoguyutu.dll
LSA: Notification Packages = scecli c:\windows\system32\sawubiyi.dll wugonihi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\s1gum1tb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s1gum1tb.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-6 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-25 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-25 138680]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-2-1 65536]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-16 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-25 352920]
S2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe --> c:\program files\ewido anti-malware\ewidoctrl.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [2006-3-3 30848]

=============== Created Last 30 ================

2009-12-02 04:24:58 0 d-----w- c:\windows\ERUNT
2009-12-02 04:23:43 0 d-----w- C:\!FixIEDef
2009-11-20 17:03:49 0 d-----w- c:\docume~1\owner\applic~1\AVG8
2009-11-20 00:35:07 43520 --sh--w- c:\windows\system32\tahidazu.dll
2009-11-20 00:33:58 2713 --sh--w- c:\windows\system32\jibuvuna.dll
2009-11-20 00:15:23 37888 ----a-w- c:\windows\system32\dutudari.dll
2009-11-13 00:48:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 00:48:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 00:48:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 12:42:36 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-07 07:23:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-07 07:22:43 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

==================== Find3M ====================

2009-05-15 16:30:00 1124 ----a-w- c:\program files\jpxduyv.txt
2008-12-18 23:24:32 2624 --sh--w- c:\windows\system32\davaruye.dll
2008-12-29 18:32:26 2623 --sh--w- c:\windows\system32\domohodu.dll
2009-09-02 03:56:00 39424 --sha-w- c:\windows\system32\duribegi.dll
2009-08-12 22:47:39 38912 --sha-w- c:\windows\system32\fatalofi.dll
2008-12-20 17:25:34 2625 --sh--w- c:\windows\system32\febonade.dll
2009-01-03 02:32:59 2623 --sh--w- c:\windows\system32\fijabigi.dll
2009-01-06 20:20:29 2624 --sh--w- c:\windows\system32\gafuyowo.dll
2008-12-18 09:24:16 2622 --sh--w- c:\windows\system32\gasahamo.dll
2008-12-10 07:37:55 2713 --sh--w- c:\windows\system32\gelilawe.exe
2008-12-20 17:25:34 2623 --sh--w- c:\windows\system32\gepuyedu.dll
2009-09-02 03:56:00 52224 --sha-w- c:\windows\system32\gifuyovi.dll
2008-12-11 08:35:27 2713 --sh--w- c:\windows\system32\gikosiha.exe
2009-09-02 03:56:13 52224 --sha-w- c:\windows\system32\gokovuli.dll
2008-12-29 00:54:27 2623 --sh--w- c:\windows\system32\gunoruwe.dll
2009-09-04 01:29:48 92672 --sha-w- c:\windows\system32\henijuve.dll
2009-08-24 06:41:02 52736 --sha-w- c:\windows\system32\hiniripa.dll
2009-08-20 00:31:53 52224 --sha-w- c:\windows\system32\jisagoyi.dll
2008-12-17 09:23:11 2623 --sh--w- c:\windows\system32\josoguyi.dll
2008-12-29 18:32:26 2624 --sh--w- c:\windows\system32\junefare.dll
2009-09-02 03:56:13 52224 --sha-w- c:\windows\system32\kekuveka.dll
2008-12-24 13:40:32 2713 --sh--w- c:\windows\system32\kupafive.exe
2008-12-29 00:54:27 2624 --sh--w- c:\windows\system32\kuzeyogi.dll
2009-01-06 08:20:14 2625 --sh--w- c:\windows\system32\liseruka.dll
2009-08-15 00:30:42 37888 --sha-w- c:\windows\system32\logipefu.dll
2009-01-04 18:03:11 2625 --sh--w- c:\windows\system32\matedibu.dll
2009-01-04 18:03:11 2624 --sh--w- c:\windows\system32\mavonunu.dll
2009-08-11 22:24:05 38912 --sha-w- c:\windows\system32\mevozeha.dll
2008-09-11 20:35:46 2048 --sha-w- c:\windows\system32\miwefoda.dll
2009-08-16 03:54:13 38400 --sha-w- c:\windows\system32\neyuvena.dll
2008-12-18 09:24:08 2625 --sh--w- c:\windows\system32\nijufuvu.dll
2009-08-13 23:32:51 51712 --sha-w- c:\windows\system32\pakiguwu.dll
2008-12-19 11:26:30 2713 --sh--w- c:\windows\system32\pazodoga.dll
2008-12-31 18:30:13 2623 --sh--w- c:\windows\system32\pofutuva.dll
2008-12-31 18:30:13 2623 --sh--w- c:\windows\system32\posiseyu.dll
2009-01-05 06:04:27 2622 --sh--w- c:\windows\system32\ramegige.dll
2009-09-02 22:42:41 39424 --sha-w- c:\windows\system32\reveraza.dll
2009-01-06 20:20:13 2624 --sh--w- c:\windows\system32\risozope.dll
2009-09-04 01:29:48 38400 --sha-w- c:\windows\system32\sazujimo.dll
2009-01-05 06:04:27 2623 --sh--w- c:\windows\system32\segorado.dll
2009-08-20 00:31:54 61952 --sha-w- c:\windows\system32\selekide.dll
2009-01-03 02:32:59 2625 --sh--w- c:\windows\system32\sidokigo.dll
2008-12-17 21:23:49 2623 --sh--w- c:\windows\system32\siyipino.dll
2009-08-20 00:31:55 43520 --sha-w- c:\windows\system32\subalavi.dll
2009-09-04 21:39:15 38912 --sha-w- c:\windows\system32\vakidibe.dll
2008-12-31 06:30:08 66 --sh--w- c:\windows\system32\vawopijo.dll
2009-09-04 01:29:48 61440 --sha-w- c:\windows\system32\vidasasa.dll
2008-12-17 09:23:11 2624 --sh--w- c:\windows\system32\vivodiha.dll
2009-08-24 06:41:04 35840 --sha-w- c:\windows\system32\vurotipe.dll
2009-08-10 20:37:33 37888 --sha-w- c:\windows\system32\wahewozi.dll
2009-08-20 00:31:53 61440 --sha-w- c:\windows\system32\wipidahe.dll
2009-08-24 06:41:02 44032 --sha-w- c:\windows\system32\wohobiye.dll
2009-09-02 03:56:13 52224 --sha-w- c:\windows\system32\wugonihi.dll
2008-12-16 21:23:21 2623 --sh--w- c:\windows\system32\yamileju.dll
2008-12-30 18:29:35 66 --sh--w- c:\windows\system32\yeruduki.dll
2009-01-06 20:20:13 66 --sh--w- c:\windows\system32\yibobado.dll
2009-09-04 21:39:15 91648 --sha-w- c:\windows\system32\yoguyutu.dll
2009-08-13 23:32:51 39424 --sha-w- c:\windows\system32\yohujoku.dll
2008-12-20 05:25:09 2713 --sh--w- c:\windows\system32\zagawube.exe
2009-08-10 20:37:33 52736 --sha-w- c:\windows\system32\zebekeli.dll
2008-12-19 11:25:45 2624 --sh--w- c:\windows\system32\zovoneli.dll
2009-01-04 06:03:41 2625 --sh--w- c:\windows\system32\zugibiru.dll
2008-12-17 21:23:47 2625 --sh--w- c:\windows\system32\zusudupe.dll

============= FINISH: 20:55:35.28 ===============
:(

Attached Files



BC AdBot (Login to Remove)

 


#2 MalwareMutilator

MalwareMutilator

  • Members
  • 931 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 18 December 2009 - 11:27 AM

Hello mrinfected, and welcome to Bleeping Computer :(

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have already resolved the original problem you were having, we would appreciate you letting us know. If not, please perform the following steps below so I can have a closer look at the current condition of your machine.
  • Please include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Please post a new DDS log as your situation may have changed. Please use the Add Reply button below, and add the new log to this thread.
I will furnish you with additional instructions after receiving/reviewing your reply. :(

Thanks again, and sorry for the delay.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


MalwareMutilator

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:35 PM

Posted 26 December 2009 - 02:46 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users