PDA

View Full Version : help please



helpmeplease11
2009-02-04, 14:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:49 PM, on 24/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Temp\RecoverFromReboot.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\AOL\1161144719\ee\aolsoftware.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Documents and Settings\dyne\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\dyne\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\dyne\Application Data\Microsoft\Windows\thxtc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\VnrPack\VnrPack22.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dyne\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: {a2865e88-ead9-8d6b-2c14-6f2dc8cf8a25} - {52a8fc8c-d2f6-41c2-b6d8-9dae88e5682a} - C:\WINDOWS\system32\zsgykm.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: (no name) - {fd1ff822-5c15-4a3c-ba9d-3016d5986bc3} - C:\WINDOWS\system32\wamejawe.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TELUS] D:\Install\TELUS.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [hojirisuvu] Rundll32.exe "C:\WINDOWS\system32\buvoyaki.dll",s
O4 - HKLM\..\Run: [CPM032286e1] Rundll32.exe "c:\windows\system32\zakisohi.dll",a
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\dyne\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\dyne\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [[gD2nH5IH] C:\Documents and Settings\dyne\Application Data\Microsoft\Windows\thxtc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VnrPack22] "C:\Program Files\VnrPack\VnrPack22.exe"
O4 - HKUS\S-1-5-19\..\Run: [hojirisuvu] Rundll32.exe "C:\WINDOWS\system32\buvoyaki.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hojirisuvu] Rundll32.exe "C:\WINDOWS\system32\buvoyaki.dll",s (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com...n/preview.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?be04b29a26e6404ea7905bdbe380ebae
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?be04b29a26e6404ea7905bdbe380ebae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159696063703
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\jowuhese.dll c:\windows\system32\zakisohi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zakisohi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zakisohi.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13640 bytes


Here's the log I got from the hijackthis program. Please help me remove the malware infection I have.

ken545
2009-02-07, 16:45
Hello helpmeplease11,

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


Replying to your own topic makes it look like you are being helped and your post is passed over. Just reply to this thread only and do not start any new topics.




You have some severe infections on this computer :lip: You also have Two Anti Virus programs running, not recommended, they will really suck up system resources and slow your system down, its best to have just one, keep it updated and run a scan about once aweek. We will address this later when your system is more stable.



Internet Explorer is needed to run this program properly.
Download: DelDomains (http://mvps.org/winhelp2002/DelDomains.inf) and save it to the desktop.

Close all open windows and your browser
Right Click DelDomains.inf and select > Install
Reboot your computer






Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

helpmeplease11
2009-02-07, 18:39
ComboFix 09-02-06.04 - dyne 2009-02-07 8:13:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.612 [GMT -8:00]
Running from: c:\documents and settings\dyne\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\dyne\Application Data\SpeedRunner
c:\documents and settings\dyne\Application Data\SpeedRunner\SpeedRunner.exe
c:\documents and settings\dyne\Application Data\SpeedRunner\SRUninstall.exe
c:\documents and settings\dyne\Local Settings\Temporary Internet Files\CPV.stt
c:\windows\system32\atmtd.dll.tmp
c:\windows\system32\loyuwisa.dll.tmp
c:\windows\system32\lumuheze.dll
c:\windows\system32\lupanila.dll
c:\windows\system32\mesekaho.dll
c:\windows\system32\midinuro.dll
c:\windows\system32\mifaluyo.dll
c:\windows\system32\momapg.dll
c:\windows\system32\namiviko.dll.tmp
c:\windows\system32\noturoya.dll
c:\windows\system32\nugebini.dll
c:\windows\system32\nuvupino.dll.tmp
c:\windows\system32\obekopup.ini
c:\windows\system32\obunogok.ini
c:\windows\system32\odokarap.ini
c:\windows\system32\olopukuv.ini
c:\windows\system32\opnolkLe.dll
c:\windows\system32\osatenoy.ini
c:\windows\system32\osumozup.ini
c:\windows\system32\ovolubek.ini
c:\windows\system32\oyomoyem.ini
c:\windows\system32\paletigi.dll
c:\windows\system32\pamuzuwa.dll
c:\windows\system32\pegojehe.dll
c:\windows\system32\penonoge.dll.tmp
c:\windows\system32\peyaweto.dll
c:\windows\system32\peyeduli.dll
c:\windows\system32\peyubisu.dll
c:\windows\system32\riribora.dll
c:\windows\system32\rivimota.dll.tmp
c:\windows\system32\ropadugi.dll
c:\windows\system32\sepowumu.dll
c:\windows\system32\sikemaha.dll
c:\windows\system32\sohizaji.dll
c:\windows\system32\subiwumu.dll.tmp
c:\windows\system32\tajavota.dll
c:\windows\system32\tobigulu.dll.tmp
c:\windows\system32\tukeriri.dll
c:\windows\system32\ubumazek.ini
c:\windows\system32\udayihis.ini
c:\windows\system32\udifuheg.ini
c:\windows\system32\ufesokej.ini
c:\windows\system32\ufohiluy.ini
c:\windows\system32\uhafatog.ini
c:\windows\system32\uhahevez.ini
c:\windows\system32\ujiyowen.ini
c:\windows\system32\ujpvqdkway.dll
c:\windows\system32\umeditok.ini
c:\windows\system32\umuwopes.ini
c:\windows\system32\uneyuzel.ini
c:\windows\system32\unosawap.ini
c:\windows\system32\upodiper.ini
c:\windows\system32\upunedus.ini
c:\windows\system32\usibuyep.ini
c:\windows\system32\usohiroh.ini
c:\windows\system32\uwivitas.ini
c:\windows\system32\uyayagaz.ini
c:\windows\system32\uyeyotij.ini
c:\windows\system32\vatotosa.dll
c:\windows\system32\vepuheni.dll
c:\windows\system32\vigajero.dll.tmp
c:\windows\system32\vovideli.dll
c:\windows\system32\vurosuju.dll
c:\windows\system32\vuzofafu.dll.tmp
c:\windows\system32\wakepule.dll
c:\windows\system32\waltez.dll
c:\windows\system32\wamejawe.dll
c:\windows\system32\wamejulu.dll
c:\windows\system32\wenunuve.dll
c:\windows\system32\wihagegu.dll.tmp
c:\windows\system32\wosarako.dll
c:\windows\system32\wosomupo.dll.tmp
c:\windows\system32\wotozaso.dll
c:\windows\system32\wutilowu.dll
c:\windows\system32\wuvotifa.dll
c:\windows\system32\xxyaaATm.dll
c:\windows\system32\xxyWNGwt.dll
c:\windows\system32\ydgchu.dll
c:\windows\system32\yonetaso.dll
c:\windows\system32\yosimanu.dll
c:\windows\system32\yoyamama.dll
c:\windows\system32\yuhodose.dll
c:\windows\system32\yuterahi.dll
c:\windows\system32\zahasila.dll.tmp
c:\windows\system32\zakisohi.dll
c:\windows\system32\zidoyowi.dll
c:\windows\system32\zikiweye.dll.tmp
c:\windows\system32\zsgykm.dll
c:\windows\VHJldm9yIFRocnVzc2VsbA\
c:\windows\VHJldm9yIFRocnVzc2VsbA\\asappsrv.dll.vir
c:\windows\VHJldm9yIFRocnVzc2VsbA\\command.exe
c:\windows\VHJldm9yIFRocnVzc2VsbA\\pJL5xA6VKIlCwBpWwZpPvE.vbs
c:\windows\VHJldm9yIFRocnVzc2VsbA\command.exe
.
---- Previous Run -------
.
c:\documents and settings\dyne\Application Data\gadcom
c:\documents and settings\dyne\Application Data\gadcom\gadcom.exe
c:\documents and settings\dyne\Application Data\GetModule
c:\documents and settings\dyne\Application Data\GetModule\dicik.gz
c:\documents and settings\dyne\Application Data\GetModule\kwdik.gz
c:\documents and settings\dyne\Application Data\GetModule\ofadik.gz
c:\documents and settings\dyne\Application Data\SpeedRunner\config.cfg
c:\documents and settings\dyne\Application Data\SpeedRunner\SRUninstall.exe
c:\documents and settings\dyne\Application Data\twain\Twain.exe
c:\documents and settings\dyne\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\dyne\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\dyne\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\program files\GetModule
c:\program files\GetModule\GetModule36.exe
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\Mozilla Firefox\plugins\NPNd2fn.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2PLUGIN.DLL
c:\program files\Need2Find\bar\1.bin\ND2FNBAR.DLL
c:\program files\Need2Find\bar\1.bin\NPND2FN.DLL
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\00034DB4
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\network monitor
c:\program files\network monitor\netmon.exe
c:\program files\VnrPack
c:\program files\VnrPack\dicts.gz
c:\program files\VnrPack\trgts.gz
c:\program files\VnrPack\VnrPack22.exe
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\atmtd.dll
c:\windows\system32\atmtd.dll._
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaawfonfcv.sys
c:\windows\system32\drivers\tdssserv.sys
c:\windows\system32\prunnet.exe
c:\windows\system32\senekalog.dat
c:\windows\system32\senekawbcderlf.dll
c:\windows\uninstall_nmon.vbs
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://auj+|Cv+@J:NGD_DQ{ztHG.XpxOha!4Grdl0.S-1-5-21-1343024091-1659004503-725345543-1004XtD$?PWfb;+? PWfb;+PWfb;+6VwoQZCDHM6VwoQZCDHMXX"~-r1.#~" m
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-07 08:27 . 2009-02-07 08:27 <DIR> d-------- c:\windows\LastGood
2009-02-07 07:13 . 2009-02-07 07:13 0 --a------ c:\windows\LCDMedia.INI
2009-02-07 06:23 . 2009-02-07 06:23 85,637 --a------ c:\windows\system32\462303cf-3f23-1e58-e060-36175d788513.exe
2009-02-07 06:23 . 2009-02-07 06:23 48,266 --a------ c:\windows\system32\gnkrkzeujzwwk.exe
2009-02-05 12:41 . 2009-02-05 12:41 674,816 --a------ c:\windows\system32\nsnB.dll
2009-02-02 05:25 . 2009-02-02 05:25 3,748 ---hs---- c:\windows\system32\visoboja.exe
2009-01-25 00:01 . 2009-01-25 00:01 17,574 ---hs---- c:\windows\system32\mowogova.exe
2009-01-24 23:17 . 2009-01-24 23:17 <DIR> d-------- c:\program files\ERUNT
2009-01-13 22:13 . 2009-01-13 22:13 58,211,519 --a--c--- C:\[DB]_Bleach_200_[471CAF14].avi.AVI.zip
2009-01-13 22:12 . 2009-01-13 22:12 60,285,110 --a--c--- C:\[DB]_Bleach_202_[66E986B7].avi.AVI.zip
2009-01-13 20:49 . 2009-01-13 21:07 60,746,236 --a--c--- C:\[DB]_Bleach_200_[471CAF14].avi.AVI.MP4
2009-01-13 20:30 . 2009-01-13 20:49 63,201,142 --a--c--- C:\[DB]_Bleach_202_[66E986B7].avi.AVI.MP4
2009-01-13 19:15 . 2009-01-13 20:09 106,660,532 --a--c--- C:\[DB]_Bleach_200_[471CAF14].avi.AVI
2009-01-13 16:47 . 2009-01-13 16:47 60,953,036 --a--c--- C:\[DB]_Bleach_192_[A547C79F].zip
2009-01-13 16:47 . 2009-01-13 16:47 59,543,578 --a--c--- C:\[DB]_Bleach_193_[3FED26F4].zip
2009-01-13 16:46 . 2009-01-13 16:46 61,622,771 --a--c--- C:\[DB]_Bleach_201_[CD034D62].zip
2009-01-13 16:46 . 2009-01-13 16:46 55,750,395 --a--c--- C:\[DB]_Bleach_198_[9D926009].zip
2009-01-13 16:46 . 2009-01-13 16:46 51,553,319 --a--c--- C:\[DB]_Bleach_199_[5F9A5050].zip
2009-01-13 16:46 . 2009-01-13 16:46 51,541,066 --a--c--- C:\[DB]_Bleach_197_[6578B411].zip
2009-01-13 16:45 . 2009-01-13 16:45 55,537,213 --a--c--- C:\[DB]_Bleach_196_[3FDE9706].zip
2009-01-13 16:02 . 2009-01-13 16:21 61,874,367 --a--c--- C:\[DB]_Bleach_193_[3FED26F4].MP4
2009-01-13 15:43 . 2009-01-13 16:02 63,542,524 --a--c--- C:\[DB]_Bleach_192_[A547C79F].MP4
2009-01-13 15:25 . 2009-01-13 15:43 64,096,145 --a--c--- C:\[DB]_Bleach_201_[CD034D62].MP4
2009-01-13 15:07 . 2009-01-13 15:25 53,920,544 --a--c--- C:\[DB]_Bleach_199_[5F9A5050].MP4
2009-01-13 14:49 . 2009-01-13 15:07 58,343,311 --a--c--- C:\[DB]_Bleach_198_[9D926009].MP4
2009-01-13 14:30 . 2009-01-13 14:49 54,851,785 --a--c--- C:\[DB]_Bleach_197_[6578B411].MP4
2009-01-13 14:13 . 2009-01-13 14:30 58,181,833 --a--c--- C:\[DB]_Bleach_196_[3FDE9706].MP4
2009-01-13 06:09 . 2009-01-13 07:00 105,977,752 --a--c--- C:\[DB]_Bleach_201_[CD034D62].avi.AVI
2009-01-13 05:22 . 2009-01-13 06:09 96,124,238 --a--c--- C:\[DB]_Bleach_199_[5F9A5050].avi.AVI
2009-01-13 04:30 . 2009-01-13 05:22 105,472,776 --a--c--- C:\[DB]_Bleach_198_[9D926009].avi.AVI
2009-01-13 02:22 . 2009-01-13 03:22 99,404,622 --a--c--- C:\[DB]_Bleach_197_[6578B411].avi.AVI
2009-01-13 01:28 . 2009-01-13 02:22 104,523,962 --a--c--- C:\[DB]_Bleach_193_[3FED26F4].avi.AVI
2009-01-13 00:35 . 2009-01-13 01:28 104,607,218 --a--c--- C:\[DB]_Bleach_196_[3FDE9706].avi.AVI
2009-01-12 23:38 . 2009-01-13 00:34 107,682,390 --a--c--- C:\[DB]_Bleach_192_[A547C79F].avi.AVI
2009-01-10 14:35 . 2009-01-11 02:03 6,099,695 --a--c--- C:\smap.tmp0
2009-01-10 14:35 . 2009-01-11 02:03 3,539,695 --a--c--- C:\smsk.tmp0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 16:16 --------- d-----w c:\program files\Webtools
2009-02-07 15:46 --------- d-----w c:\documents and settings\dyne\Application Data\Twain
2009-01-22 12:29 --------- d-----w c:\documents and settings\dyne\Application Data\Skype
2009-01-22 12:24 --------- d-----w c:\documents and settings\dyne\Application Data\skypePM
2009-01-15 10:06 --------- dc----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-01-03 08:02 --------- d-----w c:\program files\e-Games
2008-12-27 02:37 --------- d-----w c:\documents and settings\dyne\Application Data\.purple
2008-11-20 15:31 54,189,122 -c--a-w C:\[DB]_Bleach_195_[B9E1F112].zip
2008-11-12 14:37 49,072,266 -c--a-w C:\bleach-mp4_194db.zip
2009-02-05 20:41 678,400 ----a-w c:\program files\mozilla firefox\components\1d511261-44fc-0baa-26ee-0171314d0d8a.dll
2008-12-20 05:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 05:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 05:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 05:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 05:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2006-01-07 09:45 103,212 --sha-w c:\windows\system32\lipemeye.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-09-25 21:58 76,800 --sha-w c:\windows\system32\yovusago.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3055ef82-26de-dfa9-cc37-d61ff1974d50}]
2009-02-05 12:41 674816 --a------ c:\windows\system32\nsnB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2007-01-04 112336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2005-11-02 1110079]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2005-11-02 188928]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-03-29 233512]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-26 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^dyne^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\dyne\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 08:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-10-22 00:37 897024 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 16:24 50760 c:\program files\Common Files\AOL\1161144719\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 17:19 21741864 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 13:48 479232 c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 02:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Steam\\SteamApps\\_gantzer_\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161144719\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161144719\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\_gantzer_\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\D-Link\\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\\wirelesscm.exe"=
"c:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"c:\\Program Files\\Scintilla Text Editor\\SciTE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe"=
"c:\\Documents and Settings\\dyne\\Desktop\\HiJackThis.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-17 24652]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-03-13 55840]
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2009-02-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-01-03 c:\windows\Tasks\Norton AntiVirus - Scan my computer - dyne.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{52a8fc8c-d2f6-41c2-b6d8-9dae88e5682a} - c:\windows\system32\zsgykm.dll
BHO-{A8863662-2590-674B-55BE-4BF81D40027F} - c:\windows\system32\ujpvqdkway.dll
BHO-{fd1ff822-5c15-4a3c-ba9d-3016d5986bc3} - c:\windows\system32\wamejawe.dll
HKCU-Run-VnrPack22 - c:\program files\VnrPack\VnrPack22.exe
HKCU-Run-GetModule36 - c:\program files\GetModule\GetModule36.exe
HKLM-Run-TELUS - d:\install\TELUS.exe
HKLM-Run-hojirisuvu - c:\windows\system32\buvoyaki.dll
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?be04b29a26e6404ea7905bdbe380ebae
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?be04b29a26e6404ea7905bdbe380ebae
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - hxxp://www.sayatv.com/download/SayaTV.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 08:27:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\LastGood

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
c:\windows\system32\wscntfy.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Messenger\msmsgs.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-02-07 8:35:40 - machine was rebooted [dyne]
ComboFix-quarantined-files.txt 2009-02-07 16:35:37

Pre-Run: 14,091,476,992 bytes free
Post-Run: 163,455,352,832 bytes free

413 --- E O F --- 2008-11-12 06:04:05


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:53 AM, on 07/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\AOL\1161144719\ee\aolsoftware.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dyne\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: worldadmarketplace - {3055ef82-26de-dfa9-cc37-d61ff1974d50} - C:\WINDOWS\system32\nsnB.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?be04b29a26e6404ea7905bdbe380ebae
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?be04b29a26e6404ea7905bdbe380ebae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159696063703
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11228 bytes


here are both logs

ken545
2009-02-07, 20:26
Hello,

No need to quote the reports, just copy and paste them in.


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: worldadmarketplace - {3055ef82-26de-dfa9-cc37-d61ff1974d50} - C:\WINDOWS\system32\nsnB.dll

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.


You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see.

c:\windows\system32\462303cf-3f23-1e58-e060-36175d788513.exe
c:\windows\system32\gnkrkzeujzwwk.exe
c:\windows\system32\visoboja.exe
c:\windows\system32\mowogova.exe






Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.

helpmeplease11
2009-02-07, 22:47
Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.07 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.07 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.07 -
Comodo 969 2009.02.07 -
DrWeb 4.44.0.09170 2009.02.07 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.07 -
Fortinet 3.117.0.0 2009.02.07 -
GData 19 2009.02.07 -
Ikarus T3.1.1.45.0 2009.02.07 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.07 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.06 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.07 -
Panda 9.5.1.2 2009.02.07 -
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.07 Cloaked Malware
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.07 -
Sophos 4.38.0 2009.02.07 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.07 -
TheHacker 6.3.1.5.248 2009.02.07 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.07 -
Additional information
File size: 85637 bytes
MD5...: cc58c9aed42f3bb323ac85fd2f6d437b
SHA1..: f10872bf7885890716d89ca776116b89895a65e6
SHA256: c0b21801b77e2e1d271e3d741e796631225f432c4cfa8eba0a786c7438a69cfb
SHA512: 0f7b8f5675a78e6aa3d67e356a475917471315aad27ef066e0320365ac0462ba
15698a25797ab7135540521c0f5e6a4973335b98d09f8f58dfb2713ef887858b
ssdeep: 1536:5u4EQalMK/ewGnh0mJNZ+vH3fz0eZqF1ZQCgHkorv8qFDGayOdf4N6:5Nya
h0mJqgeZ23xrob8Ea1OWN6
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3225
timedatestamp.....: 0x48efcdc9 (Fri Oct 10 21:48:57 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5976 0x5a00 6.47 335c19bb25cd1d02eec2b0a4eacb979c
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.69 59710519e577598f785044e4d95261f4
.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2f000 0x7d8 0x800 4.29 68b3d02c23844000b5aa5e3fda2096ff

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=8BBFD99785C3D6E04E1501CEBA529500C2438BAF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=8BBFD99785C3D6E04E1501CEBA529500C2438BAF</a>



File visoboja.exe received on 02.07.2009 21:43:39 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 42 and 60 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.06 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.07 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.07 -
Comodo 969 2009.02.07 -
DrWeb 4.44.0.09170 2009.02.07 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.06 -
F-Secure 8.0.14470.0 2009.02.07 -
Fortinet 3.117.0.0 2009.02.07 -
GData 19 2009.02.07 -
Ikarus T3.1.1.45.0 2009.02.07 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.07 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5517 2009.02.06 -
Microsoft 1.4306 2009.02.06 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.07 -
Panda 9.5.1.2 2009.02.07 -
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.07 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.07 -
Sophos 4.38.0 2009.02.07 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.07 -
TheHacker 6.3.1.5.248 2009.02.07 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.07 -
Additional information
File size: 3748 bytes
MD5...: 89f2acfa09f64c900885324d263fb828
SHA1..: 4292b84199200ced43d1086ea3d7b444270456c3
SHA256: 40a327be1e0cae438da4c0c4b7cbdd27904f426b927786567b3ee288e4f7c8dd
SHA512: 69c63705ee94a103c1ceae06823d8deac863bd548fedb8405ed99f917168dca9
06a8270560a1f6f0a212133f343e049cadaa541d4477bb06a6267a65b2a14b4b
ssdeep: 96:Ip006k0mVfH5Ve/kBJoFLafbXTKbeXgi67aK:IGE5Z0/QoFufbX+/X
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -


File mowogova.exe received on 02.07.2009 21:46:04 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.07 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.07 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.07 -
Comodo 969 2009.02.07 -
DrWeb 4.44.0.09170 2009.02.07 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.07 -
Fortinet 3.117.0.0 2009.02.07 -
GData 19 2009.02.07 -
Ikarus T3.1.1.45.0 2009.02.07 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.07 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.06 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.07 -
Panda 9.5.1.2 2009.02.07 -
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.07 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.07 -
Sophos 4.38.0 2009.02.07 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.07 -
TheHacker 6.3.1.5.248 2009.02.07 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.07 -
Additional information
File size: 17574 bytes
MD5...: a7cb13c0606c19a8270fdfb530d3370c
SHA1..: d715f823d904a983df5e885f2ec36ebb3f9b0648
SHA256: bc42aa0aefd348cc43408d447adadcd1fd961c0dca38a5633e1a3a81d02c1621
SHA512: b27088dd8023b5fb4be8fadd77ebd39cd59062cc349d92363228d068f26b2d07
28779a5b640aa64f0dada6592af0100d3898f49a8397c06ad7156f4210b46994
ssdeep: 384:raE/iBSoguikCg3tMbIOU7jToeFkNZfZvpjGiykX5k5JFxCIeLo9qVG:B8So
guik3tMbIOU7jToeFkZfZ8kX5k51
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -

helpmeplease11
2009-02-07, 22:50
File 462303cf-3f23-1e58-e060-36175d788 received on 02.07.2009 21:40:21 (CET)
Current status: finished
Result: 1/39 (2.56%)
Compact Compact
Print results Print results
this is for the first one

ken545
2009-02-08, 01:14
I suspect those files are ok, but if you can submit another one and then run ATF Cleaner and Malwarebytes

ken545
2009-02-14, 11:40
Due to inactivity, this thread will now be closed.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.