Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check virus on my computer


  • Please log in to reply
37 replies to this topic

#1 besscella

besscella

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 22 February 2012 - 08:25 AM

Hi,

I think my computer is infected with the System Check virus. I was browsing online looking for help with removing it myself and came across a website that gave instructions on how to remove it manually using the DOS prompt. At the time I had very restricted access to my computer so it was my only option or at least that's what I understood it to be.

I know it was the System Check virus due to the fact that it took over my computer and presented error messages that looked authentic, but that I now know aren't, in order to trick me into buying their fake software. A popup message called System Check kept popping up asking me to fix 14 errors that it had allegedly found. The supposed errors were things like "unreadable C:\ drive"; "Ram is running extremely low and may cause your system to crash"; "hard disk running at 20% less than system requirements"; etc. It also loaded my screen with around 10 error messages in long rectangular windows showing various error messages. I don't recall what they said and as they're no longer running I can't give you the word for word error messages.

As I'm not very computer savvy, I know a bit, but not a lot, I chickened out of trying to get rid of the virus on my own. But before I chickened out I did delete two files from my computer. They were Random letter files. I located both files in
C:\Documents and Settings\All Users\Application Data
The names of the files were aWuqTAlshMh3Ec.exe and yiaYdRfrCjDkrP.exe.

Removing these files got the system check to stop running in the foreground but I'm fairly certain that it's still there in the background somewhere on my computer just waiting to raise it's ugly head. As far as Im aware it hides itself in various places on the computer and eventually repairs itself and then shows up again in the future.

Anyway, after I removed the above folders, I still had a black screen so I ran a program called unhide.exe. This un-hid my files so my system looks like its running normally now, at least on the surface. The website I used to run the unhide.exe program also suggested that I download and run TDSSKiller.exe. I tried to do that but I couldn't get TDSSKiller to start. I'd double click on the icon but nothing would happen.

I'd really like to remove that System Check virus completely from my drive so any help you could offer would be greatly appreciated. I can't think of anything else to tell you so if you need any more information, then please ask me. Thanks.

I've heard about using combofix (in a supervised environment) as a way of removing this virus. What do you recommend I do?

Best Wishes

Besscella

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 AM

Posted 22 February 2012 - 08:32 AM

Create a restore point before running this tool

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 22 February 2012 - 08:32 AM.


#3 besscella

besscella
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 22 February 2012 - 08:42 AM

How do I create a restore point?

I forgot to mention that any instructions you give me will need to be detailed instructions as my knowledge of computers is limited. In other words I pretty much need you to hold me by the hand all the way.

Thanks.

PS I run windows XP.

Edited by besscella, 22 February 2012 - 08:43 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 AM

Posted 22 February 2012 - 08:46 AM

Follow this guide

http://support.microsoft.com/kb/948247

good luck

#5 besscella

besscella
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 22 February 2012 - 09:27 AM

Hi

I successfully created the restore point. I downloaded and launched the FIXTDSS.

Result of running FIXTDSS is Infected MBR detected.

I was given the option to repair. should I close this program or click on the repair button?

I haven't downloaded the aswMBR program yet. I wanted to know what to do about FIXTDSS first.

thanks.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 AM

Posted 22 February 2012 - 09:31 AM

Restart the PC

Run ASWMBR first,also

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#7 besscella

besscella
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 22 February 2012 - 10:20 AM

I closed the FIXTDSS program without fixing as you didn't instruct me to fix anything.

Then I downloaded and launched the aswMBR program. I was given an option to do a quick scan or to scan C:\. I wasn't sure what to do so I chose the c:\ option. However this might have been a mistake as during scan my computer crashed and I was shown the blue wall of death error screen.

the error message was: DRIVER_IRQL_NOT_LESS_OR_EQUAL

So I had to restart my computer using the on/off button before the aswMBR scanner had completed. Once I was up and running again I ran the aswMBR programme again but this time I stuck with the quick scan option. Here is the log of aswMBR below: (I've copied and pasted it into this window as I don't know how else to show you the results.)

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 14:52:40
-----------------------------
14:52:40.343 OS Version: Windows 5.1.2600 Service Pack 3
14:52:40.343 Number of processors: 2 586 0xF06
14:52:40.343 ComputerName: SHARON UserName:
14:53:08.359 Initialize success
14:53:36.968 AVAST engine defs: 12022101
14:54:08.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:08.437 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
14:54:08.468 Disk 0 MBR read successfully
14:54:08.468 Disk 0 MBR scan
14:54:08.578 Disk 0 Windows XP default MBR code
14:54:08.593 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
14:54:08.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109662 MB offset 96390
14:54:08.625 Disk 0 Partition - 00 0F Extended LBA 38122 MB offset 224685090
14:54:08.671 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302760990
14:54:08.718 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38122 MB offset 224685153
14:54:08.718 Disk 0 scanning sectors +312496380
14:54:08.828 Disk 0 scanning C:\WINDOWS\system32\drivers
14:54:42.734 Service scanning
14:55:17.765 Modules scanning
14:55:32.046 Disk 0 trace - called modules:
14:55:32.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86242fa9]<<
14:55:32.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86258030]
14:55:32.078 3 CLASSPNP.SYS[f7670fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86b56030]
14:55:32.078 \Driver\iastor[0x86b49308] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86242fa9
14:55:33.796 AVAST engine scan C:\WINDOWS
14:56:01.031 AVAST engine scan C:\WINDOWS\system32
15:01:36.546 AVAST engine scan C:\WINDOWS\system32\drivers
15:02:09.828 AVAST engine scan C:\Documents and Settings\SharonC
15:09:58.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SharonC\Desktop\MBR.dat"
15:09:58.640 The log file has been saved successfully to "C:\Documents and Settings\SharonC\Desktop\aswMBR.txt"



I'm now going to download the TDSSKiller and run it and I'll post the log here shortly.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 AM

Posted 22 February 2012 - 10:25 AM

I closed the FIXTDSS program without fixing as you didn't instruct me to fix anything.

I'm sorry,run FIXTDSS once again,it should restart the PC,click on REPAIR option

Restart PC,run aswmbr and TDSSkiller now

Edited by narenxp, 22 February 2012 - 10:26 AM.


#9 besscella

besscella
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 22 February 2012 - 11:17 AM

Hi I hit repair on FIXTDSS then restarted the computer. Then I ran aswMBR again and did the quick scan. There is an option to FIX MBR. Do you want me to click on FIX MBR?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 AM

Posted 22 February 2012 - 11:19 AM

Do not click on FIXMBR

Run aswmbr,TDSSkiller and GMER and post the logs

#11 besscella

besscella
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 22 February 2012 - 01:07 PM

hi here is the gmer.log as requested: I'm sorry will you please ignore the gmer.log below, when i looked at gmer again it was still running. Sorry, I thought it had stopped.

the other two reports are below this. I'll post the gmer.log later as soon as it finishes scanning.

How will i know when it's done? does it tell me it's finished?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-22 18:02:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.AD
Running: 49xx65jl.exe; Driver: C:\DOCUME~1\SharonC\LOCALS~1\Temp\uxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF768087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7680BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA72C0640]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\961349066.sys The system cannot find the file specified. !
? C:\DOCUME~1\SharonC\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014D0001
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 04A70930 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 04A70870 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 04A706F0 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 04A707B0 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 04A70B00 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 04A70E60 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 04A70D70 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 04A70C80 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 04A70FE0 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 04A6FDE0 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 04A710C0 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 04A6FF40 C:\Documents and Settings\SharonC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!send 71AB4C27 6 Bytes JMP 719C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71930F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!recv 71AB676F 6 Bytes JMP 71990F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71960F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71900F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat 9CFB5D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A925E400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\All Users\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...


here is the aswMBR log as requested:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 16:04:58
-----------------------------
16:04:58.749 OS Version: Windows 5.1.2600 Service Pack 3
16:04:58.749 Number of processors: 2 586 0xF06
16:04:58.749 ComputerName: SHARON UserName:
16:05:00.796 Initialize success
16:05:17.421 AVAST engine defs: 12022101
16:05:47.952 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:05:47.952 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
16:05:47.952 Disk 0 MBR read successfully
16:05:47.952 Disk 0 MBR scan
16:05:48.031 Disk 0 Windows XP default MBR code
16:05:48.031 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:05:48.062 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109662 MB offset 96390
16:05:48.062 Disk 0 Partition - 00 0F Extended LBA 38122 MB offset 224685090
16:05:48.077 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302760990
16:05:48.109 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38122 MB offset 224685153
16:05:48.109 Disk 0 scanning sectors +312496380
16:05:48.187 Disk 0 scanning C:\WINDOWS\system32\drivers
16:05:57.921 Service scanning
16:06:25.484 Modules scanning
16:06:35.359 Disk 0 trace - called modules:
16:06:35.374 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:06:35.374 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b88358]
16:06:35.374 3 CLASSPNP.SYS[f7670fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86b6b030]
16:06:37.640 AVAST engine scan C:\WINDOWS
16:06:57.765 AVAST engine scan C:\WINDOWS\system32
16:10:14.296 AVAST engine scan C:\WINDOWS\system32\drivers
16:10:34.421 AVAST engine scan C:\Documents and Settings\SharonC
16:12:50.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SharonC\Desktop\MBR.dat"
16:12:50.562 The log file has been saved successfully to "C:\Documents and Settings\SharonC\Desktop\aswMBR.txt"


and finally here is the TDSSKILLER log as requested:

16:21:24.0718 2840 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
16:21:25.0593 2840 ============================================================
16:21:25.0593 2840 Current date / time: 2012/02/22 16:21:25.0593
16:21:25.0593 2840 SystemInfo:
16:21:25.0593 2840
16:21:25.0593 2840 OS Version: 5.1.2600 ServicePack: 3.0
16:21:25.0593 2840 Product type: Workstation
16:21:25.0593 2840 ComputerName: SHARON
16:21:25.0593 2840 UserName: SharonC
16:21:25.0593 2840 Windows directory: C:\WINDOWS
16:21:25.0593 2840 System windows directory: C:\WINDOWS
16:21:25.0593 2840 Processor architecture: Intel x86
16:21:25.0593 2840 Number of processors: 2
16:21:25.0593 2840 Page size: 0x1000
16:21:25.0593 2840 Boot type: Normal boot
16:21:25.0593 2840 ============================================================
16:21:27.0156 2840 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:21:27.0187 2840 Drive \Device\Harddisk5\DR9 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:21:27.0202 2840 \Device\Harddisk0\DR0:
16:21:27.0202 2840 MBR used
16:21:27.0202 2840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xD62F39C
16:21:27.0218 2840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD646C61, BlocksNum 0x4A757BD
16:21:27.0218 2840 \Device\Harddisk5\DR9:
16:21:27.0218 2840 MBR used
16:21:27.0218 2840 \Device\Harddisk5\DR9\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
16:21:27.0468 2840 Initialize success
16:21:27.0468 2840 ============================================================
16:22:18.0109 3104 ============================================================
16:22:18.0109 3104 Scan started
16:22:18.0109 3104 Mode: Manual; TDLFS;
16:22:18.0109 3104 ============================================================
16:22:20.0531 3104 Abiosdsk - ok
16:22:20.0624 3104 abp480n5 - ok
16:22:20.0749 3104 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:22:20.0749 3104 ACPI - ok
16:22:20.0999 3104 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:22:20.0999 3104 ACPIEC - ok
16:22:21.0359 3104 adpu160m - ok
16:22:21.0577 3104 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:22:21.0624 3104 aec - ok
16:22:21.0843 3104 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:22:21.0843 3104 AFD - ok
16:22:21.0906 3104 Aha154x - ok
16:22:21.0984 3104 aic78u2 - ok
16:22:22.0296 3104 aic78xx - ok
16:22:22.0468 3104 AliIde - ok
16:22:22.0562 3104 amsint - ok
16:22:22.0640 3104 asc - ok
16:22:22.0734 3104 asc3350p - ok
16:22:22.0812 3104 asc3550 - ok
16:22:22.0906 3104 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:22:22.0921 3104 AsyncMac - ok
16:22:22.0999 3104 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
16:22:22.0999 3104 atapi - ok
16:22:23.0171 3104 Atdisk - ok
16:22:23.0312 3104 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:22:23.0312 3104 Atmarpc - ok
16:22:23.0390 3104 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:22:23.0390 3104 audstub - ok
16:22:23.0577 3104 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
16:22:23.0609 3104 AvgLdx86 - ok
16:22:23.0734 3104 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
16:22:23.0749 3104 AvgMfx86 - ok
16:22:23.0859 3104 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys
16:22:23.0859 3104 AvgRkx86 - ok
16:22:24.0140 3104 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
16:22:24.0156 3104 AvgTdiX - ok
16:22:24.0359 3104 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:22:24.0359 3104 Beep - ok
16:22:24.0531 3104 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:22:24.0546 3104 cbidf2k - ok
16:22:24.0656 3104 cd20xrnt - ok
16:22:24.0781 3104 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:22:24.0796 3104 Cdaudio - ok
16:22:24.0906 3104 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:22:24.0921 3104 Cdfs - ok
16:22:25.0140 3104 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
16:22:25.0156 3104 Cdr4_xp - ok
16:22:25.0296 3104 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
16:22:25.0296 3104 Cdralw2k - ok
16:22:25.0468 3104 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:22:25.0468 3104 Cdrom - ok
16:22:25.0718 3104 cdudf_xp (294f75a9f2c3317c61f5e51325e9976c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
16:22:25.0734 3104 cdudf_xp - ok
16:22:25.0906 3104 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
16:22:25.0921 3104 cercsr6 - ok
16:22:25.0999 3104 Changer - ok
16:22:26.0156 3104 CmdIde - ok
16:22:26.0374 3104 Cpqarray - ok
16:22:26.0468 3104 dac2w2k - ok
16:22:26.0531 3104 dac960nt - ok
16:22:26.0734 3104 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:22:26.0749 3104 Disk - ok
16:22:26.0937 3104 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:22:27.0031 3104 dmboot - ok
16:22:27.0281 3104 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:22:27.0312 3104 dmio - ok
16:22:27.0546 3104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:22:27.0546 3104 dmload - ok
16:22:27.0827 3104 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:22:27.0843 3104 DMusic - ok
16:22:28.0015 3104 dpti2o - ok
16:22:28.0171 3104 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:22:28.0187 3104 drmkaud - ok
16:22:28.0406 3104 DVDVRRdr_xp (a2abb2a771a522b9dd57ce57d9960661) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
16:22:28.0437 3104 DVDVRRdr_xp - ok
16:22:28.0734 3104 dvd_2K (9d6fabf24b9ac7bd2ef52d7907fd2f8e) C:\WINDOWS\system32\drivers\dvd_2K.sys
16:22:28.0734 3104 dvd_2K - ok
16:22:28.0827 3104 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:22:28.0859 3104 e1express - ok
16:22:29.0281 3104 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:22:29.0312 3104 Fastfat - ok
16:22:29.0437 3104 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:22:29.0437 3104 Fdc - ok
16:22:29.0640 3104 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:22:29.0671 3104 Fips - ok
16:22:29.0812 3104 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:22:29.0812 3104 Flpydisk - ok
16:22:29.0984 3104 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:22:29.0999 3104 FltMgr - ok
16:22:30.0093 3104 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:22:30.0109 3104 fssfltr - ok
16:22:30.0156 3104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:22:30.0156 3104 Fs_Rec - ok
16:22:30.0202 3104 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:22:30.0234 3104 Ftdisk - ok
16:22:30.0327 3104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:22:30.0327 3104 GEARAspiWDM - ok
16:22:30.0515 3104 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:22:30.0531 3104 Gpc - ok
16:22:30.0687 3104 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:22:30.0687 3104 HDAudBus - ok
16:22:31.0015 3104 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:22:31.0031 3104 hidusb - ok
16:22:31.0265 3104 hpn - ok
16:22:31.0374 3104 HssDrv (0d6b32306c362750ec6576f1d90c52f7) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
16:22:31.0374 3104 HssDrv - ok
16:22:31.0546 3104 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:22:31.0593 3104 HTTP - ok
16:22:31.0656 3104 i2omgmt - ok
16:22:31.0734 3104 i2omp - ok
16:22:31.0984 3104 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
16:22:31.0984 3104 i8042prt - ok
16:22:32.0218 3104 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:22:32.0343 3104 ialm - ok
16:22:32.0546 3104 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:22:32.0546 3104 iastor - ok
16:22:32.0702 3104 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:22:32.0718 3104 Imapi - ok
16:22:32.0921 3104 ini910u - ok
16:22:32.0968 3104 IntelIde - ok
16:22:33.0109 3104 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:22:33.0109 3104 intelppm - ok
16:22:33.0265 3104 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:22:33.0281 3104 Ip6Fw - ok
16:22:33.0359 3104 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:22:33.0374 3104 IpFilterDriver - ok
16:22:33.0421 3104 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:22:33.0421 3104 IpInIp - ok
16:22:33.0499 3104 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:22:33.0671 3104 IpNat - ok
16:22:33.0781 3104 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:22:33.0796 3104 IPSec - ok
16:22:33.0874 3104 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:22:33.0890 3104 IRENUM - ok
16:22:33.0968 3104 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:22:33.0984 3104 isapnp - ok
16:22:34.0031 3104 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:22:34.0046 3104 Kbdclass - ok
16:22:34.0124 3104 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:22:34.0140 3104 kbdhid - ok
16:22:34.0343 3104 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:22:34.0374 3104 kmixer - ok
16:22:34.0593 3104 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:22:34.0624 3104 KSecDD - ok
16:22:34.0796 3104 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:22:34.0812 3104 Lavasoft Kernexplorer - ok
16:22:35.0124 3104 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:22:35.0124 3104 Lbd - ok
16:22:35.0202 3104 lbrtfdc - ok
16:22:35.0390 3104 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:22:35.0390 3104 MarvinBus - ok
16:22:35.0609 3104 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:22:35.0624 3104 MHNDRV - ok
16:22:35.0890 3104 mmc_2K (0ba70511363a4a148815c6e57a5f99c5) C:\WINDOWS\system32\drivers\mmc_2K.sys
16:22:35.0906 3104 mmc_2K - ok
16:22:36.0093 3104 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:22:36.0093 3104 mnmdd - ok
16:22:36.0343 3104 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:22:36.0343 3104 Modem - ok
16:22:36.0452 3104 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:22:36.0468 3104 Mouclass - ok
16:22:36.0593 3104 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:22:36.0609 3104 mouhid - ok
16:22:36.0796 3104 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:22:36.0812 3104 MountMgr - ok
16:22:36.0984 3104 mraid35x - ok
16:22:37.0249 3104 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:22:37.0281 3104 MRxDAV - ok
16:22:37.0515 3104 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:22:37.0624 3104 MRxSmb - ok
16:22:37.0812 3104 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:22:37.0812 3104 Msfs - ok
16:22:37.0968 3104 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:22:37.0968 3104 MSKSSRV - ok
16:22:38.0046 3104 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:22:38.0062 3104 MSPCLOCK - ok
16:22:38.0265 3104 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:22:38.0281 3104 MSPQM - ok
16:22:38.0406 3104 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:22:38.0421 3104 mssmbios - ok
16:22:38.0687 3104 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:22:38.0718 3104 Mup - ok
16:22:39.0031 3104 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
16:22:39.0046 3104 NAL - ok
16:22:39.0187 3104 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:22:39.0218 3104 NDIS - ok
16:22:39.0327 3104 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:22:39.0343 3104 NdisTapi - ok
16:22:39.0546 3104 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:22:39.0562 3104 Ndisuio - ok
16:22:39.0718 3104 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:22:39.0765 3104 NdisWan - ok
16:22:39.0843 3104 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:22:39.0874 3104 NDProxy - ok
16:22:40.0031 3104 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
16:22:40.0031 3104 Netaapl - ok
16:22:40.0249 3104 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:22:40.0249 3104 NetBIOS - ok
16:22:40.0656 3104 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:22:40.0671 3104 NetBT - ok
16:22:40.0999 3104 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:22:41.0015 3104 Npfs - ok
16:22:41.0327 3104 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:22:41.0390 3104 Ntfs - ok
16:22:41.0640 3104 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:22:41.0656 3104 Null - ok
16:22:41.0874 3104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:22:41.0906 3104 NwlnkFlt - ok
16:22:41.0968 3104 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:22:41.0984 3104 NwlnkFwd - ok
16:22:42.0171 3104 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:22:42.0171 3104 Parport - ok
16:22:42.0437 3104 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:22:42.0437 3104 PartMgr - ok
16:22:42.0531 3104 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:22:42.0562 3104 ParVdm - ok
16:22:42.0656 3104 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:22:42.0656 3104 PCI - ok
16:22:42.0765 3104 PCIDump - ok
16:22:42.0796 3104 PCIIde - ok
16:22:42.0921 3104 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:22:42.0921 3104 Pcmcia - ok
16:22:42.0999 3104 PDCOMP - ok
16:22:43.0031 3104 PDFRAME - ok
16:22:43.0062 3104 PDRELI - ok
16:22:43.0140 3104 PDRFRAME - ok
16:22:43.0218 3104 perc2 - ok
16:22:43.0327 3104 perc2hib - ok
16:22:43.0499 3104 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:22:43.0515 3104 PptpMiniport - ok
16:22:43.0687 3104 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:22:43.0734 3104 PSched - ok
16:22:43.0906 3104 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:22:43.0906 3104 Ptilink - ok
16:22:44.0343 3104 pwd_2k (a69812bcdf900f99e3ace4c38a3aefb2) C:\WINDOWS\system32\drivers\pwd_2k.sys
16:22:44.0359 3104 pwd_2k - ok
16:22:44.0499 3104 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:22:44.0531 3104 PxHelp20 - ok
16:22:44.0656 3104 ql1080 - ok
16:22:44.0765 3104 Ql10wnt - ok
16:22:44.0843 3104 ql12160 - ok
16:22:44.0984 3104 ql1240 - ok
16:22:45.0031 3104 ql1280 - ok
16:22:45.0156 3104 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:22:45.0187 3104 RasAcd - ok
16:22:45.0327 3104 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:22:45.0343 3104 Rasl2tp - ok
16:22:45.0468 3104 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:22:45.0562 3104 RasPppoe - ok
16:22:45.0687 3104 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:22:45.0687 3104 Raspti - ok
16:22:46.0202 3104 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:22:46.0343 3104 Rdbss - ok
16:22:46.0702 3104 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:22:46.0718 3104 RDPCDD - ok
16:22:46.0952 3104 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:22:46.0968 3104 rdpdr - ok
16:22:47.0202 3104 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:22:47.0234 3104 RDPWD - ok
16:22:47.0452 3104 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:22:47.0452 3104 redbook - ok
16:22:47.0624 3104 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:22:47.0640 3104 SASDIFSV - ok
16:22:47.0687 3104 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:22:47.0718 3104 SASKUTIL - ok
16:22:47.0952 3104 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:22:47.0968 3104 Secdrv - ok
16:22:48.0281 3104 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:22:48.0312 3104 Serial - ok
16:22:48.0468 3104 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:22:48.0468 3104 Sfloppy - ok
16:22:48.0671 3104 Simbad - ok
16:22:48.0781 3104 Sparrow - ok
16:22:48.0968 3104 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:22:48.0968 3104 splitter - ok
16:22:49.0249 3104 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:22:49.0265 3104 sr - ok
16:22:49.0390 3104 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:22:49.0499 3104 Srv - ok
16:22:49.0952 3104 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
16:22:50.0609 3104 STHDA - ok
16:22:51.0031 3104 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:22:51.0031 3104 swenum - ok
16:22:51.0093 3104 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:22:51.0093 3104 swmidi - ok
16:22:51.0171 3104 symc810 - ok
16:22:51.0249 3104 symc8xx - ok
16:22:51.0359 3104 sym_hi - ok
16:22:51.0546 3104 sym_u3 - ok
16:22:51.0671 3104 synsend - ok
16:22:51.0874 3104 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:22:51.0890 3104 sysaudio - ok
16:22:52.0031 3104 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
16:22:52.0031 3104 taphss - ok
16:22:52.0374 3104 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:22:52.0390 3104 Tcpip - ok
16:22:52.0640 3104 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:22:52.0656 3104 TDPIPE - ok
16:22:52.0812 3104 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:22:52.0812 3104 TDTCP - ok
16:22:53.0062 3104 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:22:53.0062 3104 TermDD - ok
16:22:53.0296 3104 TosIde - ok
16:22:53.0468 3104 UdfReadr_xp (8d719ae3cc449768963a6a1f7ff4b769) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
16:22:53.0515 3104 UdfReadr_xp - ok
16:22:53.0968 3104 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:22:54.0031 3104 Udfs - ok
16:22:54.0421 3104 ultra - ok
16:22:54.0593 3104 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:22:54.0671 3104 Update - ok
16:22:54.0906 3104 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:22:54.0952 3104 USBAAPL - ok
16:22:55.0046 3104 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:22:55.0046 3104 usbccgp - ok
16:22:55.0156 3104 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:22:55.0171 3104 usbehci - ok
16:22:55.0390 3104 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:22:55.0390 3104 usbhub - ok
16:22:55.0452 3104 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:22:55.0468 3104 usbprint - ok
16:22:55.0593 3104 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:22:55.0624 3104 usbscan - ok
16:22:55.0671 3104 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:22:55.0687 3104 usbstor - ok
16:22:56.0062 3104 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:22:56.0062 3104 usbuhci - ok
16:22:56.0249 3104 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:22:56.0281 3104 VgaSave - ok
16:22:56.0374 3104 ViaIde - ok
16:22:56.0515 3104 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:22:56.0531 3104 VolSnap - ok
16:22:56.0640 3104 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:22:56.0656 3104 Wanarp - ok
16:22:56.0890 3104 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:22:56.0921 3104 Wdf01000 - ok
16:22:57.0031 3104 WDICA - ok
16:22:57.0124 3104 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:22:57.0140 3104 wdmaud - ok
16:22:57.0406 3104 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:22:57.0421 3104 WudfPf - ok
16:22:57.0609 3104 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:22:57.0640 3104 WudfRd - ok
16:22:57.0687 3104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:22:59.0671 3104 \Device\Harddisk0\DR0 - ok
16:22:59.0687 3104 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR9
16:22:59.0874 3104 \Device\Harddisk5\DR9 - ok
16:22:59.0906 3104 Boot (0x1200) (fc1f5c5a718fa76513f2386cb92b2542) \Device\Harddisk0\DR0\Partition0
16:22:59.0937 3104 \Device\Harddisk0\DR0\Partition0 - ok
16:22:59.0968 3104 Boot (0x1200) (acb134b2ae1fd41eac3607060722690c) \Device\Harddisk0\DR0\Partition1
16:23:00.0015 3104 \Device\Harddisk0\DR0\Partition1 - ok
16:23:00.0015 3104 Boot (0x1200) (d49b30040609d033c397d7f9e35676dc) \Device\Harddisk5\DR9\Partition0
16:23:00.0015 3104 \Device\Harddisk5\DR9\Partition0 - ok
16:23:00.0015 3104 ============================================================
16:23:00.0015 3104 Scan finished
16:23:00.0015 3104 ============================================================
16:23:00.0031 0912 Detected object count: 0
16:23:00.0031 0912 Actual detected object count: 0
16:27:39.0734 2336 Deinitialize success


I hope these are what you were looking for. All the scans ran smoothly and there's nothing odd to report so far.

Thanks.

Edited by besscella, 22 February 2012 - 01:11 PM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 AM

Posted 22 February 2012 - 01:11 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


What are the other issues do you face?

#13 besscella

besscella
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 22 February 2012 - 06:22 PM

Hi

im having a problem with the gmer prog.

I launched the gmer programme at around 3:30pm today and i don't think it ran properly. The prog didn't do a full system scan on its own nor did it ask me if I wanted to do a full scan. All that showed up was a similar result to the result shown below.

The following results are from when I launched the gmer programme after 10pm tonight. And these are also similar to what showed up earlier today at 3:30pm.:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-22 22:53:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.AD
Running: 05k99yug.exe; Driver: C:\DOCUME~1\SharonC\LOCALS~1\Temp\uxtdypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



I'm not sure if my AVG programme is still switched on. I disabled the Resident shield and exited the AVG programme before running GMER.

At 3:30pm, when nothing more happened, I clicked on the scan button and the gmer programme proceeded to scan my computer for the next 6 and a half hours. It finally stopped at 10:00pm. I wasn't given the option of whether I wanted a full system scan or not.

Unfortunately at 10:00pm, when the gmer programme stopped, an error message appeared on my screen and my entire computer froze, including mouse and keyboard.


Anyway, The error message was as follows:

Windows was unable to save all the data for the file\Device\HarddiskVolume2\. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Because of the way my computer behaved, I couldn't save nor copy the results of that scan - which is a real pain. So now I have to run it again. But at this stage I'm not sure if the gmer programme is running properly or if my AVG programme is stopping it. Help!!!!!

I had to do a hard reboot using the on/off button on my cpu. When the computer restarted, a message appeared saying that my computer had recovered from a serious error and that there was a problem with a device driver. They recommended a website (Microsoft) that I could use to download important updates for my drivers. So I downloaded and installed the updates and restarted the computer yet again.

In case I'd messed up the gmer programme, I deleted it and re-downloaded it again. When I launched it this time, the following result was what I got: (Same as above)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-22 22:53:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.AD
Running: 05k99yug.exe; Driver: C:\DOCUME~1\SharonC\LOCALS~1\Temp\uxtdypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Do I need to just click on the Scan button myself and let GMER scan for hours? I'm just wondering if gmer is running properly on my computer.

please answer the questions I've asked you. Thank you.

PS if AVG is preventing GMER from running properly, how do I prevent that from happening bearing in mind that I've already disabled the resident shield and exited the programme?

Edited by besscella, 22 February 2012 - 06:49 PM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 AM

Posted 22 February 2012 - 06:38 PM

IGNORE GMER

Follow my previous instructions

good luck

#15 besscella

besscella
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:09 AM

Posted 23 February 2012 - 03:27 PM

hi, thanks for all your help so far.

well, i downloaded and ran malwarebytes as per your instructions. I then restarted the pc and ran malwarebytes again. I carried out this process about 4 times. The first time, 4 threats were found so i deleted those. but when I ran malwarebytes and restarted the computer the following 3 times, there was 1 persistent threat found each time. It was called:

Trojan Agent - HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\synsend

As far as I'm aware that trojan is still on my computer. After three times running malware and deleting that trojan and then for it to show up again after restart, it looked to me like malwarebytes wasn't going to get rid of it. If you have any suggestions on how I might get rid of synsend - i'd appreciate any help you can offer.

I decided then to move on with your instructions. So I downloaded ESET Online Scanner and ran it. When I ran it my screen went black. when i pressed the windows button the screen retuned to normal. The scanning was running really slowly so after an hour and a bit, the scanner seemed to be stuck at 11%. So I stopped the scan - it had found and deleted 4 threats by then. I saved the list to a text file, repaired my internet connection and ran ESET Online Scanner again. It ran much faster this time and I allowed it to finish. It found a futher 3 threats and I saved those also to a text file. I've included a copy of both of those text files below:

This is the first list after a partial scan -
C:\Documents and Settings\SharonC\Application Data\Sun\Java\Deployment\cache\6.0\11\7fd0568b-5963c4bb multiple threats deleted - quarantined
C:\Documents and Settings\SharonC\Application Data\Sun\Java\Deployment\cache\6.0\30\4331d29e-45d0f84c Java/TrojanDownloader.OpenStream.NBN trojan deleted - quarantined
C:\Documents and Settings\SharonC\Desktop\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Documents and Settings\SharonC\Desktop\Unused Desktop Shortcuts\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application deleted - quarantined


This is the second list after a complete scan -
C:\Program Files\Hotspot Shield\HSS-1.49-install-webroot-225-conduit.exe a variant of Win32/HotSpotShield application deleted - quarantined
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application deleted - quarantined


I didn't delete the quarantined files as I wasn't sure if I should.

I'm now going to download the mini tools as per your instructions and I'll let you know how I got on.

thanks again.

Edited by besscella, 23 February 2012 - 03:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users