-
Help please!
I followed the instructions post, but my PC will not finish the DDS, no reports are populated. Spybot stops halfway through but I can see 2 entries of Virtumonde and 4 for Fraud.antimalwareDoctor.
My computer was running fine, but we decided to do some system cleaning. In running the uninstall on a few things we don't use (one being an IE toolbar).. the constant pop ads have begin. Also worth noting, we ran S&Destroy prior to running the uninstalls and it found only one minor problem, removed it with no issue.
Please let me know how to proceed...
Thank you!
Ashley
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ash at 7:19:16.09 on 27/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Subsonic\subsonic-service.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Documents and Settings\Ash\Application Data\C3B7CC607230956CA4AE70E68AFE1D84\tr700lqqcore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ash\Local Settings\Temporary Internet Files\Content.IE5\0S7E3OOC\dds[1].com
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LClock] c:\program files\lclock\LClock.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Srixiku] rundll32.exe "c:\windows\mfig32.dll",Startup
uRun: [tr700lqqcore.exe] c:\documents and settings\ash\application data\c3b7cc607230956ca4ae70e68afe1d84\tr700lqqcore.exe
uRun: [AntiVirus AntiSpyware 2011] "c:\documents and settings\ash\application data\antivirus antispyware 2011\AntiVirus AntiSpyware.exe" /STARTUP
uRun: [AntiVirus AntiSpyware 2011 Security] c:\documents and settings\ash\application data\antivirus antispyware 2011\securitymanager.exe
uRunOnce: [SpybotDeletingB3939] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
uRunOnce: [SpybotDeletingD1015] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
uRunOnce: [SpybotDeletingB9383] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
uRunOnce: [SpybotDeletingD6863] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Dfemesiyo] rundll32.exe "c:\windows\oyavipej.dll",Startup
mRunOnce: [SpybotDeletingA1214] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
mRunOnce: [SpybotDeletingC4549] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
mRunOnce: [SpybotDeletingA2593] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRunOnce: [SpybotDeletingC830] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [LClock] c:\program files\lclock\LClock.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://139.142.250.200:2082/activex/AxisCamControl.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ash\applic~1\mozilla\firefox\profiles\i2rvvuz7.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\ash\application data\mozilla\firefox\profiles\i2rvvuz7.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: http://forums.spybot.info/misc.php?d...FzQHN1bi5jb20= - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? BTCFilterService;USB Networking Driver Filter Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? MotDev;Motorola Inc. USB Device
R? Motousbnet;Motorola USB Networking Driver Service
R? motusbdevice;Motorola USB Dev Driver
R? SwitchBoard;Adobe SwitchBoard
R? UsbGps;LGE CDMA USB GPS NMEA Port
R? vcdrom;Virtual CD-ROM Device Driver
S? DeviceMonitorService;DeviceMonitorService
S? MotoHelper;MotoHelper Service
S? ramdisk;Windows RAM Disk Driver
.
=============== Created Last 30 ================
.
2011-04-27 05:52:15 -------- d-----w- c:\windows\26-04-2011
2011-04-27 05:38:24 0 ----a-w- c:\windows\Ctofiwogijanile.bin
2011-04-27 05:38:22 -------- d-----w- c:\docume~1\ash\locals~1\applic~1\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}
2011-04-27 05:37:56 -------- d-----w- c:\docume~1\ash\applic~1\AntiVirus AntiSpyware 2011
2011-04-27 05:37:00 -------- d-----w- c:\docume~1\ash\applic~1\C3B7CC607230956CA4AE70E68AFE1D84
2011-04-15 02:56:35 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2011-04-15 02:05:32 -------- d-----w- c:\docume~1\ash\applic~1\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-15 02:05:32 -------- d-----w- c:\docume~1\ash\applic~1\Adobe Mini Bridge CS5
2011-04-14 14:40:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
.
==================== Find3M ====================
.
2011-03-07 05:31:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 13:05:45 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 01:03:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85A06730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85a0ca10]; MOV EAX, [0x85a0ca8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86547AB8]
3 CLASSPNP[0xF761DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x8657D3B8]
5 ACPI[0xF7494620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8657BD98]
\Driver\atapi[0x862F4B10] -> IRP_MJ_CREATE -> 0x85A06730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x85A0657B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 7:22:24.31 ===============
thanks in advance
-
:snwelcome:
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your infected with a nasty Rootkit :sad:
Please download TDSSKiller.zip- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
-
-
Hi! Thank you for the help, I will attempt this within the hour and update how it went. Just a note that I was unable to log into the pc yesterday, I will try this in safe mode with networking.
Tks again!!
Ash
-
That nasty Rootkit is most likely why you cant boot to normal windows. TDSSkiller may not work , if it fails we will use another method
-
Was unable to log in normally.. But safemode with networking allowed me to download and unzip tdss tool. Installation gets to 80÷ then windows encounters error and needs to abort installation. Rebooted in safe mode no networking, same thing. Is there anything we can do to get it running?
-
Run this tool, dont fix anything , I need to see the log first
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
-
much thanks again, so appreciated. here is the requested log.
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 16:08:45
-----------------------------
16:08:45.093 OS Version: Windows 5.1.2600 Service Pack 3
16:08:45.093 Number of processors: 2 586 0xE08
16:08:45.093 ComputerName: ASH-LAPTOP UserName: Ash
16:08:46.109 Initialize success
16:08:48.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:08:48.875 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
16:08:48.875 Device \Driver\atapi -> DriverStartIo 862c757b
16:08:50.890 Disk 0 MBR read successfully
16:08:50.890 Disk 0 MBR scan
16:08:50.906 Disk 0 TDL4@MBR code has been found
16:08:50.921 Disk 0 Windows XP default MBR code found via API
16:08:50.937 Disk 0 MBR hidden
16:08:50.953 Disk 0 MBR [TDL4] **ROOTKIT**
16:08:50.953 Disk 0 trace - called modules:
16:08:50.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x862c7730]<<
16:08:50.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8635eab8]
16:08:51.000 3 CLASSPNP.SYS[f766bfd7] -> nt!IofCallDriver -> \Device\0000006e[0x863189e8]
16:08:51.015 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> [0x86363940]
16:08:51.031 \Driver\atapi[0x8635b030] -> IRP_MJ_CREATE -> 0x862c7730
16:08:51.078 Scan finished successfully
16:09:23.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ash\Desktop\MBR.dat"
16:09:23.656 The log file has been saved successfully to "C:\Documents and Settings\Ash\Desktop\aswMBR.txt"
-
Re-Run aswMBR
Click Scan
On completion of the scan
Click the Fix for TDL4
http://public.avast.com/~gmerek/aswMBR3.png
Save the log as before and post in your next reply
-
progress!
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 20:28:38
-----------------------------
20:28:38.515 OS Version: Windows 5.1.2600 Service Pack 3
20:28:38.515 Number of processors: 2 586 0xE08
20:28:38.515 ComputerName: ASH-LAPTOP UserName: Ash
20:28:39.375 Initialize success
20:28:41.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:28:41.500 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
20:28:43.531 Disk 0 MBR read successfully
20:28:43.546 Disk 0 MBR scan
20:28:43.562 Disk 0 Windows XP default MBR code
20:28:45.562 Disk 0 scanning sectors +234436545
20:28:45.609 Disk 0 scanning C:\WINDOWS\system32\drivers
20:28:51.187 Service scanning
20:28:54.828 Disk 0 trace - called modules:
20:28:54.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:28:54.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86310ab8]
20:28:54.890 3 CLASSPNP.SYS[f766bfd7] -> nt!IofCallDriver -> \Device\0000006e[0x8636f968]
20:28:54.906 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86317940]
20:28:54.921 Scan finished successfully
20:29:07.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ash\Desktop\MBR.dat"
20:29:07.234 The log file has been saved successfully to "C:\Documents and Settings\Ash\Desktop\aswMBR.txt"