Sorry to barge in asking for help, but I'm at the end of my rope here. I am normally extremely careful about where I go and what I do on the internet, however, the one time I let someone else on my computer, I wind up with a slew of viruses! Most of them I've been able to remedy on my own, but I can't, for the life of me, fix this one!
Here are the report logs that I believe are asked for:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2011.06.30 8:13:27 PM
mbam-log-2011-06-30 (20-13-27).txt
Scan type: Quick scan
Objects scanned: 114840
Time elapsed: 8 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-30 20:03:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-00B4A0 rev.01.03A01
Running: koxcxh9g.exe; Driver: C:\DOCUME~1\Toni\LOCALS~1\Temp\kfryypod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT spet.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spet.sys ZwEnumerateValueKey [0xF74F6030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 8A5A2500
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A5A2500
Device \FileSystem\Ntfs \Ntfs 8A79B1F8
Device \FileSystem\Fastfat \Fat 88253500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Run by Toni at 20:03:43 on 2011-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1409 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TP-LINK\QSS\jswpbapi.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TP-LINK\QSS\jswtrayutil.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.ask.com/?o=0&l=dir
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=explorer.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {554767ce-035e-47b5-a5db-69cfd131146f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FA00400E-3019-47DA-B8CD-8AF866D4D0B1} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WTClient] WTClient.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [jswtrayutil] "c:\program files\tp-link\qss\jswtrayutil.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [TWCU] "c:\program files\tp-link\tp-link wireless client utility\TWCU.exe" -nogui
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 12.0.1278.0
StartupFolder: c:\docume~1\toni\startm~1\programs\startup\ps3med~1.lnk - c:\program files\ps3 media server\PMS.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309475924656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C355E012-E3EF-413E-B1A5-D35C3D153CD0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CC22A5ED-88B0-4461-90F6-88BE500042A2} : DhcpNameServer = 192.168.1.1
Notify: wvUnomMc - wvUnomMc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {d4d2b33e-9ec5-4caa-8562-3561730ab8a8} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUkJyaW
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\toni\application data\mozilla\firefox\profiles\f5rbsjhw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XULRunner: {CA1327B4-43D4-40BF-99D8-8EB12CB9389A} - c:\documents and settings\toni\local settings\application data\{CA1327B4-43D4-40BF-99D8-8EB12CB9389A}
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-30 61960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2011-5-19 188416]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-6-30 1756384]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-5-19 57440]
S2 tvnserver;TightVNC Server;"c:\program files\tightvnc\tvnserver.exe" -service --> c:\program files\tightvnc\tvnserver.exe [?]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-6-26 816672]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2011-5-19 360529]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-27 33792]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-8-27 14208]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-2-7 73216]
S3 rt2870;TP-LINK Wireless Adapter;c:\windows\system32\drivers\rt2870.sys [2011-5-19 829792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
UnknownUnknown LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-07-01 00:00:49 -------- d-----w- c:\documents and settings\toni\application data\Avira
2011-06-30 23:30:15 -------- d-----w- c:\documents and settings\toni\local settings\application data\LogMeIn Hamachi
2011-06-30 23:29:03 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-30 23:09:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 23:09:39 -------- d-----w- c:\program files\Avira
2011-06-30 23:09:39 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-06-30 23:04:50 -------- d-----w- c:\program files\VCK
2011-06-30 22:02:17 -------- d-----w- c:\documents and settings\all users\Atheros
2011-06-30 22:02:10 499796 ----a-w- c:\windows\system32\acs.exe
2011-06-30 22:02:10 262216 ----a-w- c:\windows\system32\IPTests.dll
2011-06-30 22:00:50 -------- d-----w- c:\documents and settings\all users\application data\TP-LINK
2011-06-30 02:54:37 522268 ----a-w- c:\documents and settings\toni\0.23561186916439547.exe
2011-06-30 02:40:23 -------- d-----w- c:\program files\Microsoft XNA
2011-06-30 02:26:24 -------- d-----w- c:\documents and settings\toni\application data\Beerowser
2011-06-30 02:12:22 850768 ----a-w- c:\documents and settings\toni\0.21207445402679093.exe
2011-06-28 06:35:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-06-28 06:29:32 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-28 06:29:08 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-06-27 00:28:20 816672 ----a-r- c:\windows\system32\drivers\AE1000XP.sys
2011-06-27 00:24:10 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
2011-06-20 05:42:57 -------- d-----w- c:\program files\Steam
2011-06-16 06:51:06 -------- d-----w- c:\program files\Haali
2011-06-16 06:39:10 -------- d-----w- c:\documents and settings\toni\local settings\application data\MPlayer
2011-06-16 06:35:15 -------- d-----w- c:\documents and settings\all users\PMS
2011-06-16 06:34:59 -------- d-----w- c:\program files\PS3 Media Server
2011-06-16 06:06:48 -------- d-----w- c:\documents and settings\toni\application data\mkvtoolnix
2011-06-16 06:04:23 -------- d-----w- c:\program files\MKVtoolnix
2011-06-14 07:38:43 -------- d-----w- c:\windows\system32\NtmsData
2011-06-14 07:36:16 0 ----a-w- c:\windows\Mvelipeci.bin
2011-06-14 07:36:14 -------- d-----w- c:\documents and settings\toni\local settings\application data\{CA1327B4-43D4-40BF-99D8-8EB12CB9389A}
2011-06-14 07:34:47 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-07 08:05:45 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-06-07 08:05:45 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-06-07 08:05:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-06-06 16:40:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-06 16:38:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-06 16:38:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 16:38:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 02:04:17 -------- d-----w- c:\program files\Katawa Shoujo Act 1
.
==================== Find3M ====================
.
2011-06-22 22:19:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 23:52:21 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-17 23:52:21 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-17 23:52:19 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14:00 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14:00 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14:00 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14:00 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-08 02:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 02:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 02:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 02:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 02:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 02:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-02 03:39:28 399736 ----a-w- c:\program files\utorrent.exe
2009-07-30 21:03:50 49152 ----a-w- c:\program files\SimpleShutdownTimer.exe
.
============= FINISH: 20:04:17.48 ===============
---------------------------------------------------------------------------------------------
Please, if there is anything out of the ordinary, or any further information I can give, I would greatly appreciate the assistance. I'm going bonkers putting up with this nonsense, and I can't re-format/re-install Windows because I don't have the original discs in my current apartment.
Thanks much in advance!
Here are the report logs that I believe are asked for:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2011.06.30 8:13:27 PM
mbam-log-2011-06-30 (20-13-27).txt
Scan type: Quick scan
Objects scanned: 114840
Time elapsed: 8 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-30 20:03:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-00B4A0 rev.01.03A01
Running: koxcxh9g.exe; Driver: C:\DOCUME~1\Toni\LOCALS~1\Temp\kfryypod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT spet.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spet.sys ZwEnumerateValueKey [0xF74F6030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 8A5A2500
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A5A2500
Device \FileSystem\Ntfs \Ntfs 8A79B1F8
Device \FileSystem\Fastfat \Fat 88253500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Run by Toni at 20:03:43 on 2011-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1409 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TP-LINK\QSS\jswpbapi.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TP-LINK\QSS\jswtrayutil.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.ask.com/?o=0&l=dir
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=explorer.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {554767ce-035e-47b5-a5db-69cfd131146f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FA00400E-3019-47DA-B8CD-8AF866D4D0B1} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WTClient] WTClient.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [jswtrayutil] "c:\program files\tp-link\qss\jswtrayutil.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [TWCU] "c:\program files\tp-link\tp-link wireless client utility\TWCU.exe" -nogui
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 12.0.1278.0
StartupFolder: c:\docume~1\toni\startm~1\programs\startup\ps3med~1.lnk - c:\program files\ps3 media server\PMS.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309475924656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C355E012-E3EF-413E-B1A5-D35C3D153CD0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CC22A5ED-88B0-4461-90F6-88BE500042A2} : DhcpNameServer = 192.168.1.1
Notify: wvUnomMc - wvUnomMc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {d4d2b33e-9ec5-4caa-8562-3561730ab8a8} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUkJyaW
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\toni\application data\mozilla\firefox\profiles\f5rbsjhw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XULRunner: {CA1327B4-43D4-40BF-99D8-8EB12CB9389A} - c:\documents and settings\toni\local settings\application data\{CA1327B4-43D4-40BF-99D8-8EB12CB9389A}
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-30 61960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2011-5-19 188416]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-6-30 1756384]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-5-19 57440]
S2 tvnserver;TightVNC Server;"c:\program files\tightvnc\tvnserver.exe" -service --> c:\program files\tightvnc\tvnserver.exe [?]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-6-26 816672]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2011-5-19 360529]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-27 33792]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-8-27 14208]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-2-7 73216]
S3 rt2870;TP-LINK Wireless Adapter;c:\windows\system32\drivers\rt2870.sys [2011-5-19 829792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
UnknownUnknown LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-07-01 00:00:49 -------- d-----w- c:\documents and settings\toni\application data\Avira
2011-06-30 23:30:15 -------- d-----w- c:\documents and settings\toni\local settings\application data\LogMeIn Hamachi
2011-06-30 23:29:03 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-30 23:09:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 23:09:39 -------- d-----w- c:\program files\Avira
2011-06-30 23:09:39 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-06-30 23:04:50 -------- d-----w- c:\program files\VCK
2011-06-30 22:02:17 -------- d-----w- c:\documents and settings\all users\Atheros
2011-06-30 22:02:10 499796 ----a-w- c:\windows\system32\acs.exe
2011-06-30 22:02:10 262216 ----a-w- c:\windows\system32\IPTests.dll
2011-06-30 22:00:50 -------- d-----w- c:\documents and settings\all users\application data\TP-LINK
2011-06-30 02:54:37 522268 ----a-w- c:\documents and settings\toni\0.23561186916439547.exe
2011-06-30 02:40:23 -------- d-----w- c:\program files\Microsoft XNA
2011-06-30 02:26:24 -------- d-----w- c:\documents and settings\toni\application data\Beerowser
2011-06-30 02:12:22 850768 ----a-w- c:\documents and settings\toni\0.21207445402679093.exe
2011-06-28 06:35:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-06-28 06:29:32 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-28 06:29:08 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-06-27 00:28:20 816672 ----a-r- c:\windows\system32\drivers\AE1000XP.sys
2011-06-27 00:24:10 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
2011-06-20 05:42:57 -------- d-----w- c:\program files\Steam
2011-06-16 06:51:06 -------- d-----w- c:\program files\Haali
2011-06-16 06:39:10 -------- d-----w- c:\documents and settings\toni\local settings\application data\MPlayer
2011-06-16 06:35:15 -------- d-----w- c:\documents and settings\all users\PMS
2011-06-16 06:34:59 -------- d-----w- c:\program files\PS3 Media Server
2011-06-16 06:06:48 -------- d-----w- c:\documents and settings\toni\application data\mkvtoolnix
2011-06-16 06:04:23 -------- d-----w- c:\program files\MKVtoolnix
2011-06-14 07:38:43 -------- d-----w- c:\windows\system32\NtmsData
2011-06-14 07:36:16 0 ----a-w- c:\windows\Mvelipeci.bin
2011-06-14 07:36:14 -------- d-----w- c:\documents and settings\toni\local settings\application data\{CA1327B4-43D4-40BF-99D8-8EB12CB9389A}
2011-06-14 07:34:47 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-07 08:05:45 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-06-07 08:05:45 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-06-07 08:05:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-06-06 16:40:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-06 16:38:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-06 16:38:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 16:38:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 02:04:17 -------- d-----w- c:\program files\Katawa Shoujo Act 1
.
==================== Find3M ====================
.
2011-06-22 22:19:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 23:52:21 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-17 23:52:21 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-17 23:52:19 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14:00 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14:00 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14:00 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14:00 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-08 02:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 02:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 02:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 02:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 02:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 02:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-02 03:39:28 399736 ----a-w- c:\program files\utorrent.exe
2009-07-30 21:03:50 49152 ----a-w- c:\program files\SimpleShutdownTimer.exe
.
============= FINISH: 20:04:17.48 ===============
---------------------------------------------------------------------------------------------
Please, if there is anything out of the ordinary, or any further information I can give, I would greatly appreciate the assistance. I'm going bonkers putting up with this nonsense, and I can't re-format/re-install Windows because I don't have the original discs in my current apartment.
Thanks much in advance!