virtumundo, trojans, not sure exactly!

DDS (Version 1.1.0) - NTFSx86
Run by JettyServer at 18:54:58.31 on Thu 01/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1168 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYSTEM~1\WScheduler.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SYSTEM~1\WService.exe
C:\PROGRA~1\SYSTEM~1\WScheduler.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\PROGRA~1\SYSTEM~1\WSLogon.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\OgQbHs8FGa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JettyServer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/a/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {b4b30d86-b8be-4436-95bf-19d9253a7036} - c:\windows\system32\yunetoka.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WScheduler] c:\progra~1\system~1\WScheduler.exe /LOGON
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Symantec Backup Exec System Recovery 7.0] "c:\program files\symantec\backup exec system recovery\agent\VProTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [ReceiveUtility] c:\program files\hp\hp laserjet m1319 mfp series\ReceiveFaxUtility.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CPM1f3df826] Rundll32.exe "c:\windows\system32\galotupu.dll",a
mRun: [1c0ecbba] rundll32.exe "c:\windows\system32\howozoro.dll",b
mRun: [vubogasuje] Rundll32.exe "c:\windows\system32\lenomejo.dll",s
mRunOnce: [SpybotDeletingA5398] command /c del "c:\windows\system32\yiyawefo.dll_old"
mRunOnce: [SpybotDeletingC6742] cmd /c del "c:\windows\system32\yiyawefo.dll_old"
mRunOnce: [SpybotDeletingA3728] command /c del "c:\windows\system32\lenomejo.dll_old"
mRunOnce: [SpybotDeletingC3838] cmd /c del "c:\windows\system32\lenomejo.dll_old"
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: myprepaidrefill.com\www
TCP: {80C9E862-5E58-44B5-ADBB-9196CEABEC8B} = 192.168.2.1,4.2.2.2
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: c:\windows\system32\wepuzuja.dll c:\windows\system32\galotupu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\galotupu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\galotupu.dll
LSA: Notification Packages = scecli c:\windows\system32\wepuzuja.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jettys~1\applic~1\mozilla\firefox\profiles\2x1hvg9q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\jettyserver\application data\mozilla\firefox\profiles\2x1hvg9q.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\jettyserver\application data\mozilla\firefox\profiles\2x1hvg9q.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-4-5 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-4-5 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-4-5 27776]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-12-18 3968]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-4-5 10760]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\aw_host5.sys [2007-3-30 18232]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\awlegacy.sys [2007-3-30 17848]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-4-5 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-4-5 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-4-5 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-4-5 4960]
R2 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files\symantec\backup exec system recovery\agent\VProSvc.exe [2007-10-5 3372384]
R2 WindowsScheduler;System Scheduler Service;c:\progra~1\system~1\WService.exe [2006-8-17 13312]
R2 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\system~1\WSLogon.exe [2006-8-17 52224]
R3 HP1319EWS;HP1319EWS;c:\windows\system32\drivers\HP1319EWS.SYS [2008-9-30 10752]
R3 HP1319FX;HP1319FX;c:\windows\system32\drivers\HP1319FAX.SYS [2008-9-30 11264]
S3 awhost32;Symantec pcAnywhere Host Service;"c:\program files\symantec\pcanywhere\awhost32.exe" [2007-5-11 132728]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-3-18 24652]

=============== Created Last 30 ================

2009-01-01 15:56 <DIR> --d----- C:\ComboFix
2009-01-01 10:13 153 a------- c:\windows\wininit.ini
2009-01-01 10:01 120 ---sh--- c:\windows\system32\orozowoh.ini
2008-12-31 22:01 120 ---sh--- c:\windows\system32\awewidad.ini
2008-12-18 17:46 161,792 a------- c:\windows\SWREG.exe
2008-12-18 17:46 98,816 a------- c:\windows\sed.exe
2008-12-18 17:29 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2008-12-18 14:44 <DIR> --d----- c:\program files\Trend Micro
2008-12-18 14:02 <DIR> --d----- c:\docume~1\jettys~1\applic~1\Malwarebytes
2008-12-18 14:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-18 14:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 14:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 14:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-18 13:56 0 a------- C:\backup.reg
2008-12-18 13:56 135,168 a------- C:\zip.exe
2008-12-18 13:56 19,286 a------- C:\cleanup.exe
2008-12-18 13:56 574 a------- C:\cleanup.bat
2008-12-18 12:03 <DIR> --d----- C:\VundoFix Backups
2008-12-18 11:55 <DIR> --d----- C:\unzipped
2008-12-18 11:44 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2008-12-18 11:07 <DIR> --d----- c:\program files\NoVirusThanks.org
2008-12-16 13:43 <DIR> --d-hr-- C:\$VAULT$.AVG

==================== Find3M ====================

2009-01-01 10:01 100,706 a--sh--- c:\windows\system32\galotupu.dll
2009-01-01 10:01 83,753 a--sh--- c:\windows\system32\howozoro.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-14 17:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-04-05 10:02 35,960,792 a------- c:\program files\avg75free_519a1276.exe
2008-03-28 10:32 3,902,784 a------- c:\documents and settings\jettyserver\gosetup.exe
0000-00-00 00:00 61,135 a--sh--- c:\windows\system32\lizoneho.dll
0000-00-00 00:00 61,135 a--sh--- c:\windows\system32\wodekife.dll

============= FINISH: 18:55:17.56 ===============

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic