aswmbr log
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-04 18:46:09
18:46:09.389 OS Version: Windows 6.0.6001 Service Pack 1
18:46:09.390 Number of processors: 2 586 0xF0D
18:46:09.395 ComputerName: HOME-PC UserName: Home
18:46:10.750 Initialize success
18:46:15.863 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
18:46:15.869 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
18:46:15.897 Disk 0 MBR read successfully
18:46:15.903 Disk 0 MBR scan
18:46:15.909 Disk 0 unknown MBR code
18:46:15.924 Disk 0 scanning sectors +234440704
18:46:15.962 Disk 0 scanning C:\Windows\system32\drivers
18:46:24.904 Service scanning
18:46:27.339 Disk 0 trace - called modules:
18:46:27.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
18:46:27.360 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x86c1cac8]
18:46:27.361 3 CLASSPNP.SYS[88f9c745] → nt!IofCallDriver → [0x85c446a8]
18:46:27.363 5 acpi.sys[806916a0] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-0[0x85c46030]
18:46:27.364 Scan finished successfully
18:47:44.547 Disk 0 MBR has been saved successfully to “C:\Users\Home\Desktop\MBR.dat”
18:47:44.566 The log file has been saved successfully to “C:\Users\Home\Desktop\aswMBR.txt”
Malware Log
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
6/4/2011 5:40:12 PM
mbam-log-2011-06-04 (17-40-12).txt
Scan type: Quick scan
Objects scanned: 122246
Time elapsed: 15 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDQuality (Trojan.DNSChanger) → Quarantined and deleted successfully.
Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDQuality\Uninstall.lnk (Trojan.DNSChanger) → Quarantined and deleted successfully.