Hello,
New to this forum.
I am infected with something which I cannot seem to find. I am hoping someone can assist me with locating this/these infections and ridding my box of them. I am running Win XP SP3 and current on all patches. I have run Kaspersky scans (full, vulnerability, critical area and root kit), Sophos stand alone (Sav32cli), SB Search n Destroy 2, RootAlyzer, SuperAntiSpyware, HijackThis, Combofix and MalwareBytes....all with current updates....with no significant results. I have run these all under normal boot and some under safe mode with no difference in results. After a boot-up, box runs good but eventually slows to a crawl with CPU usage at 100%. Running a manual Windows Update will take a LONG time to complete. I have to wait about 30 seconds when creating a new folder, in order to give it a name. I am a presently unemployed desktop support analyst and have alot of disinfecting experience, but this one, being on my own personal box, is REALLY making me feel incompetent!!! I have backups, but they are infected as well so I can't just restore. It would be a simple re-image normally, but I can't do that with my box....much too much stuff on it. I would greatly appreciate your assistance with this one. Thanks in advance for your hopeful assistance. Below are the requested logs:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Ray at 15:52:50 on 2013-03-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2056 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvwmi.exe
D:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HyperSnap-DX 5\HprSnap5.exe
C:\Program Files\HyperSnap-DX 5\HprSnap5.exe
C:\Program Files\Plextor\PlexUTILITIES\PlexRadar.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Efficient Reminder Free\EfficientReminderFree.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\nvwmi.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k WINRM
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.optimum.net/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "d:\program files\sandboxie\SbieCtrl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe"
mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\docume~1\ray\startm~1\programs\startup\effici~1.lnk - c:\program files\efficient reminder free\EfficientReminderFree.exe
StartupFolder: c:\docume~1\ray\startm~1\programs\startup\erunta~1.lnk - d:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\ray\startm~1\programs\startup\plexra~1.lnk - c:\program files\plextor\plexutilities\PlexRadar.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\del_temp.vbs
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hypers~1.lnk - c:\program files\hypersnap-dx 5\HprSnap5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\plexra~1.lnk - c:\program files\plextor\plexutilities\PlexRadar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\watch.lnk - c:\program files\mustek 1200 ub plus\driver\WATCH.exe
uPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:383
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://amer-ml33.amer.csc.com/dwa85W.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1296519865546
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362800798828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353104195093
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{9C3AA36C-E157-4013-9946-690262E89D96} : DHCPNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{9E3725C9-9785-4641-AB27-3C257B07A781} : DHCPNameServer = 167.206.254.1 167.206.254.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ray\application data\mozilla\firefox\profiles\6cr6okv0.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119776&tt=050412_30b&babsrc=HP_ss&mntrId=1fde8a400000000000000022152aced0
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-01-25 11:03; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: 2013-02-14 11:38; torntv2@torntv.com; c:\documents and settings\ray\application data\mozilla\firefox\profiles\6cr6okv0.default\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: !HIDDEN! 2011-01-31 18:23; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 1fde8a400000000000000022152aced0
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15750
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:39:40
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 asahxp32;asahxp32;c:\windows\system32\drivers\asahxp32.sys [2011-5-6 41696]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-1-26 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-1-26 40648]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-7 33112]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-1-26 14920]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-1-26 185672]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-11-24 586584]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-11-24 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-5-12 18816]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe -r --> c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe -r [?]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-1-26 68168]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-1-26 23624]
R2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi.exe [1999-12-31 664424]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-3-12 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-3-12 1369624]
R2 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-11-24 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-11-24 24920]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2012-12-16 157776]
S0 fnvu;fnvu;c:\windows\system32\drivers\behy.sys --> c:\windows\system32\drivers\behy.sys [?]
S2 gupdate1c987ea6b15f84e;Google Update Service (gupdate1c987ea6b15f84e);c:\program files\google\update\GoogleUpdate.exe [2011-3-6 136176]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-3-12 168384]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-2-1 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-2-1 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-12-29 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-12-29 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-12-29 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-12-29 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-12-29 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-12-29 72728]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-1-27 23456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9160]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-10-10 34432]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-8 35144]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-10-10 25088]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-1-14 13024]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 AZULWXOPZZH;AZULWXOPZZH;c:\docume~1\ray\locals~1\temp\azulwxopzzh.exe --> c:\docume~1\ray\locals~1\temp\AZULWXOPZZH.exe [?]
S4 TSJSRS;TSJSRS;c:\docume~1\ray\locals~1\temp\tsjsrs.exe --> c:\docume~1\ray\locals~1\temp\TSJSRS.exe [?]
S4 ZWKKQGF;ZWKKQGF;c:\docume~1\ray\locals~1\temp\zwkkqgf.exe --> c:\docume~1\ray\locals~1\temp\ZWKKQGF.exe [?]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
ShellExec: CORELPNT.EXE: CANCEL=c:\corel40\programs\CORELPNT.EXE
ShellExec: CORELPNT.EXE: OPEN=c:\corel40\programs\CORELPNT.EXE
ShellExec: CORELPNT.EXE: PRINT=c:\corel40\programs\CORELPNT.EXE
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-13 14:53:55 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-13 14:53:55 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-03-12 14:21:49 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-03-12 14:21:24 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-12 00:16:58 8461312 ------w- c:\windows\system32\dllcache\shell32.dll
2013-03-10 20:31:06 -------- d-----w- C:\Sophos
2013-03-09 00:22:39 -------- d-----w- C:\Escort
2013-03-08 23:42:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-03-08 23:42:22 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-08 23:36:06 -------- d-----w- c:\program files\PC HealthBoost
2013-03-08 19:30:33 -------- d-sh--w- c:\windows\Installer
2013-03-08 16:58:20 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-03-08 04:34:24 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 04:34:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2013-03-08 04:34:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-08 00:19:13 630272 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2013-03-08 00:19:13 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-03-08 00:19:12 247808 ----a-w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-08 00:19:12 12800 ----a-w- c:\windows\system32\dllcache\xpshims.dll
2013-03-08 00:19:11 743424 ----a-w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-08 00:19:11 522240 ----a-w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-08 00:19:11 2004992 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2013-03-08 00:19:09 11111424 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2013-03-07 20:48:36 -------- d-----r- C:\Sandbox
2013-03-07 18:46:02 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-07 17:15:49 -------- d-----w- c:\documents and settings\ray\DoctorWeb
2013-03-07 17:11:45 52232 ----a-w- c:\windows\system32\drivers\REGSYS701.SYS
2013-03-07 15:54:05 -------- d-----w- C:\Deleted Autoruns
.
==================== Find3M ====================
.
2013-03-09 20:16:21 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 20:16:21 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 23:02:02 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-02-27 19:08:13 16473456 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-28 02:36:28 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-01-26 04:35:50 19528 ----a-w- c:\windows\system32\fbnative.exe
2013-01-26 04:35:38 185672 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-01-26 04:35:34 40648 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-01-26 04:35:28 14920 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-01-26 04:35:24 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-25 16:02:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-25 16:02:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-25 16:02:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-21 22:20:40 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-12-21 18:54:00 13896 ----a-w- c:\windows\system32\epmntdrv.sys
2012-12-21 18:53:58 9160 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-12-21 18:53:58 87112 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 15:53:48.35 ===============




aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 16:00:21
-----------------------------
16:00:21.437 OS Version: Windows 5.1.2600 Service Pack 3
16:00:21.437 Number of processors: 2 586 0x403
16:00:21.437 ComputerName: RIGHTWINXP UserName: Ray
16:00:31.265 Initialize success
16:02:41.437 AVAST engine defs: 13031301
16:03:12.015 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000083
16:03:12.015 Disk 0 Vendor: ST3500630AS 3.AAE Size: 476940MB BusType: 3
16:03:12.031 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000084
16:03:12.031 Disk 1 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
16:03:12.031 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000087
16:03:12.031 Disk 2 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
16:03:12.031 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\JRAID1Port4Path0Target0Lun0
16:03:12.031 Disk 3 Vendor: SATA____ Size: 953869MB BusType: 1
16:03:12.031 Disk 4 (boot) \Device\Harddisk4\DR4 -> \Device\Scsi\asahxp321Port5Path0Target0Lun0
16:03:12.031 Disk 4 Vendor: KINGSTON 502A Size: 114473MB BusType: 3
16:03:12.046 Disk 4 MBR read successfully
16:03:12.046 Disk 4 MBR scan
16:03:12.046 Disk 4 Windows 7 default MBR code
16:03:12.046 Disk 4 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114472 MB offset 63
16:03:12.062 Disk 4 scanning sectors +234440759
16:03:12.078 Disk 4 scanning C:\WINDOWS\system32\drivers
16:03:24.109 Service scanning
16:03:31.765 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
16:03:31.875 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
16:03:31.906 Service klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
16:03:31.921 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
16:03:31.937 Service kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys **LOCKED** 5
16:03:31.984 Service kneps C:\WINDOWS\system32\DRIVERS\kneps.sys **LOCKED** 5
16:03:42.937 Modules scanning
16:03:46.406 Disk 4 trace - called modules:
16:03:46.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll asahxp32.sys
16:03:46.421 1 nt!IofCallDriver -> \Device\Harddisk4\DR4[0x8b2e3030]
16:03:46.421 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Scsi\asahxp321Port5Path0Target0Lun0[0x8b2d2030]
16:03:46.843 AVAST engine scan C:\WINDOWS
16:03:51.593 AVAST engine scan C:\WINDOWS\system32
16:07:32.765 AVAST engine scan C:\WINDOWS\system32\drivers
16:07:53.453 AVAST engine scan C:\Documents and Settings\Ray
16:15:11.843 File: C:\Documents and Settings\Ray\My Documents\Diagnostic Tools\Security Tool Service Killer\rkill.com **INFECTED** Win32:Malware-gen
16:19:08.515 AVAST engine scan C:\Documents and Settings\All Users
16:21:23.359 Scan finished successfully
17:18:19.328 Disk 4 MBR has been saved successfully to "C:\Documents and Settings\Ray\Desktop\DISINFECTION TOOLS 3-12-2013\AswMBR\MBR.dat"
17:18:19.343 The log file has been saved successfully to "C:\Documents and Settings\Ray\Desktop\DISINFECTION TOOLS 3-12-2013\AswMBR\aswMBR.txt"