Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet and Firewall after Virus


  • Please log in to reply
9 replies to this topic

#1 monkeysphere

monkeysphere

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 27 January 2012 - 12:08 AM

Hi,

My brother got multiple viruses on his computer yesterday and now he cannot access the internet, the windows network thing gets stuck in "Identifying..." We also can't start up the Windows Firewall (Error code 0x80070424)

The CPU usage in the task manager used to be stuck at 100%, but now it seems normal after multiple scans by Malwarebytes/Spybot/MSE and multiple restarts in and out of safe mode, so I am not sure whether his lack of internet is due to remaining viruses or whether they damaged his computer or something else. Things that they found in order of appearance:

MSE found:
Adware:MSIL/SanctionedMedia
TrojanDownloader:Win32/Obvod.H
Adware:JSPornnpop.A (3 of them)

Spybot found:
2 Fraud.Codec.x3

Malwarebytes found:
Trojan.Downloader.BH (rcxnameosw.exe)
Trojan.Downloader.BH (C96B6.exe)
Trojan.Downloader.BH (lvvm.exe)

2 Trojan.FakeAlert (afd.sys) - I think the removal of these might be the problem? One was found in C:\Windows\System32\drivers\afd.sys and the other in C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad36435_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys (I know very little about computers, just seems similar to other people's problems that I googled)

I tried resetting the netsh tc/ip/winsock and I never had any luck getting internet back, even in safe mode with networking.

Thanks for your help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:35 AM

Posted 27 January 2012 - 12:27 AM

Download

FSS

Checkmark

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update

Click on "Scan".
Please copy and paste the log to your reply.


Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 27 January 2012 - 12:27 AM.


#3 monkeysphere

monkeysphere
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 27 January 2012 - 01:02 AM

FSS log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Jachin (administrator) on 26-01-2012 at 21:47:31
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
Attention! C:\Windows\system32\Drivers\afd.sys is missing.
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


TDSSkiller report:

21:47:42.0162 1736 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:47:42.0177 1736 ============================================================
21:47:42.0177 1736 Current date / time: 2012/01/26 21:47:42.0177
21:47:42.0177 1736 SystemInfo:
21:47:42.0177 1736
21:47:42.0177 1736 OS Version: 6.1.7601 ServicePack: 1.0
21:47:42.0177 1736 Product type: Workstation
21:47:42.0177 1736 ComputerName: JACHIN-PC
21:47:42.0177 1736 UserName: Jachin
21:47:42.0177 1736 Windows directory: C:\Windows
21:47:42.0177 1736 System windows directory: C:\Windows
21:47:42.0177 1736 Processor architecture: Intel x86
21:47:42.0177 1736 Number of processors: 2
21:47:42.0177 1736 Page size: 0x1000
21:47:42.0177 1736 Boot type: Normal boot
21:47:42.0177 1736 ============================================================
21:47:43.0519 1736 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:47:43.0566 1736 Initialize success
21:47:50.0757 2120 ============================================================
21:47:50.0757 2120 Scan started
21:47:50.0757 2120 Mode: Manual;
21:47:50.0757 2120 ============================================================
21:47:51.0366 2120 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:47:51.0366 2120 1394ohci - ok
21:47:51.0397 2120 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:47:51.0413 2120 ACPI - ok
21:47:51.0444 2120 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:47:51.0444 2120 AcpiPmi - ok
21:47:51.0522 2120 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:47:51.0537 2120 adp94xx - ok
21:47:51.0569 2120 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:47:51.0569 2120 adpahci - ok
21:47:51.0600 2120 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:47:51.0600 2120 adpu320 - ok
21:47:51.0678 2120 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
21:47:51.0725 2120 AgereSoftModem - ok
21:47:51.0756 2120 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:47:51.0771 2120 agp440 - ok
21:47:51.0787 2120 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:47:51.0803 2120 aic78xx - ok
21:47:51.0834 2120 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:47:51.0849 2120 aliide - ok
21:47:51.0865 2120 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:47:51.0865 2120 amdagp - ok
21:47:51.0896 2120 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:47:51.0896 2120 amdide - ok
21:47:51.0927 2120 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:47:51.0927 2120 AmdK8 - ok
21:47:51.0943 2120 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:47:51.0943 2120 AmdPPM - ok
21:47:51.0990 2120 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:47:51.0990 2120 amdsata - ok
21:47:52.0021 2120 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:47:52.0037 2120 amdsbs - ok
21:47:52.0052 2120 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:47:52.0052 2120 amdxata - ok
21:47:52.0099 2120 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:47:52.0115 2120 AppID - ok
21:47:52.0146 2120 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:47:52.0161 2120 arc - ok
21:47:52.0177 2120 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:47:52.0177 2120 arcsas - ok
21:47:52.0208 2120 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:52.0208 2120 AsyncMac - ok
21:47:52.0239 2120 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:47:52.0239 2120 atapi - ok
21:47:52.0286 2120 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:47:52.0302 2120 b06bdrv - ok
21:47:52.0442 2120 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:47:52.0442 2120 b57nd60x - ok
21:47:52.0473 2120 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:47:52.0473 2120 Beep - ok
21:47:52.0505 2120 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:47:52.0505 2120 blbdrive - ok
21:47:52.0551 2120 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:47:52.0551 2120 bowser - ok
21:47:52.0567 2120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:47:52.0567 2120 BrFiltLo - ok
21:47:52.0583 2120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:47:52.0598 2120 BrFiltUp - ok
21:47:52.0629 2120 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:47:52.0629 2120 Brserid - ok
21:47:52.0661 2120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:52.0661 2120 BrSerWdm - ok
21:47:52.0676 2120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:52.0676 2120 BrUsbMdm - ok
21:47:52.0692 2120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:52.0692 2120 BrUsbSer - ok
21:47:52.0723 2120 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:47:52.0723 2120 BTHMODEM - ok
21:47:52.0754 2120 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:47:52.0770 2120 cdfs - ok
21:47:52.0832 2120 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:47:52.0848 2120 cdrom - ok
21:47:52.0879 2120 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:47:52.0895 2120 circlass - ok
21:47:52.0941 2120 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:47:52.0957 2120 CLFS - ok
21:47:52.0988 2120 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:52.0988 2120 CmBatt - ok
21:47:53.0004 2120 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:47:53.0004 2120 cmdide - ok
21:47:53.0051 2120 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:47:53.0066 2120 CNG - ok
21:47:53.0097 2120 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:47:53.0097 2120 Compbatt - ok
21:47:53.0129 2120 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:47:53.0129 2120 CompositeBus - ok
21:47:53.0160 2120 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:47:53.0160 2120 crcdisk - ok
21:47:53.0238 2120 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:47:53.0285 2120 DfsC - ok
21:47:53.0300 2120 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:47:53.0300 2120 discache - ok
21:47:53.0331 2120 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:47:53.0347 2120 Disk - ok
21:47:53.0394 2120 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:47:53.0394 2120 drmkaud - ok
21:47:53.0441 2120 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:47:53.0441 2120 DXGKrnl - ok
21:47:53.0550 2120 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:47:53.0628 2120 ebdrv - ok
21:47:53.0659 2120 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:47:53.0675 2120 elxstor - ok
21:47:53.0706 2120 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:47:53.0706 2120 ErrDev - ok
21:47:53.0753 2120 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:47:53.0753 2120 exfat - ok
21:47:53.0784 2120 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:47:53.0784 2120 fastfat - ok
21:47:53.0831 2120 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:47:53.0831 2120 fdc - ok
21:47:53.0862 2120 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:47:53.0862 2120 FileInfo - ok
21:47:53.0877 2120 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:47:53.0877 2120 Filetrace - ok
21:47:53.0893 2120 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:53.0893 2120 flpydisk - ok
21:47:53.0924 2120 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:47:53.0924 2120 FltMgr - ok
21:47:53.0955 2120 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:47:53.0955 2120 FsDepends - ok
21:47:53.0971 2120 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:47:53.0971 2120 Fs_Rec - ok
21:47:54.0018 2120 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:47:54.0018 2120 fvevol - ok
21:47:54.0049 2120 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:47:54.0049 2120 gagp30kx - ok
21:47:54.0080 2120 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:47:54.0080 2120 hcw85cir - ok
21:47:54.0127 2120 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:47:54.0143 2120 HdAudAddService - ok
21:47:54.0158 2120 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:47:54.0158 2120 HDAudBus - ok
21:47:54.0174 2120 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:47:54.0174 2120 HidBatt - ok
21:47:54.0205 2120 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:47:54.0205 2120 HidBth - ok
21:47:54.0236 2120 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:47:54.0236 2120 HidIr - ok
21:47:54.0267 2120 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:47:54.0267 2120 HidUsb - ok
21:47:54.0314 2120 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:47:54.0314 2120 HpSAMD - ok
21:47:54.0361 2120 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:47:54.0377 2120 HTTP - ok
21:47:54.0439 2120 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:47:54.0439 2120 hwpolicy - ok
21:47:54.0486 2120 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:47:54.0486 2120 i8042prt - ok
21:47:54.0533 2120 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:47:54.0548 2120 iaStorV - ok
21:47:54.0767 2120 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:47:54.0938 2120 igfx - ok
21:47:54.0969 2120 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:47:54.0969 2120 iirsp - ok
21:47:55.0016 2120 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:47:55.0016 2120 intelide - ok
21:47:55.0032 2120 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:47:55.0047 2120 intelppm - ok
21:47:55.0063 2120 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:55.0063 2120 IpFilterDriver - ok
21:47:55.0094 2120 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:47:55.0094 2120 IPMIDRV - ok
21:47:55.0125 2120 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:47:55.0125 2120 IPNAT - ok
21:47:55.0157 2120 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:47:55.0157 2120 IRENUM - ok
21:47:55.0188 2120 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:47:55.0188 2120 isapnp - ok
21:47:55.0219 2120 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:47:55.0235 2120 iScsiPrt - ok
21:47:55.0250 2120 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:47:55.0250 2120 kbdclass - ok
21:47:55.0297 2120 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:47:55.0297 2120 kbdhid - ok
21:47:55.0344 2120 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:47:55.0344 2120 KSecDD - ok
21:47:55.0375 2120 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:47:55.0375 2120 KSecPkg - ok
21:47:55.0422 2120 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:47:55.0422 2120 lltdio - ok
21:47:55.0469 2120 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:47:55.0469 2120 LSI_FC - ok
21:47:55.0484 2120 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:47:55.0484 2120 LSI_SAS - ok
21:47:55.0515 2120 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:47:55.0515 2120 LSI_SAS2 - ok
21:47:55.0531 2120 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:47:55.0531 2120 LSI_SCSI - ok
21:47:55.0547 2120 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:47:55.0547 2120 luafv - ok
21:47:55.0562 2120 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:47:55.0562 2120 megasas - ok
21:47:55.0593 2120 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:47:55.0593 2120 MegaSR - ok
21:47:55.0609 2120 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:47:55.0609 2120 Modem - ok
21:47:55.0640 2120 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:47:55.0640 2120 monitor - ok
21:47:55.0671 2120 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:47:55.0671 2120 mouclass - ok
21:47:55.0703 2120 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:47:55.0703 2120 mouhid - ok
21:47:55.0765 2120 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:47:55.0765 2120 mountmgr - ok
21:47:55.0812 2120 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:47:55.0812 2120 MpFilter - ok
21:47:55.0843 2120 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:47:55.0859 2120 mpio - ok
21:47:55.0874 2120 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:47:55.0874 2120 MpNWMon - ok
21:47:55.0905 2120 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:47:55.0905 2120 mpsdrv - ok
21:47:55.0952 2120 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:47:55.0952 2120 MRxDAV - ok
21:47:55.0983 2120 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:55.0983 2120 mrxsmb - ok
21:47:55.0999 2120 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:56.0015 2120 mrxsmb10 - ok
21:47:56.0046 2120 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:56.0046 2120 mrxsmb20 - ok
21:47:56.0077 2120 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:47:56.0077 2120 msahci - ok
21:47:56.0108 2120 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:47:56.0124 2120 msdsm - ok
21:47:56.0155 2120 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:47:56.0155 2120 Msfs - ok
21:47:56.0171 2120 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:47:56.0171 2120 mshidkmdf - ok
21:47:56.0186 2120 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:47:56.0186 2120 msisadrv - ok
21:47:56.0217 2120 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:47:56.0217 2120 MSKSSRV - ok
21:47:56.0264 2120 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:56.0264 2120 MSPCLOCK - ok
21:47:56.0280 2120 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:47:56.0280 2120 MSPQM - ok
21:47:56.0311 2120 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:47:56.0311 2120 MsRPC - ok
21:47:56.0358 2120 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:47:56.0358 2120 mssmbios - ok
21:47:56.0373 2120 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:47:56.0373 2120 MSTEE - ok
21:47:56.0389 2120 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:47:56.0389 2120 MTConfig - ok
21:47:56.0420 2120 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:47:56.0420 2120 Mup - ok
21:47:56.0467 2120 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:47:56.0467 2120 NativeWifiP - ok
21:47:56.0545 2120 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:47:56.0561 2120 NDIS - ok
21:47:56.0576 2120 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:47:56.0576 2120 NdisCap - ok
21:47:56.0607 2120 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:56.0607 2120 NdisTapi - ok
21:47:56.0639 2120 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:56.0654 2120 Ndisuio - ok
21:47:56.0685 2120 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:56.0685 2120 NdisWan - ok
21:47:56.0717 2120 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:47:56.0717 2120 NDProxy - ok
21:47:56.0748 2120 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:47:56.0748 2120 NetBIOS - ok
21:47:56.0779 2120 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:47:56.0826 2120 NetBT - ok
21:47:56.0873 2120 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:47:56.0873 2120 nfrd960 - ok
21:47:56.0904 2120 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:47:56.0904 2120 NisDrv - ok
21:47:56.0935 2120 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:47:56.0951 2120 Npfs - ok
21:47:56.0966 2120 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:47:56.0966 2120 nsiproxy - ok
21:47:57.0029 2120 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:47:57.0060 2120 Ntfs - ok
21:47:57.0075 2120 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:47:57.0075 2120 Null - ok
21:47:57.0122 2120 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:47:57.0122 2120 nvraid - ok
21:47:57.0153 2120 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:47:57.0153 2120 nvstor - ok
21:47:57.0185 2120 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:47:57.0185 2120 nv_agp - ok
21:47:57.0216 2120 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:47:57.0216 2120 ohci1394 - ok
21:47:57.0247 2120 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:47:57.0247 2120 Parport - ok
21:47:57.0294 2120 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:47:57.0294 2120 partmgr - ok
21:47:57.0325 2120 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:47:57.0325 2120 Parvdm - ok
21:47:57.0356 2120 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:47:57.0356 2120 pci - ok
21:47:57.0372 2120 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:47:57.0387 2120 pciide - ok
21:47:57.0419 2120 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:47:57.0419 2120 pcmcia - ok
21:47:57.0434 2120 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:47:57.0434 2120 pcw - ok
21:47:57.0590 2120 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:47:57.0621 2120 PEAUTH - ok
21:47:57.0699 2120 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:47:57.0699 2120 PptpMiniport - ok
21:47:57.0731 2120 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:47:57.0731 2120 Processor - ok
21:47:57.0762 2120 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:47:57.0762 2120 Psched - ok
21:47:57.0809 2120 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:47:57.0840 2120 ql2300 - ok
21:47:57.0871 2120 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:47:57.0871 2120 ql40xx - ok
21:47:57.0887 2120 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:47:57.0887 2120 QWAVEdrv - ok
21:47:57.0918 2120 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:47:57.0918 2120 RasAcd - ok
21:47:57.0965 2120 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:47:57.0965 2120 RasAgileVpn - ok
21:47:57.0996 2120 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:57.0996 2120 Rasl2tp - ok
21:47:58.0027 2120 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:58.0027 2120 RasPppoe - ok
21:47:58.0058 2120 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:47:58.0074 2120 RasSstp - ok
21:47:58.0105 2120 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:47:58.0152 2120 rdbss - ok
21:47:58.0183 2120 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:47:58.0183 2120 rdpbus - ok
21:47:58.0214 2120 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:58.0214 2120 RDPCDD - ok
21:47:58.0245 2120 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:47:58.0261 2120 RDPENCDD - ok
21:47:58.0292 2120 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:47:58.0292 2120 RDPREFMP - ok
21:47:58.0339 2120 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:47:58.0339 2120 RDPWD - ok
21:47:58.0401 2120 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:47:58.0401 2120 rdyboost - ok
21:47:58.0511 2120 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:47:58.0511 2120 rspndr - ok
21:47:58.0557 2120 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:47:58.0557 2120 RTL8167 - ok
21:47:58.0620 2120 rtl8192se (8327c64e9a4d052339c16499d08f7d6c) C:\Windows\system32\DRIVERS\rtl8192se.sys
21:47:58.0635 2120 rtl8192se - ok
21:47:58.0713 2120 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:47:58.0729 2120 SASDIFSV - ok
21:47:58.0745 2120 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:47:58.0745 2120 SASKUTIL - ok
21:47:58.0776 2120 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:47:58.0776 2120 sbp2port - ok
21:47:58.0838 2120 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:47:58.0838 2120 scfilter - ok
21:47:58.0901 2120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:47:58.0901 2120 secdrv - ok
21:47:58.0947 2120 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:47:58.0947 2120 Serenum - ok
21:47:58.0994 2120 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:47:59.0010 2120 Serial - ok
21:47:59.0057 2120 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:47:59.0057 2120 sermouse - ok
21:47:59.0103 2120 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:47:59.0103 2120 sffdisk - ok
21:47:59.0119 2120 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:47:59.0119 2120 sffp_mmc - ok
21:47:59.0135 2120 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:47:59.0135 2120 sffp_sd - ok
21:47:59.0135 2120 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:47:59.0135 2120 sfloppy - ok
21:47:59.0166 2120 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:47:59.0166 2120 sisagp - ok
21:47:59.0197 2120 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:47:59.0197 2120 SiSRaid2 - ok
21:47:59.0213 2120 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:47:59.0213 2120 SiSRaid4 - ok
21:47:59.0244 2120 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:47:59.0259 2120 Smb - ok
21:47:59.0306 2120 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:47:59.0306 2120 spldr - ok
21:47:59.0353 2120 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:47:59.0353 2120 srv - ok
21:47:59.0384 2120 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:47:59.0384 2120 srv2 - ok
21:47:59.0400 2120 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:47:59.0400 2120 srvnet - ok
21:47:59.0447 2120 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:47:59.0447 2120 stexstor - ok
21:47:59.0493 2120 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:47:59.0493 2120 swenum - ok
21:47:59.0540 2120 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
21:47:59.0556 2120 SynTP - ok
21:47:59.0618 2120 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:47:59.0634 2120 Tcpip - ok
21:47:59.0696 2120 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:47:59.0712 2120 TCPIP6 - ok
21:47:59.0743 2120 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:47:59.0759 2120 tcpipreg - ok
21:47:59.0790 2120 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:47:59.0790 2120 TDPIPE - ok
21:47:59.0821 2120 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:47:59.0821 2120 TDTCP - ok
21:47:59.0852 2120 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:47:59.0852 2120 tdx - ok
21:47:59.0883 2120 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:47:59.0883 2120 TermDD - ok
21:47:59.0930 2120 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:59.0930 2120 tssecsrv - ok
21:47:59.0961 2120 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:47:59.0961 2120 TsUsbFlt - ok
21:48:00.0008 2120 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:48:00.0008 2120 tunnel - ok
21:48:00.0039 2120 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:48:00.0039 2120 TVALZ - ok
21:48:00.0071 2120 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:48:00.0071 2120 uagp35 - ok
21:48:00.0117 2120 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:48:00.0117 2120 udfs - ok
21:48:00.0180 2120 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:48:00.0180 2120 uliagpkx - ok
21:48:00.0211 2120 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:48:00.0211 2120 umbus - ok
21:48:00.0242 2120 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:48:00.0258 2120 UmPass - ok
21:48:00.0289 2120 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:48:00.0289 2120 usbccgp - ok
21:48:00.0320 2120 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:48:00.0336 2120 usbcir - ok
21:48:00.0351 2120 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:48:00.0367 2120 usbehci - ok
21:48:00.0383 2120 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:48:00.0398 2120 usbhub - ok
21:48:00.0414 2120 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:48:00.0414 2120 usbohci - ok
21:48:00.0445 2120 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:48:00.0445 2120 usbprint - ok
21:48:00.0476 2120 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:48:00.0476 2120 USBSTOR - ok
21:48:00.0492 2120 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:48:00.0507 2120 usbuhci - ok
21:48:00.0539 2120 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:48:00.0554 2120 usbvideo - ok
21:48:00.0570 2120 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:48:00.0585 2120 vdrvroot - ok
21:48:00.0601 2120 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:48:00.0617 2120 vga - ok
21:48:00.0632 2120 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:48:00.0632 2120 VgaSave - ok
21:48:00.0663 2120 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:48:00.0663 2120 vhdmp - ok
21:48:00.0695 2120 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:48:00.0695 2120 viaagp - ok
21:48:00.0726 2120 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:48:00.0726 2120 ViaC7 - ok
21:48:00.0741 2120 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:48:00.0741 2120 viaide - ok
21:48:00.0757 2120 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:48:00.0757 2120 volmgr - ok
21:48:00.0788 2120 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:48:00.0788 2120 volmgrx - ok
21:48:00.0819 2120 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:48:00.0819 2120 volsnap - ok
21:48:00.0851 2120 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
21:48:00.0851 2120 vpnva - ok
21:48:00.0882 2120 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:48:00.0882 2120 vsmraid - ok
21:48:00.0897 2120 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:48:00.0897 2120 vwifibus - ok
21:48:00.0944 2120 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:48:00.0960 2120 VWiFiFlt - ok
21:48:00.0991 2120 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:48:00.0991 2120 vwifimp - ok
21:48:01.0022 2120 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:48:01.0022 2120 WacomPen - ok
21:48:01.0069 2120 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:01.0069 2120 WANARP - ok
21:48:01.0085 2120 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:01.0085 2120 Wanarpv6 - ok
21:48:01.0116 2120 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:48:01.0116 2120 Wd - ok
21:48:01.0147 2120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:48:01.0163 2120 Wdf01000 - ok
21:48:01.0209 2120 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:48:01.0209 2120 WfpLwf - ok
21:48:01.0225 2120 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:48:01.0241 2120 WIMMount - ok
21:48:01.0303 2120 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:48:01.0303 2120 WmiAcpi - ok
21:48:01.0350 2120 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:48:01.0350 2120 ws2ifsl - ok
21:48:01.0397 2120 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:48:01.0397 2120 WudfPf - ok
21:48:01.0428 2120 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:01.0428 2120 WUDFRd - ok
21:48:01.0475 2120 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:48:01.0537 2120 \Device\Harddisk0\DR0 - ok
21:48:01.0537 2120 Boot (0x1200) (238d6513a6bd22a095e2f3c26700d3a6) \Device\Harddisk0\DR0\Partition0
21:48:01.0537 2120 \Device\Harddisk0\DR0\Partition0 - ok
21:48:01.0537 2120 ============================================================
21:48:01.0537 2120 Scan finished
21:48:01.0537 2120 ============================================================
21:48:01.0553 2544 Detected object count: 0
21:48:01.0553 2544 Actual detected object count: 0


Avast (I updated the definitions on my flash drive from my computer since his computer doesn't have internet. I'm not sure if it stayed updated cause it asked whether I wanted to update the definitions again once I ran it on his computer. Also, is there any danger of carrying viruses over?):

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 21:57:59
-----------------------------
21:57:59.496 OS Version: Windows 6.1.7601 Service Pack 1
21:57:59.496 Number of processors: 2 586 0x170A
21:57:59.496 ComputerName: JACHIN-PC UserName: Jachin
21:58:00.932 Initialize success
21:58:04.098 AVAST engine download error: 0
21:59:12.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:59:12.302 Disk 0 Vendor: WDC_WD3200BEVT-26ZCT0 12.01A12 Size: 305245MB BusType: 11
21:59:12.349 Disk 0 MBR read successfully
21:59:12.349 Disk 0 MBR scan
21:59:12.349 Disk 0 Windows 7 default MBR code
21:59:12.364 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:59:12.380 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 303742 MB offset 3074048
21:59:12.395 Disk 0 scanning sectors +625137664
21:59:12.520 Disk 0 scanning C:\Windows\system32\drivers
21:59:17.902 Service scanning
21:59:18.464 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:59:19.088 Modules scanning
21:59:27.403 Disk 0 trace - called modules:
21:59:27.434 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
21:59:27.434 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cd5030]
21:59:27.449 3 CLASSPNP.SYS[8ab9359e] -> nt!IofCallDriver -> [0x85be3c10]
21:59:27.449 5 ACPI.sys[8a6b23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x857eb030]
21:59:27.465 Scan finished successfully
22:00:55.714 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
22:00:56.307 The log file has been saved successfully to "D:\aswMBR.txt"


Thanks!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:35 AM

Posted 27 January 2012 - 02:20 AM

Launch FSS again and type

afd.sys in search BOX and click on search files

Post the generated log

Also

Microsoft Windows 7 Home Premium Service Pack 1 (X86)


You said its 64 bit OS right? This is 32 bit OS

Good luck

Edited by narenxp, 27 January 2012 - 02:23 AM.


#5 monkeysphere

monkeysphere
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 27 January 2012 - 02:31 AM

Sorry, my bad. Was thinking of my computer. His computer is indeed 32 bit.

FSS:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Jachin (administrator) on 26-01-2012 at 23:27:32
Windows 7 Home Premium Service Pack 1 (X86)

************************************************
================== Search: "afd.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2011-09-19 20:24] - [2011-04-24 19:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011-09-30 09:59] - [2010-11-20 00:40] - 0338944 ____A (Microsoft Corporation) 1151FD4FB0216CFED887BFDE29EBD516

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011-09-19 20:24] - [2011-04-24 18:27] - 0338944 ____A (Microsoft Corporation) C114AB7A1550D42EA1700FFD4179CF5A

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2011-09-19 20:24] - [2011-04-24 18:35] - 0338944 ____A (Microsoft Corporation) 0DB7A48388D54D154EBEC120461A0FCD

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
[2009-07-13 15:12] - [2009-07-13 15:12] - 0338944 ____A (Microsoft Corporation) DDC040FDB01EF1712A6B13E52AFB104C

====== End Of Search ======



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:35 AM

Posted 27 January 2012 - 02:44 AM

Press Windows+R key and copy this

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1

Click ok

Copy afd.sys from location and paste it in C:/Windows/system32/drivers folder


To be on safer side before running registry fixes i would suggest you to

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Download

http://www.mediafire.com/?00ae4u180xgbrxx

if it opens as notepad

rename afd.reg.txt to afd.reg

Launch it,click YES when you get the UAC prompt

Restart the PC and check your browser


If you get back connection,


Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Also Update aswmbr and post the log

Good luck

Edited by narenxp, 27 January 2012 - 02:47 AM.


#7 monkeysphere

monkeysphere
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 27 January 2012 - 04:28 AM

Awesome, the internet works again!

While scanning with GMER, MSE told me there was a potential threat even though I had already disabled its real-time protection. I ignored it, but I think it automatically removed it and told me to restart to finish removing the threat, which I haven't. I turned off "Apply recommended actions" (automatic responses if case of detection) in MSE after that. Is there a way to completely turn off MSE and should I rescan with GMER after doing that? It was a TrojanDownloader:Win32/Obvod.H

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-27 01:12:53
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD3200BEVT-26ZCT0 rev.12.01A12
Running: 0zpm0svu.exe; Driver: C:\Users\Jachin\AppData\Local\Temp\agriqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 8284E369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82887D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 99E8F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 99E8F123 629 Bytes CALL CDEEEFC1
PAGE spsys.sys!?SPRevision@@3PADA + 5329 99E8F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 99E8F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 99E8F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Jachin\AppData\Local\Temp\_av4_\ashBase.dll 0 bytes
File C:\Users\Jachin\AppData\Local\Temp\_av4_\ashSSqlt.dll 0 bytes
File C:\Users\Jachin\AppData\Local\Temp\_av4_\ashSXML.dll 48128 bytes executable
File C:\Users\Jachin\AppData\Local\Temp\_av4_\ashTask.dll 118784 bytes executable
File C:\Users\Jachin\AppData\Local\Temp\_av4_\aswAux.dll 659456 bytes
File C:\Users\Jachin\AppData\Local\Temp\_av4_\aswRes.dll 147456 bytes executable
File C:\Users\Jachin\AppData\Local\Temp\_av4_\data\400.tmp 51141887 bytes
File C:\Users\Jachin\AppData\Local\Temp\_av4_\data\Avast4.ini 74 bytes
File C:\Users\Jachin\AppData\Local\Temp\_av4_\oem.ini 24 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184 0 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\@ 2048 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\bckfg.tmp 877 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\cfg.ini 185 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\keywords 57 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\L 0 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\L\xadqgnnk 338944 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\U 0 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB60552$\3305122184\U\80000032.@ 77312 bytes
File C:\Windows\$NtUninstallKB60552$\929344452 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BXMMITL\likeCAL0KYYS.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BXMMITL\getdata[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BXMMITL\travelImgs09[1].gif 31428 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BXMMITL\fpi[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BXMMITL\inhabitots1-25wide_0[1].jpg 12505 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U1IBO3Q\157490_1450674694_466624925_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U1IBO3Q\186306_100002043496603_6911719_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U1IBO3Q\prim_procuror_Mihai_Betelie_Sursa_RTV_f28b366ac6[1].jpg 1357 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\09KQCV18.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0DELDVV8.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0HYA7A0N.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0LVOKUR7.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0MK0J1YX.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0NW9QYUK.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0QSRVZMI.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0QUEIXW2.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0YU01H5X.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1H9DVXL8.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1HNY0WRY.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1OK5RBHU.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6ZG08LVN.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\71Z0G2YG.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\73OXLB5F.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\754R9CTT.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7ZW38VUZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8JPZSM16.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8Z1FOCXP.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\90J359Z4.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9IV1ZUCS.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VR3SE4TX.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VXWVWFCU.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W7VRRTHR.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WBW9LRAD.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WP52036V.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WP5JIJD2.txt 168 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WQDH0SY1.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9V1RGMZB.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\A861IL01.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AEIRZ1SQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B84GD4KO.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BCGR22TX.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BLQJ2DNZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BPKMOKO5.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BT4HHXA6.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BZBZJN33.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C7EBBQ3K.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C90JES1F.txt 207 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CBKJSLB1.txt 398 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CCGQWXR4.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CEIJ5XY9.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CF79VZG7.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CMWS8L88.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\D0Q19XBH.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DOVOKAN5.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DP0GIPRI.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DVLJNPZA.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DXBYH83X.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E0A2E7OJ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E93K06A9.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EPVNUYUY.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ETPR71HA.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GA1BXLEI.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GGG1MUQT.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GUTHY5K2.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GZRN5DR0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H6YWXEJO.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HDDMDR6P.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I1LA1GWM.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I2AI90VR.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I64DXO3W.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IPAM7JGQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IPY4MQGQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IS3GG7IL.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IW73TXXI.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J3RQGWWK.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JFTHHM15.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JR88Z6J0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JSF4COO7.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JVNODLCW.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\K4CNLZ3R.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\K4DKC1YP.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\K9GMFTR5.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KCSDWW7U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KI9L04EO.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KIGWHHH0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KNBFMQJ0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KSPAF3W5.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KXH1P1SZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LFTU7BM3.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LOVYC1JQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QFFER512.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QNPJ1130.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QXZA16JJ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R97PPVCW.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RPEYT1J0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RWQAAETD.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SEDG6O0U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SZKA3CFS.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TBFAMUEB.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TESZUVVL.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TWLILDMJ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\U0007XAK.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\U3XDEJ5J.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UB5ETD72.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UJ543E9B.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\URSMDRW3.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\USURFEB4.txt 303 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UW3XK1XB.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VBJ5S300.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VDAMBTQO.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LY9UW9OV.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M2EP4I3F.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M35I3XRB.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M578DL8A.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NFKLP4XL.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OCRVBRGV.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OEO76J29.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ON6WB6FH.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PA9P72MD.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PDL2NHCL.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\POAVIEX6.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PQCDL41Q.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PYXDCM4H.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PYZ10C91.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q6E6C6KI.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2230TSNP.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\23DA236A.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\245DCAFZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\293Z7TSW.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2C3IUOUZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2DND7X77.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2FZ3UIBZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2ZH2SMSB.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\390A1P8U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\390QMHF1.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3H5GGE47.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3HTS98FA.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3PA9YBQK.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X54PYUMG.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XEHXY7PX.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XHDNVXXU.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XXAV6DXL.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XY20MDSA.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y991ESB0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YDGFGDML.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YE9CCQQU.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YPQD9PM3.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YXU5ZCP9.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z4SQWDY5.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z64ZGNN7.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z8KZZ6WZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZE4ZFLNB.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZF0E9QR4.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZICD3T25.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZIVN1K83.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZP4U1OSN.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZRCFVJYR.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\45YZ66PY.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4BYP55JF.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4R4RQDUT.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\69AXQVN4.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6OCSML80.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6RKJV025.txt 0 bytes
File C:\Windows\Temp\~DF0983C8AACBCAB53A.TMP 0 bytes
File C:\Windows\Temp\~DF49D637ECD670E8AA.TMP 0 bytes
File C:\Windows\Temp\~DF93449EC9AF792C16.TMP 0 bytes
File C:\Windows\Temp\~DFC56C978E6366091D.TMP 0 bytes
File C:\Windows\Temp\~DFFF0328C90B626CBA.TMP 0 bytes
File C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys (size mismatch) 74240/74752 bytes executable

---- EOF - GMER 1.0.15 ----


aswMBR (I saved the log in the middle of the scan because I wasn't sure if the program was frozen):

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 01:13:45
-----------------------------
01:13:45.731 OS Version: Windows 6.1.7601 Service Pack 1
01:13:45.731 Number of processors: 2 586 0x170A
01:13:45.746 ComputerName: JACHIN-PC UserName: Jachin
01:13:47.603 Initialize success
01:13:51.581 AVAST engine defs: 12012602
01:14:02.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
01:14:02.719 Disk 0 Vendor: WDC_WD3200BEVT-26ZCT0 12.01A12 Size: 305245MB BusType: 11
01:14:02.891 Disk 0 MBR read successfully
01:14:02.906 Disk 0 MBR scan
01:14:02.906 Disk 0 Windows 7 default MBR code
01:14:02.953 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:14:03.015 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 303742 MB offset 3074048
01:14:03.109 Disk 0 scanning sectors +625137664
01:14:03.405 Disk 0 scanning C:\Windows\system32\drivers
01:14:29.426 Service scanning
01:14:30.113 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
01:14:30.737 Modules scanning
01:14:43.809 Disk 0 trace - called modules:
01:14:44.387 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
01:14:44.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cd5030]
01:14:44.402 3 CLASSPNP.SYS[8ab9e59e] -> nt!IofCallDriver -> [0x85be4c10]
01:14:44.402 5 ACPI.sys[8a6c33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x857ea030]
01:14:46.867 AVAST engine scan C:\Windows
01:14:53.934 AVAST engine scan C:\Windows\system32
01:17:35.082 AVAST engine scan C:\Windows\system32\drivers
01:17:47.125 AVAST engine scan C:\Users\Jachin
01:20:22.002 Disk 0 MBR has been saved successfully to "C:\Users\Jachin\Desktop\MBR.dat"
01:20:22.034 The log file has been saved successfully to "C:\Users\Jachin\Desktop\aswMBR.txt"
01:24:29.922 AVAST engine scan C:\ProgramData
01:25:11.590 Scan finished successfully
01:25:25.303 Disk 0 MBR has been saved successfully to "C:\Users\Jachin\Desktop\MBR.dat"
01:25:25.303 The log file has been saved successfully to "C:\Users\Jachin\Desktop\aswMBR.txt"



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:35 AM

Posted 27 January 2012 - 04:47 AM

You're GMER logs indicates rootkit.We need some advanced tools to remove it.

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#9 monkeysphere

monkeysphere
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 28 January 2012 - 02:58 AM

Thanks for all your help! I have posted the new thread at http://www.bleepingcomputer.com/forums/topic440269.html.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:35 AM

Posted 28 January 2012 - 03:31 AM

Good luck :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users