Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo.GDC


  • Please log in to reply
1 reply to this topic

#1 predator2663

predator2663

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 31 December 2008 - 06:56 AM

Hi
I have had a few trojan problems but doing a search on the net I found that Trojan.Vundo.GDC which I no I have or had was causing the 2 posts beebs when windows completes it boot up.

I have tried

malwarebytes
Spybot
Ad-aware
superspyware
Bullguard
SpyDoctor
Spysweeper
Vundofix
Nortons FixVundo
Nortons FixVundo B

which all say clean I think I must have left some traces because I still get the 2 post beebs,

also when you click start then run and type msconfig it cannot be found but doing a search for this you can find it and run ok also drwatson errors.

I cannot do a repair of windows because I only have windows cd with sp2 and ny pc is now up to date with sp3 so I think it my cause problems. I also think that maybe some of my windows files my have been damaged by the virus, but the rest of windows is running ok.

thank you I await your reply



DDS (Version 1.1.0) - NTFSx86
Run by Administrator at 11:39:17.20 on 31/12/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT 0:00]

AV: BullGuard Antivirus *On-access scanning enabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
FW: BullGuard Firewall *enabled*

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Wireless Device\Versato.exe
C:\Program Files\Wireless Device\MulMouse.exe
C:\Program Files\Wireless Device\MagicWl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wireless Device\OSD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe -k BullGuard
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.blueyonder.co.uk/blueyonder/index.jsp
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe"
mRun: [VTTrayp] "c:\windows\system32\VTtrayp.exe"
mRun: [VTTimer] "c:\windows\system32\VTTimer.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [SaiSmart] "c:\program files\saitek\software\SaiSmart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Profiler] "c:\program files\saitek\software\Profiler.exe"
mRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [NvMediaCenter] "c:\windows\system32\RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPHUPD05] "c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe"
mRun: [HPHmon05] "c:\windows\system32\hphmon05.exe"
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [High Definition Audio Property Page Shortcut] "c:\windows\system32\HDAShCut.exe"
mRun: [Gainward] "c:\program files\xpertvision\TBPanel.exe" /A
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot
mRun: [BluetoothAuthenticationAgent] "c:\windows\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BigDogPath323VMSnap] "c:\windows\VMSnap23.exe"
mRun: [BigDogPath323Domino] "c:\windows\Domino.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\distillr\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~2.lnk - c:\program files\wireless device\Versato.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\MulMouse.exe
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7b78yism.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-1-23 11264]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2007-6-7 13312]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-6-2 611664]
R2 BdFileSpy;BullGuard File Monitor Driver;\??\c:\windows\system32\drivers\BdFileSpy.sys [2008-10-1 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\system32\svchost.exe -k BullGuard [2004-8-4 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\system32\svchost.exe -k BullGuard [2004-8-4 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\system32\svchost.exe -k BullGuard [2004-8-4 14336]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\spy sweeper\SpySweeper.exe" [2008-11-12 3667312]
R2 WRConsumerService;Webroot Client Service;"c:\program files\webroot\spy sweeper\WRConsumerService.exe" [2008-12-23 1086840]
R3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [2004-9-1 21824]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2008-9-18 30872]
R3 AfwCore;Agnitum Firewall Core Driver;\??\c:\windows\system32\drivers\AfwCore.sys [2008-10-1 252568]
R3 Reconn;BullGuard Email Monitor;\??\c:\program files\bullguard ltd\bullguard\Reconn.sys [2008-7-29 16984]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\drivers\UsbFltr.sys [2007-6-7 11648]
S1 M9207;Digital TV USB Mini Receiver;c:\windows\system32\drivers\M9207BDA.sys [2007-6-12 40576]
S2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 BGRaSvc;BGRaSvc;"c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe" [2008-7-29 73728]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-24 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-24 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-24 81288]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2004-6-11 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\SaiUFF0C.sys [2004-6-11 19584]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-24 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-24 1079176]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-7-4 476672]
S3 Wdm1;USB Linq Cable Driver;c:\windows\system32\drivers\usbbc.sys [2007-10-24 9882]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2007-7-4 244864]

=============== Created Last 30 ================

2008-12-30 18:49 <DIR> --d----- C:\1temp
2008-12-30 16:18 <DIR> --d----- c:\windows\Cookies
2008-12-30 16:18 <DIR> --d----- c:\windows\Recent
2008-12-28 15:44 166,064 a------- c:\temp\FixVundo.exe
2008-12-27 16:45 <DIR> --d----- c:\program files\Internet Download Manager
2008-12-27 16:30 <DIR> --d----- c:\docume~1\admini~1\applic~1\IDM
2008-12-27 13:37 1,371,632 a------- c:\temp\RegCureSetup_RW.exe
2008-12-24 17:26 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-12-24 17:26 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-12-24 17:26 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-12-24 17:26 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-12-24 17:25 <DIR> --d----- c:\program files\Spyware Doctor
2008-12-24 17:18 13,596,592 a------- c:\temp\sdsetup.exe
2008-12-24 13:16 1,582,201 ---sh--- c:\windows\system32\uzolesoh.ini
2008-12-24 13:04 161,792 a------- c:\windows\SWREG.exe
2008-12-24 13:04 98,816 a------- c:\windows\sed.exe
2008-12-24 10:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-24 10:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-24 10:34 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2008-12-24 10:32 5,729,312 a------- c:\temp\SUPERAntiSpywarePro.exe
2008-12-23 21:07 <DIR> --d----- c:\program files\Trend Micro
2008-12-23 20:36 119,808 a------- c:\temp\VundoFix.exe
2008-12-23 19:22 37,390,376 a------- c:\temp\SpySweeperRegSetup_EN.exe
2008-12-19 18:24 <DIR> --d----- c:\program files\Bonjour
2008-12-19 18:22 <DIR> --d----- c:\program files\iPod
2008-12-19 18:22 <DIR> --d----- c:\program files\iTunes
2008-12-19 18:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Activision
2008-12-19 14:14 <DIR> --d----- c:\docume~1\admini~1\applic~1\Activision
2008-12-15 16:53 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2008-12-15 16:53 509,448 a------- c:\windows\system32\XAudio2_2.dll
2008-12-15 16:53 238,088 a------- c:\windows\system32\xactengine3_2.dll
2008-12-15 16:53 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2008-12-15 16:53 467,984 a------- c:\windows\system32\d3dx10_39.dll
2008-12-15 16:53 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2008-12-15 16:19 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-12-12 17:38 <DIR> --d----- c:\program files\Left 4 Dead
2008-12-12 15:39 <DIR> --d----- c:\windows\Left 4 Dead
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-10 15:55 <DIR> --d----- c:\program files\Bethesda Softworks
2008-12-10 13:47 <DIR> --d----- c:\windows\system32\xlive
2008-12-10 13:31 94,208 a------- c:\windows\system32\xa14882718.exe
2008-12-10 13:31 94,208 a------- c:\windows\system32\xa14882500.exe
2008-12-10 13:30 94,208 a------- c:\windows\system32\xa14865234.exe
2008-12-10 13:30 94,208 a------- c:\windows\system32\xa14865000.exe
2008-12-08 14:29 <DIR> --d----- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2008-12-08 12:36 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-05 18:46 <DIR> --d----- c:\program files\uTorrent
2008-12-05 18:45 <DIR> --d----- c:\docume~1\admini~1\applic~1\uTorrent
2008-12-04 11:48 <DIR> --d----- c:\program files\Western Digital Technologies

==================== Find3M ====================

2008-12-08 17:20 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-08 17:20 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2008-12-08 17:20 107,832 -------- c:\windows\system32\PnkBstrB.exe
2008-12-08 17:20 2,250,024 a------- c:\windows\system32\pbsvc.exe
2008-12-08 16:36 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-05 16:34 66,872 -------- c:\windows\system32\PnkBstrA.exe
2008-12-03 19:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-03 17:20 55,504 a------- c:\windows\system32\drivers\BdFileSpy.sys
2008-11-13 17:11 1,553,272 a------- c:\windows\WRSetup.dll
2008-11-12 16:02 170,608 a------- c:\windows\system32\drivers\ssidrv.sys
2008-11-12 16:02 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 16:02 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2008-11-04 21:18 252,568 a----r-- c:\windows\system32\drivers\AfwCore.sys
2008-11-04 21:18 30,872 a----r-- c:\windows\system32\drivers\Afw.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-13 17:11 720,896 a------- c:\windows\iun6002ev.exe
2008-10-03 10:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-02-01 16:35 81,920 a------- c:\docume~1\admini~1\applic~1\ezpinst.exe
2008-02-01 16:35 47,360 a------- c:\docume~1\admini~1\applic~1\pcouffin.sys
2007-08-06 15:20 11,114 a------- c:\docume~1\alluse~1\applic~1\MainApp.dll

============= FINISH: 11:39:47.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:59 AM

Posted 10 January 2009 - 04:15 PM

Welcome to BC :thumbsup:

Sorry for the delay.

Since its been more than a week, i need a fresh Hijackthis log. Thanks
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users