Well I did that against Combofixes warnings and it ran for over 1 1/2 hours rebooting and restatring itself several times but I think it was sucessful finally
aswrMBR log before Combofix
aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-01 15:46:47
-----------------------------
15:46:47.248 OS Version: Windows 5.1.2600 Service Pack 3
15:46:47.248 Number of processors: 2 586 0x409
15:46:47.248 ComputerName: JADECOMPUTER UserName: Jade Xing
15:46:48.373 Initialize success
15:46:49.155 AVAST engine defs: 12010101
15:47:43.597 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
15:47:43.597 Disk 0 Vendor: HDS72808 PF2O Size: 76293MB BusType: 3
15:47:43.612 Disk 0 MBR read successfully
15:47:43.628 Disk 0 MBR scan
15:47:43.628 Disk 0 unknown MBR code
15:47:43.628 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:47:43.643 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71492 MB offset 80325
15:47:43.675 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 146496735
15:47:43.690 Disk 0 scanning sectors +156232125
15:47:43.753 Disk 0 scanning C:\WINDOWS\system32\drivers
15:47:57.441 Service scanning
15:47:57.926 Service .MpFilter \* **LOCKED** 123
15:47:57.942 Service .netbt \* **LOCKED** 123
15:47:58.973 Modules scanning
15:48:07.286 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
15:48:08.614 Disk 0 trace - called modules:
15:48:08.646 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
15:48:08.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87371778]
15:48:08.661 3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x87372030]
15:48:08.958 AVAST engine scan C:\WINDOWS
15:48:33.241 AVAST engine scan C:\WINDOWS\system32
15:50:42.783 AVAST engine scan C:\WINDOWS\system32\drivers
15:50:56.316 AVAST engine scan C:\Documents and Settings\Jade Xing
15:55:19.992 File: C:\Documents and Settings\Jade Xing\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe **INFECTED** Win32:Malware-gen
16:03:38.852 AVAST engine scan C:\Documents and Settings\All Users
16:05:28.875 Scan finished successfully
16:05:58.252 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jade Xing\Desktop\MBR.dat"
16:05:58.267 The log file has been saved successfully to "C:\Documents and Settings\Jade Xing\Desktop\aswMBR.txt"
Combofix log
ComboFix 12-01-01.06 - Jade Xing 01/01/2012 23:02:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.440 [GMT -7:00]
Running from: c:\documents and settings\Jade Xing\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Jade Xing\Local Settings\Application Data\{C19C410A-38DF-492F-A87C-4A38115D65E6}
c:\documents and settings\Jade Xing\Local Settings\Application Data\{C19C410A-38DF-492F-A87C-4A38115D65E6}\chrome\content\_cfg.js
c:\documents and settings\Jade Xing\Local Settings\Application Data\{C19C410A-38DF-492F-A87C-4A38115D65E6}\chrome\content\overlay.xul
c:\documents and settings\Jade Xing\Local Settings\Application Data\{C19C410A-38DF-492F-A87C-4A38115D65E6}\install.rdf
c:\documents and settings\Jade Xing\WINDOWS
c:\program files\Shop to Win
c:\program files\Shop to Win\InstallNotifier.exe
c:\program files\Shop to Win\ProcessDetector.exe
c:\program files\Shop to Win\unins000.dat
c:\program files\Shop to Win\unins000.exe
c:\program files\Shop to Win\UnInstallPlugin.exe
C:\Thumbs.db
c:\windows\$NtUninstallKB23454$
c:\windows\$NtUninstallKB23454$\1205514026
c:\windows\$NtUninstallKB42081$
c:\windows\$NtUninstallKB42081$\100532649
c:\windows\$NtUninstallKB42081$\4163609525\@
c:\windows\$NtUninstallKB42081$\4163609525\bckfg.tmp
c:\windows\$NtUninstallKB42081$\4163609525\cfg.ini
c:\windows\$NtUninstallKB42081$\4163609525\Desktop.ini
c:\windows\$NtUninstallKB42081$\4163609525\keywords
c:\windows\$NtUninstallKB42081$\4163609525\kwrd.dll
c:\windows\$NtUninstallKB42081$\4163609525\L\pdmzmplg
c:\windows\$NtUninstallKB42081$\4163609525\lsflt7.ver
c:\windows\$NtUninstallKB42081$\4163609525\U\00000001.@
c:\windows\$NtUninstallKB42081$\4163609525\U\00000002.@
c:\windows\$NtUninstallKB42081$\4163609525\U\80000000.@
c:\windows\$NtUninstallKB42081$\4163609525\U\80000032.@
c:\windows\explorer(2).exe
c:\windows\kb913800.exe
c:\windows\struct~.ini
c:\windows\system32\1.tmp
c:\windows\system32\2.tmp
c:\windows\system32\msnphoto.scr
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_.netbt
-------\Service_6to4
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2011-12-31 18:11 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-31 18:11 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-31 18:11 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-31 18:11 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-31 18:11 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-31 18:11 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-31 18:11 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-31 18:11 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-31 18:11 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-31 18:11 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-24 18:25 . 2012-01-01 23:06 -------- d-----w- C:\TechSpot Scans
2011-12-19 00:50 . 2011-12-19 00:50 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-12-16 04:07 . 2011-12-16 04:07 -------- d-----w- c:\documents and settings\Jade Xing\.bitrock
2011-12-16 04:02 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-12-16 04:02 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2011-12-16 04:02 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-12-16 04:02 . 2011-12-16 04:09 -------- d-----w- c:\program files\Xvid
2011-12-16 03:59 . 2011-12-16 03:59 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-16 03:58 . 2011-12-16 03:58 -------- d-----w- c:\program files\Common Files\xing shared
2011-12-16 03:58 . 2011-12-16 03:58 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-16 03:58 . 2011-12-16 03:58 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-16 03:57 . 2011-12-16 03:58 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 03:57 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-16 03:57 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-26 03:25 . 2011-05-16 21:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2005-08-16 10:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-08-16 10:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-08-16 10:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-08-16 10:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 01:18 . 2011-10-20 01:17 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe
2011-10-15 00:38 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-01 02:23 . 2011-07-01 02:23 1376832 ----a-w- c:\program files\sar_15_sfx.exe
2011-06-29 04:17 . 2011-06-29 04:03 744853 ----a-w- c:\program files\PAVARK.exe
2011-06-24 00:06 . 2011-06-24 00:05 13683064 ----a-w- c:\program files\Firefox Setup 5.0.exe
2011-11-09 03:55 . 2011-06-24 00:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-03 20:36 . 2011-03-21 08:38 13696 ----a-w- c:\program files\mozilla firefox\components\CntvSpeedup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-08-19 16:45 790304 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Desktop Software"="c:\program files\Common Files\supportsoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-22 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-22 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-06-28 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-16 296056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-14 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Documents and Settings\\Jade Xing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Jade Xing\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\PPSGame\\PPSGame.exe"=
"c:\\Program Files\\cntv\\Speedup\\CNTVSpeedupper.exe"=
"c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=
"c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"5985:TCP"= 5985:TCP:*
isabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/31/2011 11:11 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/31/2011 11:11 AM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/31/2011 11:11 AM 20568]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl1851ec07;MpKsl1851ec07;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B048E08-2BF8-42C5-96C1-BC0615091621}\MpKsl1851ec07.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B048E08-2BF8-42C5-96C1-BC0615091621}\MpKsl1851ec07.sys [?]
S1 MpKsl258b9192;MpKsl258b9192;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE88F695-85D2-4ABC-8613-FED4030D807A}\MpKsl258b9192.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE88F695-85D2-4ABC-8613-FED4030D807A}\MpKsl258b9192.sys [?]
S1 MpKsl6e85e19b;MpKsl6e85e19b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB3031CB-9727-4F1C-B33B-376103F3AFAC}\MpKsl6e85e19b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB3031CB-9727-4F1C-B33B-376103F3AFAC}\MpKsl6e85e19b.sys [?]
S1 MpKslb353b479;MpKslb353b479;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF93D587-B646-4B6A-938D-79A4CCD10CF6}\MpKslb353b479.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF93D587-B646-4B6A-938D-79A4CCD10CF6}\MpKslb353b479.sys [?]
S1 MpKslc1bf2223;MpKslc1bf2223;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{704102C9-4AB2-436F-9021-A13D5757F48C}\MpKslc1bf2223.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{704102C9-4AB2-436F-9021-A13D5757F48C}\MpKslc1bf2223.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/16/2005 3:18 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
bthsvc REG_MULTI_SZ btwdlns
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-01-02 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-10-08 21:24]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166645397-1413220193-206111531-1006Core.job
- c:\documents and settings\Jade Xing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-31 02:45]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166645397-1413220193-206111531-1006UA.job
- c:\documents and settings\Jade Xing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-31 02:45]
.
2012-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2166645397-1413220193-206111531-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 23:02]
.
2012-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2166645397-1413220193-206111531-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: ??UUSee?? - c:\program files\uusee\geturltodown.htm
IE: ??UUSee???? - c:\program files\uusee\geturltoplay.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} -
http://www.henkuai.com/?from=iebannel
Trusted Zone: intuit.com\ttlc
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Jade Xing\Application Data\Mozilla\Firefox\Profiles\srzwt60x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20111041,16900,0,21,0
FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=jiMdHzFj&q=
FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=jiMdHzFj&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 1871b5a3-3fa7-43a3-b407-9b19347fdae8
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-btwdlns - btwdiw32.dll
Notify-SMPv - btwdiw32.dll
Notify-âBs$U - btwdiw32.dll
SafeBoot-MsMpSvc
AddRemove-AddressBar - c:\program files\Baidu\AddressBar\ASBarBroker.exe
AddRemove-CCTVBox - c:\documents and settings\Jade Xing\Local Settings\Temporary Internet Files\Content.IE5\Q16JYRBV\CCTVRegOcx[1].exe
AddRemove-{50D9C7D1-86C4-4982-A47E-D490C70A1C7D}_is1 - c:\program files\Shop To Win\unins000.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-01-02 00:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.MpFilter]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,5b,0f,31,36,0a,3a,46,b3,13,04,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,5b,0f,31,36,0a,3a,46,b3,13,04,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\smc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-01-02 00:19:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-02 07:19
.
Pre-Run: 29,994,795,008 bytes free
Post-Run: 33,880,727,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center" /NoExecute=Optin /fastdetect
.
- - End Of File - - AD3614AF087BA45F525DE271E8D5D7C7