How do you remove Virtumonde???

F

fuzzygavino

New member
Bit of a novice when it comes to all this stuff so will need lots of help :sad:, just had a pc custom built got it all unpacked and online and I seem to have got the Virtumonde infection on it, after reading online some tips to sorting it out I ran Spybot, HJT, Spyware Sweeper to name a few, they have all detected it and I assumed removed it but each time I log on its still here and causing mayhem on my system, any help would be appreciated. Please let me know of anything you will need to help me resolve this, thanks Gav :fear:
 
fuzzygavino said:
Bit of a novice when it comes to all this stuff so will need lots of help :sad:, just had a pc custom built got it all unpacked and online and I seem to have got the Virtumonde infection on it, after reading online some tips to sorting it out I ran Spybot, HJT, Spyware Sweeper to name a few, they have all detected it and I assumed removed it but each time I log on its still here and causing mayhem on my system, any help would be appreciated. Please let me know of anything you will need to help me resolve this, thanks Gav :fear:
Click to expand...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:07, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.co.uk/nwshp?oe=UTF-8&hl=en&tab=wn&q=
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [FolderView] "rundll32.exe" "C:\WINDOWS\system32\fxmwrlee.dll",sitypnow
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6647 bytes
 
Ive had a go at doing some of the bits i have seen on other post about this issue here are the results from HJT, ComboFix, VundoFix i hope they help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:26, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\Hijack This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.co.uk/nwshp?oe=UTF-8&hl=en&tab=wn&q=
O2 - BHO: (no name) - {3E429FC5-AFE8-4FF3-9A2B-371682537746} - C:\WINDOWS\system32\awtqp.dll
O2 - BHO: (no name) - {523A7832-7767-405D-A780-C792CCE8AC94} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B467D121-7121-4C5F-A1D0-3D84AF6DC89C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - Winlogon Notify: pmnonmm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7113 bytes
 
ComboFix 07-09-21.2 - "Gavin" 2007-09-26 16:02:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.576 [GMT 1:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\eelrwmxf.ini
C:\WINDOWS\system32\fxmwrlee.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 )))))))))))))))))))))))))))))))
.

2007-09-26 16:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-26 15:47 <DIR> d-------- C:\VundoFix Backups
2007-09-26 15:21 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-26 14:05 <DIR> d-------- C:\Program Files\BillP Studios
2007-09-26 14:05 <DIR> d-------- C:\DOCUME~1\Gavin\APPLIC~1\WinPatrol
2007-09-26 13:47 <DIR> d---s---- C:\DOCUME~1\Gavin\UserData
2007-09-26 13:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-26 13:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-26 12:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-26 12:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 12:00 1,532,117 ---hs---- C:\WINDOWS\system32\pqtwa.bak2
2007-09-26 11:33 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-26 11:33 <DIR> d-------- C:\DOCUME~1\Gavin\APPLIC~1\Talkback
2007-09-26 11:00 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-26 11:00 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-09-25 20:11 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-09-25 20:11 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-09-25 20:11 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-09-25 20:11 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-25 20:11 <DIR> d-------- C:\Program Files\Webroot
2007-09-25 20:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-09-25 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-09-25 20:09 <DIR> d-------- C:\DOCUME~1\Gavin\APPLIC~1\Webroot
2007-09-25 19:53 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-09-25 19:51 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-25 19:23 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-09-25 19:23 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-09-25 19:23 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-09-25 19:23 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-09-25 19:23 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-09-25 19:23 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-09-25 19:23 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-09-25 19:23 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-09-25 19:02 <DIR> d-------- C:\Program Files\MyPhoneExplorer
2007-09-25 19:02 <DIR> d-------- C:\DOCUME~1\Gavin\APPLIC~1\MyPhoneExplorer
2007-09-25 18:57 <DIR> d-------- C:\DOCUME~1\Gavin\APPLIC~1\Ahead
2007-09-25 18:56 <DIR> d-------- C:\Program Files\Nero
2007-09-25 18:56 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-25 18:54 <DIR> d-------- C:\Program Files\Medieval Software
2007-09-25 18:54 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-09-25 18:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-25 18:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-25 18:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-25 18:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-09-25 18:39 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-25 18:31 <DIR> d-------- C:\DOCUME~1\Gavin\Contacts
2007-09-25 18:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-25 18:28 <DIR> d-------- C:\Program Files\Windows Live
2007-09-25 18:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-09-25 18:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-09-25 18:23 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-09-25 18:21 <DIR> d-------- C:\WINDOWS\ShellNew
2007-09-25 18:21 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-25 18:20 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-25 18:20 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-25 18:20 <DIR> d-------- C:\Program Files\McAfee
2007-09-25 18:20 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-25 18:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-25 18:17 <DIR> d-------- C:\Program Files\BitComet
2007-09-25 18:17 <DIR> d-------- C:\Direct X
2007-09-25 18:16 <DIR> d-------- C:\Program Files\Lavalys
2007-09-25 18:15 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-25 18:15 <DIR> d-------- C:\Program Files\CCleaner
2007-09-25 18:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-25 18:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-25 15:42 6,456 ---hs---- C:\WINDOWS\system32\pqtwa.bak1
2007-09-25 15:41 311,872 --a------ C:\WINDOWS\system32\awtqp.dll
2007-09-25 15:35 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-25 15:34 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-09-25 15:34 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-25 15:34 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-09-25 15:33 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-09-25 15:33 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-09-25 15:33 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-25 15:33 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-09-25 15:33 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-09-25 15:33 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-09-25 15:33 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-09-25 15:32 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-09-25 15:31 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-09-25 15:29 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-25 15:29 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-09-25 15:24 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-09-25 15:23 94,208 --------- C:\WINDOWS\system32\GTW32N50.dll
2007-09-25 15:23 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-09-25 15:23 651,264 --------- C:\WINDOWS\system32\libeay32.dll
2007-09-25 15:23 17,992 --------- C:\WINDOWS\system32\bcm42rly.sys
2007-09-25 15:23 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-25 15:23 15,872 --------- C:\WINDOWS\system32\GTNDIS5.sys
2007-09-25 15:23 147,456 --------- C:\WINDOWS\system32\ssleay32.dll
2007-09-25 15:23 1,396,831 --------- C:\WINDOWS\system32\AegisE5.dll
2007-09-25 15:23 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2007-09-25 15:22 <DIR> d-------- C:\Program Files\Creative
2007-09-25 15:21 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-25 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-09-25 15:12 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-25 15:12 <DIR> d-------- C:\WINDOWS\nview
2007-09-25 15:08 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-09-25 15:08 208,896 --------- C:\WINDOWS\system32\nvuide.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 14:59 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E429FC5-AFE8-4FF3-9A2B-371682537746}]
2007-09-25 15:41 311872 --a------ C:\WINDOWS\system32\awtqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{523A7832-7767-405D-A780-C792CCE8AC94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{632AB9DB-EE1E-43B0-AA06-4DD209EE33BF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B467D121-7121-4C5F-A1D0-3D84AF6DC89C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"P17Helper"="P17.dll" [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-11 02:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-25 18:09]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-06-23 18:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnonmm]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqp.dll

R2 WUSB54GSv2SVC;WUSB54GSv2SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe"
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 17:20:14 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-25 17:20:13 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 16:05:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-26 16:05:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 16:05
.
--- E O F ---
 
VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 15:47:06 26/09/2007

Listing files found while scanning....

C:\windows\system32\pmnonmm.dll
rundll32.exe

Beginning removal...

Attempting to delete C:\windows\system32\pmnonmm.dll
C:\windows\system32\pmnonmm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\pmnonmm.dll
C:\windows\system32\pmnonmm.dll Has been deleted!

Performing Repairs to the registry.
Done!
 
oh really im so sorry i really am so new to all this, im thinkng maybe as its pretty much a new build would it be easier to just do a fresh install of xp and so on? Again im sorry i was trying to help out if anyone decided to help out by providing all the info and so on :oops:
 
Hello.

No problem, but if members waiting for assistance do not post in the Waiting Room, their topic is archived.

If you need it re-opened, please send me a private message (pm) and provide a link back to your thread. :)
 
You must log in or register to reply here.
Back
Top