here's a link to my first post ..
http://forums.spybot.info/showthread...474#post432474
Here's the DDS log ..
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by JVizoso at 15:49:06 on 2012-10-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1410 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
N:\Program Files\SASCORE.EXE
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
H:\Program Files\iRacing\iRacingService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
F:\Program Files\IObit\Game Booster 3\gbtray.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [DiskeeperSystray] "f:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [DAEMON Tools-1033] "l:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278938489859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4610591C-7190-44DF-B5D8-39628228BC1E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - n:\program files\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://members.iracing.com/membersite/login.jsp
FF - component: f:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jvizoso\application data\mozilla\firefox\profiles\nqrfh3ir.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
FF - plugin: f:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: f:\program files\videolan\vlc\npvlc.dll
FF - ExtSQL: !HIDDEN! 2010-07-13 11:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-2-22 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-2-22 5248]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2010-7-12 150568]
R1 SASDIFSV;SASDIFSV;n:\program files\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;n:\program files\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;n:\program files\SASCORE.EXE [2011-8-12 116608]
R2 iRacingService;iRacing.com Helper Service;h:\program files\iracing\iRacingService.exe [2010-7-12 521896]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;f:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 115168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;f:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-5-12 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-24 07:09:38 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{976ff948-428a-42bd-98d1-8a2fafe24e1c}\mpengine.dll
2012-10-22 22:25:01 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-17 05:01:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-01 03:59:06 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
.
==================== Find3M ====================
.
2012-10-11 01:20:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:20:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 13:23:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-19 13:23:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-02 09:11:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 09:11:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-15 16:29:09 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
.
============= FINISH: 15:49:31.26 ===============
Here's the aswMBR log
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 15:51:12
-----------------------------
15:51:12.796 OS Version: Windows 5.1.2600 Service Pack 3
15:51:12.796 Number of processors: 2 586 0xF0B
15:51:12.796 ComputerName: INTEL-JV UserName: JVizoso
15:51:13.062 Initialize success
15:52:23.828 AVAST engine defs: 12102400
15:52:37.078 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:52:37.078 Disk 0 Vendor: WDC_WD1200AAJS-00VTA0 01.01B01 Size: 114473MB BusType: 3
15:52:37.078 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv61xx1Port4Path0Target0Lun0
15:52:37.078 Disk 1 Vendor: Maxtor_6 Size: 78167MB BusType: 1
15:52:37.078 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\mv61xx1Port4Path0Target1Lun0
15:52:37.078 Disk 2 Vendor: Maxtor_6 Size: 78167MB BusType: 1
15:52:37.093 Disk 1 MBR read successfully
15:52:37.093 Disk 1 MBR scan
15:52:37.140 Disk 1 Windows XP default MBR code
15:52:37.140 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19445 MB offset 63
15:52:37.140 Disk 1 Partition - 00 0F Extended LBA 58706 MB offset 39825135
15:52:37.156 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 39825198
15:52:37.171 Disk 1 Partition - 00 05 Extended 22701 MB offset 68501160
15:52:37.187 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 22701 MB offset 68501223
15:52:37.203 Disk 1 Partition - 00 05 Extended 22003 MB offset 143669295
15:52:37.218 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 22003 MB offset 114993333
15:52:37.218 Disk 1 scanning sectors +160055595
15:52:37.296 Disk 1 scanning C:\WINDOWS\system32\drivers
15:52:52.125 Service scanning
15:53:05.187 Service MpKslf632823d C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{976FF948-428A-42BD-98D1-8A2FAFE24E1C}\MpKslf632823d.sys **LOCKED** 32
15:53:17.968 Modules scanning
15:53:23.015 Disk 1 trace - called modules:
15:53:23.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll >>UNKNOWN [0x8a61d918]<<
15:53:23.031 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a676030]
15:53:23.046 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Scsi\mv61xx1Port4Path0Target0Lun0[0x8a707a38]
15:53:23.156 AVAST engine scan C:\WINDOWS
15:53:37.984 AVAST engine scan C:\WINDOWS\system32
15:56:32.609 AVAST engine scan C:\WINDOWS\system32\drivers
15:56:48.203 AVAST engine scan C:\Documents and Settings\JVizoso
15:59:05.937 AVAST engine scan C:\Documents and Settings\All Users
15:59:38.593 Scan finished successfully
15:59:46.812 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\JVizoso\Desktop\MBR.dat"
15:59:46.812 The log file has been saved successfully to "C:\Documents and Settings\JVizoso\Desktop\aswMBR.txt"
Hope I did this OK ...