bigt0242000
2010-06-03, 20:34
I've been working on this system for a few days now.
I used UnHackMe me to remove PRAGMAD.SYS.
I used SB S&D to remove Fraud.AntimalwareDoctor, Win32.TDSS.rtk, Fraud.IQManager, Fraud.MalwareDefense, Fraud.PaladinAntivirus, Fraud.Sysguard, FunWebProducts, MyWay.MyWebSearch, Win32.Agent.ieu, Win32.Agent.svc, Win32.FraudLoad, and WinSpywareProtect.
I used SuperAntiSpyware to remove Rootkit.Agent/Gen-TDS[Pragma] and Trojan.Rootkit/Gen - C:\WINDOWS\SYSTEM32\DRIVERS\KZSTET.SYS (Keeps coming back after a restart)
I used Malwarebyte's to remove Adware.AdRotator, Adware.BHO, Adware.EZlife, Adware.Hotbar, Adware.MyWay, Adware.MyWebSearch, Adware.SmartAds, Malware.Trace, Rouge.APManager, Rootkit.TDSS, Trojan.Agent, Trojan.DNSChanger, Trojan.FraudTool.
I've cleared all the cache and cookies from all the web browsers.
DDS (Ver_10-03-17.01) - NTFSx86
Run by * at 12:43:01.93 on Thu 06/03/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.441 [GMT -4:00]
AV: AVG Anti-Virus Business Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://rcs.rome.ga.us/
uDefault_Page_URL = hxxp://rcs.rome.ga.us
mDefault_Page_URL = hxxp://rcs.rome.ga.us
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://66.60.234.245/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274985704093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239663595141&h=57d6d41feaae5a4458389626b0b0f67b/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\nancyp~1\applic~1\mozilla\firefox\profiles\rc9f5r6k.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{a4d5034f-507f-8b45-9895-9489d973a112}\components\4bd6a46d.dll
FF - plugin: c:\program files\java\jre1.5.0_15\bin\NPJPI150_15.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {9DC48D4B-0927-461E-B0F2-75D148CEE1AD} - c:\documents and settings\nancy pruett\local settings\application data\{9DC48D4B-0927-461E-B0F2-75D148CEE1AD}
FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{a4d5034f-507f-8b45-9895-9489d973a112}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-1 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-1 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-1 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-1 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-1 308064]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-29 30192]
=============== Created Last 30 ================
2010-06-03 04:42:00 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-06-03 01:16:54 0 d-----w- c:\docume~1\nancyp~1\applic~1\QuickScan
2010-06-02 20:45:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-02 20:44:57 0 d-----w- C:\RegBack
2010-06-02 20:44:37 0 d-----w- c:\program files\CCleaner
2010-06-02 20:37:10 0 d-----w- c:\docume~1\nancyp~1\applic~1\AVG9
2010-06-02 19:07:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-02 17:41:35 0 d-----w- c:\docume~1\nancyp~1\applic~1\SUPERAntiSpyware.com
2010-06-02 17:41:20 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-02 17:00:08 0 d-----w- c:\program files\VS Revo Group
2010-06-02 16:43:40 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-02 01:02:34 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-02 00:32:28 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-06-02 00:32:23 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-02 00:32:22 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-06-02 00:32:18 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-02 00:32:13 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-02 00:32:06 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-02 00:32:06 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls
2010-06-02 00:32:01 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-02 00:30:56 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-06-02 00:29:56 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2010-06-02 00:28:58 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-06-02 00:27:56 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-06-02 00:26:55 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-06-02 00:26:51 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-06-02 00:26:47 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-06-02 00:26:39 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-06-02 00:26:35 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-06-02 00:26:31 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-06-02 00:26:27 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-06-02 00:26:23 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-06-02 00:26:19 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-06-02 00:26:15 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-06-02 00:26:10 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-06-02 00:26:06 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-06-02 00:26:02 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-06-02 00:24:58 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-06-02 00:23:58 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-06-02 00:22:57 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2010-06-02 00:21:59 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-06-02 00:20:57 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-06-02 00:19:58 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-06-02 00:18:56 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-06-02 00:17:59 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2010-06-02 00:16:59 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-06-02 00:15:59 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-06-02 00:14:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-06-02 00:13:59 606684 ----a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2010-06-02 00:12:59 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-06-02 00:11:58 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
2010-06-02 00:10:58 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-06-02 00:09:56 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-06-02 00:08:57 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
2010-06-02 00:07:57 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-06-02 00:06:59 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys
2010-06-02 00:05:59 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2010-06-02 00:00:07 614429 ----a-w- c:\windows\system32\dllcache\digiview.exe
2010-06-02 00:00:05 42432 ----a-w- c:\windows\system32\dllcache\digirlpt.sys
2010-06-02 00:00:04 110621 ----a-w- c:\windows\system32\dllcache\digirlpt.dll
2010-06-02 00:00:02 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys
2010-06-02 00:00:01 41046 ----a-w- c:\windows\system32\dllcache\digiisdn.dll
2010-06-01 23:58:58 3712 ----a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-06-01 23:57:59 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2010-06-01 23:56:59 87552 ----a-w- c:\windows\system32\dllcache\avmcoxp.dll
2010-06-01 23:55:59 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2010-06-01 23:55:58 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2010-06-01 23:55:57 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-06-01 23:55:57 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-06-01 23:55:56 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-06-01 23:55:55 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-06-01 23:55:55 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-06-01 23:55:27 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-27 20:30:50 0 d-----w- c:\docume~1\nancyp~1\applic~1\TeamViewer
2010-05-27 20:30:19 0 d-----w- c:\program files\TeamViewer
2010-05-26 17:26:16 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-26 17:26:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-26 03:01:34 0 d-----w- C:\Backreg
2010-05-26 02:43:58 2 --shatr- c:\windows\winstart.bat
2010-05-26 02:43:29 0 d-----w- c:\program files\UnHackMe
2010-05-26 01:52:59 0 d-----w- c:\windows\pss
==================== Find3M ====================
2010-06-03 16:43:22 823808 ----a-w- c:\windows\system32\drivers\kzstet.sys
2010-06-02 20:44:03 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-06-02 05:25:17 8832 ----a-w- c:\windows\system32\dllcache\rasacd.sys
2010-06-01 13:26:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-30 00:38:54 96677 ----a-w- c:\windows\system32\d2bab9f8.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 01:38:38 152576 ----a-w- c:\windows\Iracub.exe
2010-04-04 18:50:03 67452 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-04-01 11:49:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll
============= FINISH: 12:45:31.70 ===============
I used UnHackMe me to remove PRAGMAD.SYS.
I used SB S&D to remove Fraud.AntimalwareDoctor, Win32.TDSS.rtk, Fraud.IQManager, Fraud.MalwareDefense, Fraud.PaladinAntivirus, Fraud.Sysguard, FunWebProducts, MyWay.MyWebSearch, Win32.Agent.ieu, Win32.Agent.svc, Win32.FraudLoad, and WinSpywareProtect.
I used SuperAntiSpyware to remove Rootkit.Agent/Gen-TDS[Pragma] and Trojan.Rootkit/Gen - C:\WINDOWS\SYSTEM32\DRIVERS\KZSTET.SYS (Keeps coming back after a restart)
I used Malwarebyte's to remove Adware.AdRotator, Adware.BHO, Adware.EZlife, Adware.Hotbar, Adware.MyWay, Adware.MyWebSearch, Adware.SmartAds, Malware.Trace, Rouge.APManager, Rootkit.TDSS, Trojan.Agent, Trojan.DNSChanger, Trojan.FraudTool.
I've cleared all the cache and cookies from all the web browsers.
DDS (Ver_10-03-17.01) - NTFSx86
Run by * at 12:43:01.93 on Thu 06/03/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.441 [GMT -4:00]
AV: AVG Anti-Virus Business Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://rcs.rome.ga.us/
uDefault_Page_URL = hxxp://rcs.rome.ga.us
mDefault_Page_URL = hxxp://rcs.rome.ga.us
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://66.60.234.245/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274985704093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239663595141&h=57d6d41feaae5a4458389626b0b0f67b/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\nancyp~1\applic~1\mozilla\firefox\profiles\rc9f5r6k.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{a4d5034f-507f-8b45-9895-9489d973a112}\components\4bd6a46d.dll
FF - plugin: c:\program files\java\jre1.5.0_15\bin\NPJPI150_15.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {9DC48D4B-0927-461E-B0F2-75D148CEE1AD} - c:\documents and settings\nancy pruett\local settings\application data\{9DC48D4B-0927-461E-B0F2-75D148CEE1AD}
FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{a4d5034f-507f-8b45-9895-9489d973a112}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-1 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-1 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-1 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-1 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-1 308064]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-29 30192]
=============== Created Last 30 ================
2010-06-03 04:42:00 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-06-03 01:16:54 0 d-----w- c:\docume~1\nancyp~1\applic~1\QuickScan
2010-06-02 20:45:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-02 20:44:57 0 d-----w- C:\RegBack
2010-06-02 20:44:37 0 d-----w- c:\program files\CCleaner
2010-06-02 20:37:10 0 d-----w- c:\docume~1\nancyp~1\applic~1\AVG9
2010-06-02 19:07:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-02 17:41:35 0 d-----w- c:\docume~1\nancyp~1\applic~1\SUPERAntiSpyware.com
2010-06-02 17:41:20 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-02 17:00:08 0 d-----w- c:\program files\VS Revo Group
2010-06-02 16:43:40 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-02 01:02:34 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-02 00:32:28 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-06-02 00:32:23 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-02 00:32:22 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-06-02 00:32:18 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-02 00:32:13 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-02 00:32:06 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-02 00:32:06 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls
2010-06-02 00:32:01 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-02 00:30:56 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-06-02 00:29:56 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2010-06-02 00:28:58 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-06-02 00:27:56 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-06-02 00:26:55 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-06-02 00:26:51 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-06-02 00:26:47 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-06-02 00:26:39 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-06-02 00:26:35 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-06-02 00:26:31 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-06-02 00:26:27 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-06-02 00:26:23 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-06-02 00:26:19 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-06-02 00:26:15 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-06-02 00:26:10 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-06-02 00:26:06 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-06-02 00:26:02 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-06-02 00:24:58 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-06-02 00:23:58 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-06-02 00:22:57 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2010-06-02 00:21:59 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-06-02 00:20:57 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-06-02 00:19:58 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-06-02 00:18:56 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-06-02 00:17:59 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2010-06-02 00:16:59 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-06-02 00:15:59 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-06-02 00:14:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-06-02 00:13:59 606684 ----a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2010-06-02 00:12:59 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-06-02 00:11:58 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
2010-06-02 00:10:58 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-06-02 00:09:56 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-06-02 00:08:57 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
2010-06-02 00:07:57 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-06-02 00:06:59 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys
2010-06-02 00:05:59 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2010-06-02 00:00:07 614429 ----a-w- c:\windows\system32\dllcache\digiview.exe
2010-06-02 00:00:05 42432 ----a-w- c:\windows\system32\dllcache\digirlpt.sys
2010-06-02 00:00:04 110621 ----a-w- c:\windows\system32\dllcache\digirlpt.dll
2010-06-02 00:00:02 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys
2010-06-02 00:00:01 41046 ----a-w- c:\windows\system32\dllcache\digiisdn.dll
2010-06-01 23:58:58 3712 ----a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-06-01 23:57:59 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2010-06-01 23:56:59 87552 ----a-w- c:\windows\system32\dllcache\avmcoxp.dll
2010-06-01 23:55:59 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2010-06-01 23:55:58 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2010-06-01 23:55:57 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-06-01 23:55:57 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-06-01 23:55:56 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-06-01 23:55:55 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-06-01 23:55:55 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-06-01 23:55:27 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-27 20:30:50 0 d-----w- c:\docume~1\nancyp~1\applic~1\TeamViewer
2010-05-27 20:30:19 0 d-----w- c:\program files\TeamViewer
2010-05-26 17:26:16 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-26 17:26:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-26 03:01:34 0 d-----w- C:\Backreg
2010-05-26 02:43:58 2 --shatr- c:\windows\winstart.bat
2010-05-26 02:43:29 0 d-----w- c:\program files\UnHackMe
2010-05-26 01:52:59 0 d-----w- c:\windows\pss
==================== Find3M ====================
2010-06-03 16:43:22 823808 ----a-w- c:\windows\system32\drivers\kzstet.sys
2010-06-02 20:44:03 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-06-02 05:25:17 8832 ----a-w- c:\windows\system32\dllcache\rasacd.sys
2010-06-01 13:26:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-30 00:38:54 96677 ----a-w- c:\windows\system32\d2bab9f8.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 01:38:38 152576 ----a-w- c:\windows\Iracub.exe
2010-04-04 18:50:03 67452 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-04-01 11:49:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll
============= FINISH: 12:45:31.70 ===============