[SpySentinel]

Sorry for the delay.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click Scan

On completion of the scan

Click the Fix for TDL4 or FIXMBR for Whistler Button Select as appropriate

Save the log as before and post in your next reply.

[Advertisements]

Don't worry at all about the delay.

Here is the log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 21:11:11
-----------------------------
21:11:11.283 OS Version: Windows 5.1.2600 Service Pack 3
21:11:11.283 Number of processors: 1 586 0x905
21:11:11.293 ComputerName: ANDERSON1 UserName: Jim
21:11:12.675 Initialize success
21:11:23.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:11:23.771 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
21:11:25.804 Disk 0 MBR read successfully
21:11:25.804 Disk 0 MBR scan
21:11:25.804 Disk 0 unknown MBR code
21:11:27.807 Disk 0 scanning sectors +78140160
21:11:28.077 Disk 0 scanning C:\WINDOWS\system32\drivers
21:11:32.443 Service scanning
21:11:34.566 Disk 0 trace - called modules:
21:11:34.596 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:11:34.596 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81aa55e0]
21:11:34.596 3 CLASSPNP.SYS[f9919fd7] -> nt!IofCallDriver -> \Device\00000072[0x81aa6650]
21:11:34.606 5 ACPI.sys[f9870620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81aa6030]
21:11:34.606 Scan finished successfully
21:11:56.939 Disk 0 Windows 501 MBR fixed successfully
21:12:13.913 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim\Desktop\Malware Removal April 11\MBR.dat"
21:12:13.923 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\Malware Removal April 11\aswMBR.txt"


Thanks,
Milton

[MiltonHolmes]

Don't worry at all about the delay.

Here is the log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 21:11:11
-----------------------------
21:11:11.283 OS Version: Windows 5.1.2600 Service Pack 3
21:11:11.283 Number of processors: 1 586 0x905
21:11:11.293 ComputerName: ANDERSON1 UserName: Jim
21:11:12.675 Initialize success
21:11:23.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:11:23.771 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
21:11:25.804 Disk 0 MBR read successfully
21:11:25.804 Disk 0 MBR scan
21:11:25.804 Disk 0 unknown MBR code
21:11:27.807 Disk 0 scanning sectors +78140160
21:11:28.077 Disk 0 scanning C:\WINDOWS\system32\drivers
21:11:32.443 Service scanning
21:11:34.566 Disk 0 trace - called modules:
21:11:34.596 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:11:34.596 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81aa55e0]
21:11:34.596 3 CLASSPNP.SYS[f9919fd7] -> nt!IofCallDriver -> \Device\00000072[0x81aa6650]
21:11:34.606 5 ACPI.sys[f9870620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81aa6030]
21:11:34.606 Scan finished successfully
21:11:56.939 Disk 0 Windows 501 MBR fixed successfully
21:12:13.913 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim\Desktop\Malware Removal April 11\MBR.dat"
21:12:13.923 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\Malware Removal April 11\aswMBR.txt"


Thanks,
Milton

[SpySentinel]

How is your computer running now?

[MiltonHolmes]

Hi Spy Sentinel, sorry for the delay. My computer seems to be running fine now...however I did a boot-time scan with avast! and it said that there is another corrupt archive...I don't have the exact line, but I'll send it along soon. What is your suggestion for this? Do I need a Windows disk? I may be able to get my hands on one...
Thanks again for all your work and support,
Milton

[SpySentinel]

Hi Milton,

You're welcome
No worries about the delay.


I think a Windows disk would be wise to fix that corruption, but first, lets make sure the rootkit you had is gone.


Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[SpySentinel]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.