[mcf1213]

I recently had the windows restore virus. I cleaned it using the instructions in the various blogs, i.e. removing files and registry entries. I have used combofix, malwarebytes, superantispyware, adaware, gemr, hijackthis just to name a few, and I still have script error box pops up referencing urls similar to ("http://ui.mevio.com/...ndex.js?r=38312 and http://view.atdmt.co...791/direct/01/" Also I have audio ads that start playing even if no IE window is open. I use firefox 4.

I just ran aswmbr and here are the results. The bold lines were in red. Should I run the FIX master boot record? Is that where there virus is still hiding?

Thanks/Mike

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-10 18:51:26
-----------------------------
18:51:26.662 OS Version: Windows 6.1.7600
18:51:26.662 Number of processors: 2 586 0x170A
18:51:26.663 ComputerName: EUROPRO903 UserName: mikef
18:51:32.976 Initialize success
18:51:35.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:51:35.857 Disk 0 Vendor: ST9160412AS 0003LVM1 Size: 152627MB BusType: 11
18:51:37.894 Disk 0 MBR read successfully
18:51:37.902 Disk 0 MBR scan
18:51:39.920 Disk 0 scanning sectors +312578048
18:51:39.962 Disk 0 scanning C:\Windows\system32\drivers
18:51:56.461 Service scanning
18:51:58.254 Disk 0 trace - called modules:
18:51:58.273 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x865941ed]<<
18:51:58.277 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864a7030]
18:51:58.281 3 CLASSPNP.SYS[8a40459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85eed030]
18:51:58.285 \Driver\atapi[0x85ee7148] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x865941ed
18:51:58.289 Scan finished successfully

Attached Files

•  aswMBR.txt   1.12KB   109 downloads