Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Vundo


  • This topic is locked This topic is locked
2 replies to this topic

#1 sporkzeus

sporkzeus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 24 December 2008 - 11:59 PM

I was redirected to this forum to post DDS logs. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/189137/trojanvundo-cant-get-rid-of-last-2-infections/ ~ OB I ran MalwareBytes a number of times, also in safemode and safemode with internet disconnected. It says it removes the last 2 registry key infections, but when I reboot they are back. Thanks in advance for the help!

Here are my DDS.txt log:



DDS (Version 1.1.0) - NTFSx86
Run by Sporkzeus at 23:49:49.73 on Wed 12/24/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3583.3086 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Sporkzeus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
1 (0x1)
BHO: {b895fb7e-3f40-8c18-bd14-aa56e1fd0ed0}: {0de0df1e-65aa-41db-81c8-04f3e7bf598b} - c:\windows\system32\kdibvv.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {b0c90634-12d7-4ff0-b47f-341cdd56661b} - c:\windows\system32\awtuTnmJ.dll
BHO: {c73768bf-0bdb-49d4-b35d-86db30ddc40f} - c:\windows\system32\ljJDSMgH.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [Kernel and Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE"
mRun: [Tarantula] "c:\program files\razer\tarantula\razerhid.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: pwctjj.dll kxqlev.dll wtfchw.dll lxmjsa.dll xlvvzu.dll kdibvv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sporkz~1\applic~1\mozilla\firefox\profiles\fx4e4db7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\sporkzeus\application data\mozilla\firefox\profiles\fx4e4db7.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\sporkzeus\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

============= SERVICES / DRIVERS ===============

R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-7 160792]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-7 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-7 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-7 81288]
S3 PciCon;PciCon;\??\E:\PciCon.sys []
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-7 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-7 1079176]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-12-20 44800]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80 [2005-9-23 2799808]

=============== Created Last 30 ================

2008-12-23 21:47 8,192 a------- C:\ekejy.exe
2008-12-23 21:47 86,027 a------- C:\vnql.exe
2008-12-23 21:47 41,472 a------- C:\udou.exe
2008-12-23 21:47 15,000 a------- c:\windows\system32\jkse73hedfdgf.dll
2008-12-23 21:47 441 a------- c:\windows\system32\TDSSlrvd.dat
2008-12-23 21:47 15,000 a------- c:\windows\system32\tyshb36rfjdf.dll
2008-12-23 21:38 130,048 a------- c:\windows\system32\kdibvv.dll
2008-12-23 21:38 130,048 a------- c:\windows\system32\iovchtua.dll
2008-12-14 20:03 884,014 a--sh--- c:\windows\system32\JmnTutwa.ini
2008-12-14 20:03 883,463 a--sh--- c:\windows\system32\JmnTutwa.ini2
2008-12-07 02:34 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2008-12-07 02:34 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-12-07 02:34 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-12-07 02:34 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-12-07 02:34 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-12-07 02:34 --d----- c:\program files\common files\PC Tools
2008-12-07 02:34 --d----- c:\program files\Spyware Doctor
2008-12-07 02:34 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-06 21:32 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-06 21:14 --dsh--- c:\windows\U2hhZnRh
2008-12-06 21:03 --d----- c:\docume~1\sporkz~1\applic~1\Twain
2008-12-06 19:07 --d-h--- c:\windows\PIF
2008-12-02 22:28 --d----- c:\program files\AutoHotkey
2008-11-30 21:36 --d----- c:\docume~1\sporkz~1\applic~1\Malwarebytes
2008-11-30 21:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-30 21:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 21:36 --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 21:36 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-30 21:24 --d----- c:\program files\AVG
2008-11-30 19:47 --d----- c:\program files\Vuze
2008-11-30 19:39 --d----- C:\VundoFix Backups
2008-11-30 18:03 --d----- C:\Binaries
2008-11-30 18:00 879,106 a--sh--- c:\windows\system32\HgMSDJjl.ini2
2008-11-30 18:00 164 a------- C:\install.dat
2008-11-30 17:46 153 a------- c:\windows\wininit.ini
2008-11-30 17:35 --d----- c:\program files\Spybot - Search & Destroy
2008-11-30 17:35 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-30 16:49 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-11-30 16:48 --d----- c:\documents and settings\sporkzeus\.housecall6.6
2008-11-30 16:45 879,106 a--sh--- c:\windows\system32\HgMSDJjl.ini
2008-11-30 03:22 --d----- c:\program files\iPod
2008-11-30 03:22 --d----- c:\program files\iTunes
2008-11-30 03:22 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-12-24 23:39 12,924 a------- c:\windows\system32\tablet.dat
2008-11-07 14:23 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-10-05 11:41 22,720 a------- c:\windows\system32\emptyregdb.dat
2005-07-29 16:24 472 a--shr-- c:\windows\u2hhznrh\oZ11tBl1.vbs

============= FINISH: 23:50:10.39 ===============

Attached Files


Edited by Orange Blossom, 25 December 2008 - 12:46 AM.


BC AdBot (Login to Remove)

 


#2 sporkzeus

sporkzeus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 26 December 2008 - 08:49 PM

Im replying to this just to say to ignore this ticket. I've done a bunch of windows updates and ungraded from IE6, and now things are even worse and running even more slowly, so i'm just going to backup, suck it up and format and start fresh.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:47 PM

Posted 03 January 2009 - 08:01 PM

Good luck,thanks for letting us know. Sometimes it's the best way!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users