2nd half of the required bits: thankyou
----- BITS: Possible infected sites -----
hxxp://softwaredownloadcentercom.com.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.
2009-05-20 18:55 . 2009-05-20 18:55 -------- d-----w c:\program files\Trend Micro
2009-05-18 21:15 . 2009-05-18 21:15 194 ----a-w c:\documents and settings\Administrator\Application Data\asd.bat
2009-05-17 20:01 . 2009-05-17 20:01 1095680 ----a-w c:\documents and settings\Administrator\Application Data\winav.exe
2009-04-26 13:52 . 2009-05-19 19:16 -------- d-----w c:\program files\NannyMania2_at
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 20:03 . 2009-02-15 17:03 -------- d-----w c:\documents and settings\Administrator\Application Data\FrostWire
2009-05-20 19:33 . 2009-02-15 17:02 -------- d-----w c:\program files\FrostWire
2009-05-19 19:18 . 2007-03-06 17:39 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-19 19:17 . 2007-09-05 16:06 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-05-19 17:22 . 2009-03-04 20:23 -------- d-----w c:\program files\CookingAcademy2_at
2009-05-18 17:12 . 2008-11-02 12:21 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-18 17:12 . 2008-11-02 12:21 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-18 17:12 . 2008-11-02 12:21 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-16 19:23 . 2006-06-10 14:33 27 ----a-w c:\windows\popcinfo.dat
2009-04-26 13:53 . 2008-03-17 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\Gogii
2009-04-18 12:43 . 2009-04-18 12:43 57344 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-5229fe59-n\Decora-SSE.dll
2009-04-18 12:43 . 2009-04-18 12:43 24064 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5d54eecf-n\Decora-D3D.dll
2009-04-18 12:43 . 2009-04-18 12:43 315392 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6e121485-n\jogl.dll
2009-04-18 12:43 . 2009-04-18 12:43 20480 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6e121485-n\jogl_awt.dll
2009-04-18 12:43 . 2009-04-18 12:43 114688 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6e121485-n\jogl_cg.dll
2009-04-18 12:43 . 2009-04-18 12:43 20480 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-41a57b03-n\gluegen-rt.dll
2009-04-18 12:42 . 2009-04-18 12:42 499712 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-22319cb3-n\msvcp71.dll
2009-04-18 12:42 . 2009-04-18 12:42 499712 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-22319cb3-n\jmc.dll
2009-04-18 12:42 . 2009-04-18 12:42 348160 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-22319cb3-n\msvcr71.dll
2009-04-18 12:42 . 2009-04-18 12:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 12:42 . 2007-05-16 15:05 -------- d-----w c:\program files\Java
2009-04-18 12:41 . 2009-04-18 12:41 152576 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-10 11:34 . 2009-04-10 11:34 -------- d-----w c:\documents and settings\Administrator\Application Data\My Games
2009-04-10 11:34 . 2009-04-10 11:33 -------- d-----w c:\program files\LeelosTalentAgency_at
2009-03-29 15:14 . 2008-03-15 11:16 -------- d-----w c:\documents and settings\All Users\Application Data\ArcadeTown
2009-03-29 15:14 . 2008-03-15 11:15 -------- d-----w c:\documents and settings\Administrator\Application Data\ArcadeTown
2009-03-29 15:14 . 2009-03-29 15:13 -------- d-----w c:\program files\Satisfashion_at
2009-03-18 19:30 . 2009-03-18 19:30 1915520 ----a-w c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\fpupdateax\fpupdateax.exe2004-03-11 12:27 . 2005-10-07 21:45 40960 ----a-w c:\program files\Uninstall_CDS.exe
2001-08-23 15:25 . 2007-10-05 19:01 1706800 ----a-w c:\program files\internet explorer\plugins\gdiplus.dll
2008-11-15 20:41 . 2006-06-10 13:53 900 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"AVScan"="c:\documents and settings\Administrator\Application Data\winav.exe" [2009-05-17 1095680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-07 475746]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-07 65536]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-18 1947928]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-02-24 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-2-1 32768]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2005-10-8 745472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-18 17:12 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/11/2008 13:21 325896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/11/2008 13:21 298776]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [08/10/2005 19:51 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [08/10/2005 19:51 113792]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [08/10/2005 19:51 13532]
S3 BTUsbrXP(R);BT Voyager 1010 USB Adapter;c:\windows\system32\DRIVERS\btusbrxp.sys --> c:\windows\system32\DRIVERS\btusbrxp.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [07/10/2005 03:38 138528]
.
Contents of the 'Scheduled Tasks' folder
2007-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-05-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Creative WebCam Tray - c:\program files\Creative\Shared Files\CAMTRAY.EXE
HKLM-Run-PlatriumWeather - c:\program files\Platrium\bin\1.2.103.0\Weather.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://uk.yahoo.com/mStart Page =
hxxp://www.yahoo.co.uk/uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} -
http://www.sky.comIE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabDPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} -
hxxps://secure.gopetslive.com/dev/GoPetsWeb.cabFF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-23 14:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3468)
c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
.
**************************************************************************
.
Completion time: 2009-05-23 14:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-23 13:16
Pre-Run: 63,595,139,072 bytes free
Post-Run: 64,206,090,240 bytes free
315 --- E O F --- 2008-01-10 19:39