Help please!

[stunner37]

I followed the instructions post, but my PC will not finish the DDS, no reports are populated. Spybot stops halfway through but I can see 2 entries of Virtumonde and 4 for Fraud.antimalwareDoctor.

My computer was running fine, but we decided to do some system cleaning. In running the uninstall on a few things we don't use (one being an IE toolbar).. the constant pop ads have begin. Also worth noting, we ran S&Destroy prior to running the uninstalls and it found only one minor problem, removed it with no issue.

Please let me know how to proceed...

Thank you!

Ashley

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ash at 7:19:16.09 on 27/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Subsonic\subsonic-service.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Documents and Settings\Ash\Application Data\C3B7CC607230956CA4AE70E68AFE1D84\tr700lqqcore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ash\Local Settings\Temporary Internet Files\Content.IE5\0S7E3OOC\dds[1].com
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LClock] c:\program files\lclock\LClock.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Srixiku] rundll32.exe "c:\windows\mfig32.dll",Startup
uRun: [tr700lqqcore.exe] c:\documents and settings\ash\application data\c3b7cc607230956ca4ae70e68afe1d84\tr700lqqcore.exe
uRun: [AntiVirus AntiSpyware 2011] "c:\documents and settings\ash\application data\antivirus antispyware 2011\AntiVirus AntiSpyware.exe" /STARTUP
uRun: [AntiVirus AntiSpyware 2011 Security] c:\documents and settings\ash\application data\antivirus antispyware 2011\securitymanager.exe
uRunOnce: [SpybotDeletingB3939] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
uRunOnce: [SpybotDeletingD1015] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
uRunOnce: [SpybotDeletingB9383] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
uRunOnce: [SpybotDeletingD6863] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Dfemesiyo] rundll32.exe "c:\windows\oyavipej.dll",Startup
mRunOnce: [SpybotDeletingA1214] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
mRunOnce: [SpybotDeletingC4549] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
mRunOnce: [SpybotDeletingA2593] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRunOnce: [SpybotDeletingC830] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [LClock] c:\program files\lclock\LClock.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://139.142.250.200:2082/activex/AxisCamControl.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ash\applic~1\mozilla\firefox\profiles\i2rvvuz7.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\ash\application data\mozilla\firefox\profiles\i2rvvuz7.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? BTCFilterService;USB Networking Driver Filter Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? MotDev;Motorola Inc. USB Device
R? Motousbnet;Motorola USB Networking Driver Service
R? motusbdevice;Motorola USB Dev Driver
R? SwitchBoard;Adobe SwitchBoard
R? UsbGps;LGE CDMA USB GPS NMEA Port
R? vcdrom;Virtual CD-ROM Device Driver
S? DeviceMonitorService;DeviceMonitorService
S? MotoHelper;MotoHelper Service
S? ramdisk;Windows RAM Disk Driver
.
=============== Created Last 30 ================
.
2011-04-27 05:52:15 -------- d-----w- c:\windows\26-04-2011
2011-04-27 05:38:24 0 ----a-w- c:\windows\Ctofiwogijanile.bin
2011-04-27 05:38:22 -------- d-----w- c:\docume~1\ash\locals~1\applic~1\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}
2011-04-27 05:37:56 -------- d-----w- c:\docume~1\ash\applic~1\AntiVirus AntiSpyware 2011
2011-04-27 05:37:00 -------- d-----w- c:\docume~1\ash\applic~1\C3B7CC607230956CA4AE70E68AFE1D84
2011-04-15 02:56:35 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2011-04-15 02:05:32 -------- d-----w- c:\docume~1\ash\applic~1\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-15 02:05:32 -------- d-----w- c:\docume~1\ash\applic~1\Adobe Mini Bridge CS5
2011-04-14 14:40:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
.
==================== Find3M ====================
.
2011-03-07 05:31:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 13:05:45 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 01:03:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85A06730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85a0ca10]; MOV EAX, [0x85a0ca8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86547AB8]
3 CLASSPNP[0xF761DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x8657D3B8]
5 ACPI[0xF7494620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8657BD98]
\Driver\atapi[0x862F4B10] -> IRP_MJ_CREATE -> 0x85A06730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x85A0657B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 7:22:24.31 ===============

thanks in advance