Tech Support Forum - View Single Post - Infected with Trojan Vundo, iifdcAtT.dll, pop-ups, etc.

TheyGotMe · 12-03-2008, 02:48 PM

Thank you in advance for any help, I do appreciate it!!

AVG free gave Trojan Vundo warnings yesterday, and ever since I've been plagued by popup windows.

I found the "iifdcAtT.dll" listed under IE7 Tools>Manage Add-ons>Enable or disable add-ons. Unbelievable, just now as I was typing this another two BHO entries are in the Manage Add-ons list!! One is aondia.dll, the other urqoLFvs.dll.

I also found under Control Panel>Add/Remove Programs an entry for something called "Advertisement Service". When I clicked on Change/Remove I got "An error occurred while trying to remove...etc.", I suppose because there's no uninstaller.

Wondering what to do next? Thanks!

DDS (Version 1.0) - NTFSx86
Run by Simon at 15:35:18.70 on Wed 12/03/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1063 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Logitech\Quickcam.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Wallpaper Tool\WallPaper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Simon\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\iifdcAtT.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TransBar] c:\documents and settings\simon\local settings\application data\aksoftware\transbar\TransBar.exe /s
mRun: [AVG8_TRAY] e:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DrvIcon] e:\program files\vista drive icon\DrvIcon.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "e:\program files\qt lite\qttask.exe" -atboottime
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "e:\program files\logitech\Quickcam.exe" /hide
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\simon\startm~1\programs\startup\speedfan.lnk - e:\program files\speedfan\speedfan.exe
StartupFolder: c:\docume~1\simon\startm~1\programs\startup\wallpa~1.lnk - e:\program files\wallpaper tool\WallPaper.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: *.line6.net
Notify: iifdcAtT - iifdcAtT.dll
AppInit_DLLs: avgrsstx.dll ovulha.dll aixuza.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\iifdcAtT.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-18 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-18 26824]
R2 avg8emc;AVG8 E-mail Scanner;e:\progra~1\avg\avg8\avgemc.exe [2008-7-2 875288]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-2 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-18 76040]
R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs.sys [2008-7-26 627864]
S3 L6POD;L6 PODxt Service;c:\windows\system32\drivers\L6POD.sys [2008-7-10 530560]
S3 RDID1027;EDIROL PCR;c:\windows\system32\drivers\rdwm1027.sys [2008-7-15 79393]

=============== Created Last 30 ================

2008-12-03 15:31 250 a------- c:\windows\gmer.ini
2008-12-03 15:11 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-03 15:10 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-12-03 14:45 <DIR> --d----- C:\ComboFix
2008-12-03 14:36 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2008-12-03 13:07 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-03 13:07 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-03 12:48 161,792 a------- c:\windows\SWREG.exe
2008-12-03 12:48 98,816 a------- c:\windows\sed.exe
2008-12-03 11:46 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-02 11:00 34,816 a------- c:\windows\system32\yayaYoPJ.dll
2008-12-02 10:52 32,768 a------- c:\windows\system32\iifdcAtT.dll
2008-11-22 20:10 <DIR> --d----- c:\program files\iPod
2008-11-22 20:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-18 14:46 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-11-18 14:04 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-11-18 13:53 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2008-11-18 13:53 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-11-03 18:47 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-10-29 17:37 <DIR> --d----- c:\docume~1\simon\applic~1\Line 6
2008-10-29 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Line 6
2008-10-24 17:29 167,936 a------- c:\windows\system32\L6PODxt.dll
2008-10-14 17:14 <DIR> --d----- c:\program files\Bonjour
2008-10-08 19:58 <DIR> --d----- c:\program files\common files\Native Instruments
2008-10-07 16:53 <DIR> --d----- c:\program files\M-Audio
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-07-24 13:21 <DIR> --d----- c:\docume~1\simon\applic~1\GARMIN
2008-07-24 13:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN
2008-07-15 09:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Cakewalk
2008-07-08 10:30 <DIR> --d----- c:\docume~1\simon\applic~1\Cakewalk
2008-06-27 11:18 <DIR> --d--r-- c:\docume~1\simon\applic~1\Brother
2008-06-18 19:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

============= FINISH: 15:35:33.70 ===============