davidanthony
Posts: 64 +0
Need help cleaning up my wife's pc.....
DDS (Ver_10-11-10.01) - NTFSx86
Run by Dave at 19:03:00.64 on Sat 11/20/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1555 [GMT -4:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Dave.SHELLEY-7C3A8E9\Desktop\dds(2).scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://pogo.oberon-media.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dave~1.she\applic~1\mozilla\firefox\profiles\a2da39eu.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-4-6 23456]
=============== Created Last 30 ================
2010-11-15 07:03:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-15 07:03:31 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-15 07:03:13 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-15 07:03:13 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-15 07:03:13 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-15 07:03:13 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-15 07:03:13 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-15 07:03:13 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-15 07:03:12 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-15 07:03:12 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-15 07:03:10 -------- d-----w- C:\68de9481b97fa93e2d
2010-11-15 07:00:53 -------- d-----w- c:\program files\MSXML 6.0
2010-11-15 07:00:17 -------- d-----w- C:\ec9d36c828509df65cd6354c82
2010-11-15 01:09:38 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-11-15 01:09:35 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-11-13 18:03:44 -------- d--h--r- C:\AHCache
2010-11-05 23:18:23 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-11-05 23:18:10 -------- d-----w- c:\docume~1\dave~1.she\applic~1\AVG10
2010-11-05 23:16:54 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-05 23:16:54 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-11-05 20:54:16 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-11-05 15:37:11 -------- d-----w- c:\docume~1\dave~1.she\applic~1\Malwarebytes
2010-11-05 15:37:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 15:36:59 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-11-05 15:36:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 15:36:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-05 11:02:45 -------- d-----w- c:\windows\pss
2010-11-05 02:51:02 -------- d-----w- c:\docume~1\dave~1.she\applic~1\Koyg
2010-11-05 02:51:02 -------- d-----w- c:\docume~1\dave~1.she\applic~1\Boyv
2010-11-04 21:48:36 -------- d-----w- c:\docume~1\dave~1.she\applic~1\SUPERAntiSpyware.com
2010-11-04 21:48:36 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-11-04 21:48:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-04 21:45:09 -------- d-----w- c:\docume~1\dave~1.she\locals~1\applic~1\AskToolbar
2010-11-01 16:05:41 -------- d-----w- c:\program files\windows
2010-10-30 20:20:06 -------- d--h--w- C:\$AVG
2010-10-27 10:21:10 -------- d-----w- c:\program files\tmp
2010-10-27 10:20:59 -------- d-----w- c:\program files\Microsoft
==================== Find3M ====================
============= FINISH: 19:03:31.29 ===============
and the gmer log...
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-20 18:58:40
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3320820AS rev.3.AHG
Running: tzwim2gj.exe; Driver: C:\DOCUME~1\DAVE~1.SHE\LOCALS~1\Temp\afnirfog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Thanks in advance...
Dave
DDS (Ver_10-11-10.01) - NTFSx86
Run by Dave at 19:03:00.64 on Sat 11/20/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1555 [GMT -4:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Dave.SHELLEY-7C3A8E9\Desktop\dds(2).scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://pogo.oberon-media.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dave~1.she\applic~1\mozilla\firefox\profiles\a2da39eu.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-4-6 23456]
=============== Created Last 30 ================
2010-11-15 07:03:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-15 07:03:31 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-15 07:03:13 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-15 07:03:13 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-15 07:03:13 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-15 07:03:13 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-15 07:03:13 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-15 07:03:13 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-15 07:03:12 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-15 07:03:12 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-15 07:03:10 -------- d-----w- C:\68de9481b97fa93e2d
2010-11-15 07:00:53 -------- d-----w- c:\program files\MSXML 6.0
2010-11-15 07:00:17 -------- d-----w- C:\ec9d36c828509df65cd6354c82
2010-11-15 01:09:38 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-11-15 01:09:35 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-11-13 18:03:44 -------- d--h--r- C:\AHCache
2010-11-05 23:18:23 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-11-05 23:18:10 -------- d-----w- c:\docume~1\dave~1.she\applic~1\AVG10
2010-11-05 23:16:54 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-05 23:16:54 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-11-05 20:54:16 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-11-05 15:37:11 -------- d-----w- c:\docume~1\dave~1.she\applic~1\Malwarebytes
2010-11-05 15:37:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 15:36:59 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-11-05 15:36:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 15:36:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-05 11:02:45 -------- d-----w- c:\windows\pss
2010-11-05 02:51:02 -------- d-----w- c:\docume~1\dave~1.she\applic~1\Koyg
2010-11-05 02:51:02 -------- d-----w- c:\docume~1\dave~1.she\applic~1\Boyv
2010-11-04 21:48:36 -------- d-----w- c:\docume~1\dave~1.she\applic~1\SUPERAntiSpyware.com
2010-11-04 21:48:36 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-11-04 21:48:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-04 21:45:09 -------- d-----w- c:\docume~1\dave~1.she\locals~1\applic~1\AskToolbar
2010-11-01 16:05:41 -------- d-----w- c:\program files\windows
2010-10-30 20:20:06 -------- d--h--w- C:\$AVG
2010-10-27 10:21:10 -------- d-----w- c:\program files\tmp
2010-10-27 10:20:59 -------- d-----w- c:\program files\Microsoft
==================== Find3M ====================
============= FINISH: 19:03:31.29 ===============
and the gmer log...
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-20 18:58:40
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3320820AS rev.3.AHG
Running: tzwim2gj.exe; Driver: C:\DOCUME~1\DAVE~1.SHE\LOCALS~1\Temp\afnirfog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Thanks in advance...
Dave