virus - posts of combo fix and hijack logs .. help me anyone =S ?

hello there..first of all thanks for taking the time to read this, and if you can help it'd mean the world to me..i'm helping a friend fix her laptop, i've googled the problem and seems to me that 2 people already have already posted the same problem..but as member 2oldGeek said, no 2 are alike..so hopefully someone can point out what the problem with the laptop is..

much like laxos and freesias, the laptop has a virus that makes IE open up to webpage http://85.12.43.75/tst20.html and i've ran AVG etc and shows 2 dll files infected.. they are the

also, reading those posts..i've downloaded combo fix, hijack and aft cleaner..ran the scans and and here are the results

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06, on 2008-09-15
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\dumbumchum\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - B:\AVG\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] B:\AVG\avgtray.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O13 - Gopher Prefix:
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - B:\AVG\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\system32\__c00269F8.dat,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - B:\AVG\avgwdsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\Windows\system32\bmwebcfg.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9382 bytes


thanks to whoever can fix this problem for me (for my friend) (=

much love
-matt

 

and for combo fix

ComboFix 08-09-14.02 - dumbumchum 2008-09-15 19:57:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1150 [GMT 10:00]
Running from: C:\Users\dumbumchum\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ShoppingReport
C:\Windows\system32\__c003A4C4.dat
C:\Windows\system32\__c007142A.dat
C:\Windows\system32\bnlhosbx.dll
C:\Windows\system32\dxexwwhf.ini
C:\Windows\system32\ggmydx.dll
C:\Windows\system32\gOXwvyxx.ini
C:\Windows\System32\gOXwvyxx.ini2
C:\Windows\system32\hryyor.dll
C:\Windows\system32\huqywduk.dll
C:\Windows\system32\hwxtwouw.dll
C:\Windows\system32\icjquiii.dll
C:\Windows\system32\jzpcme.dll
C:\Windows\system32\kytvxvmj.dll
C:\Windows\System32\lmUEgNpo.ini
C:\Windows\System32\lmUEgNpo.ini2
C:\Windows\System32\maknpjec.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\nivdbuom.dll
C:\Windows\system32\opNgEUml.dll
C:\Windows\system32\oqwuqlqx.dll
C:\Windows\System32\qAHjPXbc.ini
C:\Windows\System32\qAHjPXbc.ini2
C:\Windows\system32\ruigjofq.dll
C:\Windows\system32\urfjbgsa.dll
C:\Windows\system32\urrfru.dll
C:\Windows\system32\x64
C:\Windows\System32\xbsohlnb.ini
C:\Windows\system32\yxajowdf.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-15 18:53 . 2008-09-15 19:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-15 18:09 . 2008-09-15 18:50 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-15 18:09 . 2008-09-15 18:09 <DIR> d-------- C:\Program Files\AVG
2008-09-15 18:09 . 2008-09-15 18:09 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-15 18:09 . 2008-09-15 18:09 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-15 17:54 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-15 17:54 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-15 17:54 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-15 17:54 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-15 17:54 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-15 17:54 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-15 17:32 . 2008-09-15 20:03 272,496,745 --a------ C:\Windows\MEMORY.DMP
2008-09-09 15:15 . 2008-09-09 15:15 58,600 ---hs---- C:\Windows\System32\oqtaooqr.ini
2008-09-07 18:46 . 2008-09-07 18:46 58,600 ---hs---- C:\Windows\System32\urffeckw.ini
2008-09-06 00:03 . 2008-09-06 00:03 <DIR> d-------- C:\Program Files\AMUST
2008-09-06 00:03 . 2008-04-16 14:24 165,368 --a------ C:\Windows\System32\RegCompact.dll
2008-09-05 23:34 . 2008-09-05 23:34 <DIR> d-------- C:\Users\dumbumchum\AppData\Roaming\Uniblue
2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Program Files\Uniblue
2008-09-05 23:32 . 2008-09-05 23:33 <DIR> d--h-c--- C:\Users\All Users\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-05 23:32 . 2008-09-05 23:33 <DIR> d--h-c--- C:\ProgramData\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-05 01:15 . 2008-09-05 01:15 0 --a------ C:\Windows\nsreg.dat
2008-09-05 00:58 . 2008-09-05 00:58 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-05 00:50 . 2008-09-15 18:09 <DIR> d-------- C:\Users\All Users\Avg8
2008-09-05 00:50 . 2008-09-15 18:09 <DIR> d-------- C:\ProgramData\Avg8
2008-09-02 08:19 . 2008-09-02 08:19 <DIR> d-------- C:\Update
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-09-01 14:15 . 2008-09-01 14:15 104,960 --a------ C:\Windows\System32\jmorzg.dll
2008-09-01 11:06 . 2008-09-01 11:06 104,960 --a------ C:\Windows\System32\bgmjpz.dll
2008-09-01 09:18 . 2008-09-01 17:49 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-31 12:14 . 2008-09-01 18:47 <DIR> d-------- C:\Windows\System32\wTR02
2008-08-31 12:14 . 2008-08-31 12:14 <DIR> d-------- C:\Temp\dax41
2008-08-31 12:14 . 2008-08-31 12:15 <DIR> d-------- C:\Temp
2008-08-29 20:52 . 2008-08-29 20:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-29 20:52 . 2008-08-29 20:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-28 18:32 . 2008-07-19 15:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-28 18:32 . 2008-07-19 13:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-28 18:32 . 2008-07-19 15:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-28 18:32 . 2008-07-19 15:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-28 18:31 . 2008-07-19 15:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-28 18:31 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-28 18:31 . 2008-07-19 13:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-28 18:31 . 2008-07-19 15:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-28 18:31 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-15 00:09 . 2008-07-16 11:32 2,048 --a------ C:\Windows\System32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 08:32 --------- d-----w C:\ProgramData\Vodafone
2008-09-15 07:17 --------- d-----w C:\Program Files\DivX
2008-09-15 07:16 --------- d-----w C:\ProgramData\~0
2008-09-15 07:16 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-08-14 14:51 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 14:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-11 09:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-02 04:40 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 04:31 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 04:31 --------- d-----w C:\Program Files\Windows Calendar
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Journal
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Defender
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-02 03:25 --------- d-----w C:\Program Files\Java
2008-08-02 03:13 --------- d-----w C:\Users\dumbumchum\AppData\Roaming\DivX
2008-07-31 16:01 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-31 16:00 --------- d-----w C:\Users\dumbumchum\AppData\Roaming\Yahoo!
2008-07-31 16:00 --------- d-----w C:\Program Files\Yahoo!
2008-07-31 04:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-31 03:52 --------- d-----w C:\ProgramData\Symantec
2008-07-20 15:17 --------- d-----w C:\ProgramData\Sony Corporation
2008-07-15 08:22 --------- d-----w C:\Users\dumbumchum\AppData\Roaming\InterVideo
2008-06-16 11:29 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-16 11:29 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-16 11:29 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-16 11:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [2007-07-13 3383296]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-20 311296]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-11 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="B:\AVG\avgtray.exe" [2008-09-15 1235736]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 C:\Windows\RtHDVCpl.exe]

C:\Users\dumbumchum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-06-02 49152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-31 748072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 14:05 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\system32\__c00269F8.dat,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04FEFD66-76F2-4B54-8AFA-874F90AF586A}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{AED33717-3A5F-406A-BC77-1F92AD53D48F}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{71CA2010-4681-4FE4-AC1D-2D8CD8AA253F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F62C0DC-A37C-46BC-B093-8A8C3B3F328B}"= UDP:B:\Program Files\AVG7\avginet.exe:avginet.exe
"{81B34004-6BC9-4ABD-B2AC-C9EB861CBFC8}"= TCP:B:\Program Files\AVG7\avginet.exe:avginet.exe
"{3FB71EA3-743C-4B61-912B-19AD8CA80A27}"= UDP:B:\Program Files\AVG7\avgamsvr.exe:avgamsvr.exe
"{24219DF8-4D79-46FC-9C5F-92C1A307D7CC}"= TCP:B:\Program Files\AVG7\avgamsvr.exe:avgamsvr.exe
"{6365A206-ADC1-460C-B56E-699BD1F3AD0C}"= UDP:B:\Program Files\AVG7\avgcc.exe:avgcc.exe
"{E3AA2D5C-2939-4266-94ED-9B25B04DD7E0}"= TCP:B:\Program Files\AVG7\avgcc.exe:avgcc.exe
"{1FA491E2-9E27-4E38-A71B-E12AF8B6193A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7573946C-B8D6-4DD3-AC26-491CE6ED0EE8}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45372234-5E07-42C0-B112-FCCB77326F86}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99EAB408-CF6C-41C6-A7F5-4EAAE4D09796}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7FE609DF-96B1-4CB2-AD0B-D64656D8B615}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{65A3EA21-7AE7-4B9C-B981-E0A75C1A68B9}"= B:\AVG\avgupd.exe:avgupd.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R2 avg8wd;AVG Free8 WatchDog;B:\AVG\avgwdsvc.exe [2008-09-15 231704]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 uCamMonitor;CamMonitor;C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-01 125440]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-30 17920]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-19 2930176]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-17 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-17 43904]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-11-16 818688]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-11-15 81448]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-11-15 99880]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-11-15 28464]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-11-15 17448]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-06-15 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-06-15 59568]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c3706f-3c14-11dd-ac26-001a80cce91f}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a96f8356-4689-11dd-8f45-001e3d8c92b3}]
\shell\Auto\command - oxbvpen.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad268c9d-82f2-11dd-a1e6-001a80cce91f}]
\shell\AutoRun\command - G:\Autorun.exe /run
\shell\Shell00\Command - G:\Autorun.exe /run
\shell\Shell01\Command - G:\Autorun.exe /action
\shell\Shell02\Command - G:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{5b75bc9c-05ce-497c-a21a-61c5882e49bd} - C:\Windows\system32\ggmydx.dll
BHO-{986BA846-5C2F-443C-92F6-EA389F39F699} - C:\Windows\system32\opNgEUml.dll
HKCU-Run-54e199b7 - C:\Windows\system32\bnlhosbx.dll
HKCU-Run-BM57d2aa2b - C:\Windows\system32\icjquiii.dll
HKLM-Run-MSServer - C:\Windows\system32\tuvWqOEv.dll
HKLM-Run-54e199b7 - C:\Windows\system32\bnlhosbx.dll
HKLM-Run-BM57d2aa2b - C:\Windows\system32\icjquiii.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\dumbumchum\AppData\Roaming\Mozilla\Firefox\Profiles\axsm8wo5.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 20:06:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\bmwebcfg.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VCM Manager Setting\VcmMgrNotification.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
B:\AVG\avgrsx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-09-15 20:12:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-15 10:12:25

Pre-Run: 59,482,787,840 bytes free
Post-Run: 59,132,985,344 bytes free

263 --- E O F --- 2008-09-15 07:58:01

 

Hi ohttam

Some malware files are still lurking there. Before trying to clean them manually, let's see if Superantispyware will clean it up for us.

Please download Superantispyware Free and install it. Follow the prompts and reboot if required.

Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...

Configuring SuperAntispyware

• Click on Preferences.
• In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
• Navigate to the tab Scanning Control.
• Make sure only these boxes are checked:

Code:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)

• Click on Close.

Updating SuperAntispyware

• At the main window, click on Check for Updates....
• Wait for SuperAntispyware to be fully updated.

Scanning Time

• Close all browsers.
• At the main window, click on Scan your Computer....
• Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
• Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
• Reboot your computer.

Post A Log

• Launch SuperAntispyware
• Click on Preferences
• Navigate to the tab Statistics/Logs.
• Choose the latest scan log, and the click on View Log....
• Copy and paste the contents of the log here in your next post.

Best Regards

 

thanks for that cdavfrew .. however the result says theres no infections found..yet AVG still claims 2 dll files are infected..

bgmjpz.dll and jmorzg.dll

well here is the log for superantispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/17/2008 at 12:19 PM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 01:32:46

Memory items scanned : 746
Memory threats detected : 0
Registry items scanned : 8341
Registry threats detected : 0
File items scanned : 106498
File threats detected : 0

 

Hey ottham

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\Windows\System32\oqtaooqr.ini 
C:\Windows\System32\urffeckw.ini 
C:\Windows\System32\jmorzg.dll 
C:\Windows\System32\bgmjpz.dll

Save this as CFScript.txt in the same folder as ComboFix.

Then drag the CFScript.txt into Combo-Fix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

After that, please go to C:\Windows\system32 and look for a file called either __c00269F8.dat, _c00269F8.dat, or c00269F8.dat. Upload this file to www.virustotal.com. Post the results here.

Best Regards

 

hey again..i couldnt find the __c00269F8.dat, _c00269F8.dat, or c00269F8.dat file/s that you were talking about..but here is the log

ComboFix 08-09-14.02 - dumbumchum 2008-09-15 19:57:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1150 [GMT 10:00]
Running from: C:\Users\dumbumchum\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ShoppingReport
C:\Windows\system32\__c003A4C4.dat
C:\Windows\system32\__c007142A.dat
C:\Windows\system32\bnlhosbx.dll
C:\Windows\system32\dxexwwhf.ini
C:\Windows\system32\ggmydx.dll
C:\Windows\system32\gOXwvyxx.ini
C:\Windows\System32\gOXwvyxx.ini2
C:\Windows\system32\hryyor.dll
C:\Windows\system32\huqywduk.dll
C:\Windows\system32\hwxtwouw.dll
C:\Windows\system32\icjquiii.dll
C:\Windows\system32\jzpcme.dll
C:\Windows\system32\kytvxvmj.dll
C:\Windows\System32\lmUEgNpo.ini
C:\Windows\System32\lmUEgNpo.ini2
C:\Windows\System32\maknpjec.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\nivdbuom.dll
C:\Windows\system32\opNgEUml.dll
C:\Windows\system32\oqwuqlqx.dll
C:\Windows\System32\qAHjPXbc.ini
C:\Windows\System32\qAHjPXbc.ini2
C:\Windows\system32\ruigjofq.dll
C:\Windows\system32\urfjbgsa.dll
C:\Windows\system32\urrfru.dll
C:\Windows\system32\x64
C:\Windows\System32\xbsohlnb.ini
C:\Windows\system32\yxajowdf.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-15 18:53 . 2008-09-15 19:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-15 18:09 . 2008-09-15 18:50 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-15 18:09 . 2008-09-15 18:09 <DIR> d-------- C:\Program Files\AVG
2008-09-15 18:09 . 2008-09-15 18:09 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-15 18:09 . 2008-09-15 18:09 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-15 17:54 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-15 17:54 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-15 17:54 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-15 17:54 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-15 17:54 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-15 17:54 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-15 17:32 . 2008-09-15 20:03 272,496,745 --a------ C:\Windows\MEMORY.DMP
2008-09-09 15:15 . 2008-09-09 15:15 58,600 ---hs---- C:\Windows\System32\oqtaooqr.ini
2008-09-07 18:46 . 2008-09-07 18:46 58,600 ---hs---- C:\Windows\System32\urffeckw.ini
2008-09-06 00:03 . 2008-09-06 00:03 <DIR> d-------- C:\Program Files\AMUST
2008-09-06 00:03 . 2008-04-16 14:24 165,368 --a------ C:\Windows\System32\RegCompact.dll
2008-09-05 23:34 . 2008-09-05 23:34 <DIR> d-------- C:\Users\dumbumchum\AppData\Roaming\Uniblue
2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Program Files\Uniblue
2008-09-05 23:32 . 2008-09-05 23:33 <DIR> d--h-c--- C:\Users\All Users\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-05 23:32 . 2008-09-05 23:33 <DIR> d--h-c--- C:\ProgramData\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-05 01:15 . 2008-09-05 01:15 0 --a------ C:\Windows\nsreg.dat
2008-09-05 00:58 . 2008-09-05 00:58 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-05 00:50 . 2008-09-15 18:09 <DIR> d-------- C:\Users\All Users\Avg8
2008-09-05 00:50 . 2008-09-15 18:09 <DIR> d-------- C:\ProgramData\Avg8
2008-09-02 08:19 . 2008-09-02 08:19 <DIR> d-------- C:\Update
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-09-01 20:03 . 2008-09-01 20:03 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-09-01 14:15 . 2008-09-01 14:15 104,960 --a------ C:\Windows\System32\jmorzg.dll
2008-09-01 11:06 . 2008-09-01 11:06 104,960 --a------ C:\Windows\System32\bgmjpz.dll
2008-09-01 09:18 . 2008-09-01 17:49 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-31 12:14 . 2008-09-01 18:47 <DIR> d-------- C:\Windows\System32\wTR02
2008-08-31 12:14 . 2008-08-31 12:14 <DIR> d-------- C:\Temp\dax41
2008-08-31 12:14 . 2008-08-31 12:15 <DIR> d-------- C:\Temp
2008-08-29 20:52 . 2008-08-29 20:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-29 20:52 . 2008-08-29 20:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-28 18:32 . 2008-07-19 15:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-28 18:32 . 2008-07-19 13:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-28 18:32 . 2008-07-19 15:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-28 18:32 . 2008-07-19 15:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-28 18:31 . 2008-07-19 15:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-28 18:31 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-28 18:31 . 2008-07-19 13:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-28 18:31 . 2008-07-19 15:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-28 18:31 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-15 00:09 . 2008-07-16 11:32 2,048 --a------ C:\Windows\System32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 08:32 --------- d-----w C:\ProgramData\Vodafone
2008-09-15 07:17 --------- d-----w C:\Program Files\DivX
2008-09-15 07:16 --------- d-----w C:\ProgramData\~0
2008-09-15 07:16 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-08-14 14:51 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 14:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-11 09:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-02 04:40 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 04:31 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 04:31 --------- d-----w C:\Program Files\Windows Calendar
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Journal
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Defender
2008-08-02 04:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-02 03:25 --------- d-----w C:\Program Files\Java
2008-08-02 03:13 --------- d-----w C:\Users\dumbumchum\AppData\Roaming\DivX
2008-07-31 16:01 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-31 16:00 --------- d-----w C:\Users\dumbumchum\AppData\Roaming\Yahoo!
2008-07-31 16:00 --------- d-----w C:\Program Files\Yahoo!
2008-07-31 04:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-31 03:52 --------- d-----w C:\ProgramData\Symantec
2008-07-20 15:17 --------- d-----w C:\ProgramData\Sony Corporation
2008-07-15 08:22 --------- d-----w C:\Users\dumbumchum\AppData\Roaming\InterVideo
2008-06-16 11:29 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-16 11:29 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-16 11:29 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-16 11:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [2007-07-13 3383296]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-20 311296]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-11 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="B:\AVG\avgtray.exe" [2008-09-15 1235736]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 C:\Windows\RtHDVCpl.exe]

C:\Users\dumbumchum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-06-02 49152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-31 748072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 14:05 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\system32\__c00269F8.dat,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04FEFD66-76F2-4B54-8AFA-874F90AF586A}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{AED33717-3A5F-406A-BC77-1F92AD53D48F}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{71CA2010-4681-4FE4-AC1D-2D8CD8AA253F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F62C0DC-A37C-46BC-B093-8A8C3B3F328B}"= UDP:B:\Program Files\AVG7\avginet.exe:avginet.exe
"{81B34004-6BC9-4ABD-B2AC-C9EB861CBFC8}"= TCP:B:\Program Files\AVG7\avginet.exe:avginet.exe
"{3FB71EA3-743C-4B61-912B-19AD8CA80A27}"= UDP:B:\Program Files\AVG7\avgamsvr.exe:avgamsvr.exe
"{24219DF8-4D79-46FC-9C5F-92C1A307D7CC}"= TCP:B:\Program Files\AVG7\avgamsvr.exe:avgamsvr.exe
"{6365A206-ADC1-460C-B56E-699BD1F3AD0C}"= UDP:B:\Program Files\AVG7\avgcc.exe:avgcc.exe
"{E3AA2D5C-2939-4266-94ED-9B25B04DD7E0}"= TCP:B:\Program Files\AVG7\avgcc.exe:avgcc.exe
"{1FA491E2-9E27-4E38-A71B-E12AF8B6193A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7573946C-B8D6-4DD3-AC26-491CE6ED0EE8}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45372234-5E07-42C0-B112-FCCB77326F86}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99EAB408-CF6C-41C6-A7F5-4EAAE4D09796}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7FE609DF-96B1-4CB2-AD0B-D64656D8B615}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{65A3EA21-7AE7-4B9C-B981-E0A75C1A68B9}"= B:\AVG\avgupd.exe:avgupd.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R2 avg8wd;AVG Free8 WatchDog;B:\AVG\avgwdsvc.exe [2008-09-15 231704]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 uCamMonitor;CamMonitor;C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-01 125440]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-30 17920]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-19 2930176]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-17 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-17 43904]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-11-16 818688]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-11-15 81448]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-11-15 99880]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-11-15 28464]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-11-15 17448]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-06-15 75952]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-06-15 59568]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c3706f-3c14-11dd-ac26-001a80cce91f}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a96f8356-4689-11dd-8f45-001e3d8c92b3}]
\shell\Auto\command - oxbvpen.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad268c9d-82f2-11dd-a1e6-001a80cce91f}]
\shell\AutoRun\command - G:\Autorun.exe /run
\shell\Shell00\Command - G:\Autorun.exe /run
\shell\Shell01\Command - G:\Autorun.exe /action
\shell\Shell02\Command - G:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{5b75bc9c-05ce-497c-a21a-61c5882e49bd} - C:\Windows\system32\ggmydx.dll
BHO-{986BA846-5C2F-443C-92F6-EA389F39F699} - C:\Windows\system32\opNgEUml.dll
HKCU-Run-54e199b7 - C:\Windows\system32\bnlhosbx.dll
HKCU-Run-BM57d2aa2b - C:\Windows\system32\icjquiii.dll
HKLM-Run-MSServer - C:\Windows\system32\tuvWqOEv.dll
HKLM-Run-54e199b7 - C:\Windows\system32\bnlhosbx.dll
HKLM-Run-BM57d2aa2b - C:\Windows\system32\icjquiii.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\dumbumchum\AppData\Roaming\Mozilla\Firefox\Profiles\axsm8wo5.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 20:06:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\bmwebcfg.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VCM Manager Setting\VcmMgrNotification.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
B:\AVG\avgrsx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-09-15 20:12:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-15 10:12:25

Pre-Run: 59,482,787,840 bytes free
Post-Run: 59,132,985,344 bytes free

263 --- E O F --- 2008-09-15 07:58:01

i re-scanned with avg and theres no viruses now..thank you so os much, you are so kind to help (=

cheers

 

You're welcome.