Help Me the New guy Plz

Hi I’m having a Huge problem with random shut downs. The virus is called MBR:\.\PHYSICALDRIVE0. Avast,spybot,Windows defender,Avira cannot kill and i don’t wanna delete because it could be attach to a master boot file. Gonna post aswMBR Scan. PLEASE HELP ME

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-08 23:19:58

23:19:58.000 OS Version: Windows x64 6.1.7600
23:19:58.000 Number of processors: 2 586 0x4303
23:19:58.000 ComputerName: MY-PC UserName: Matt
23:19:58.796 Initialize success
23:28:52.919 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
23:28:52.922 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238474MB BusType: 3
23:28:52.923 Device \Driver\atapi → MajorFunction fffffa8005cf46c8
23:28:52.926 Disk 0 MBR read successfully
23:28:52.929 Disk 0 MBR scan
23:28:52.931 Disk 0 TDL4@MBR code has been found
23:28:52.933 Disk 0 MBR hidden
23:28:52.935 Disk 0 MBR [TDL4] ROOTKIT
23:28:52.937 Disk 0 trace - called modules:
23:28:52.940 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8005cf46c8]<<
23:28:52.942 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005cde060]
23:28:52.946 3 CLASSPNP.SYS[fffff8800180143f] → nt!IofCallDriver → [0xfffffa8005be1520]
23:28:52.949 5 ACPI.sys[fffff88000f05781] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bda060]
23:28:52.951 \Driver\atapi[0xfffffa8005ce77d0] → IRP_MJ_CREATE → 0xfffffa8005cf46c8
23:28:52.956 Scan finished successfully

p.s. ran a program from another post

I have the report hope this helps and i really hope im not being too difficult. with my Horribly bad grammar

\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
\HardDisk0 - OK

Four ms is why avast Kicks butt. I think i got it. Not positive but avast is no longer picking up the virus. I would love an email for a clean bill of help. Not sure but i think I’m having driver issues if anyone is willing to look at my system specks for some kicks.
But I’m not entirely sure on how to show you this with what i have read from these pages or maybe direct me to someone that will. It is a custom built computer.

warm welcome to the forum mattmofo.

I’m no expert on those logs so hopefully someone will check it out and give you some advise on it.

another program i would recommend you to try is malwarebytes antimalware.

http://filehippo.com/download_malwarebytes_anti_malware/

download, install, update and do a scan. remove what it founds. reboot of your system might be needed.

its a good start anyway.

good luck and let us know on the progress.

23:28:52.931 Disk 0 TDL4@MBR code has been found 23:28:52.933 Disk 0 MBR hidden 23:28:52.935 Disk 0 MBR [TDL4] **ROOTKIT**

*scan again, then click “FIX” and reboot
*after reboot scan agin, click save log and post it here

this it?

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-08 23:19:58

23:19:58.000 OS Version: Windows x64 6.1.7600
23:19:58.000 Number of processors: 2 586 0x4303
23:19:58.000 ComputerName: MY-PC UserName: Matt
23:19:58.796 Initialize success
23:28:52.919 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
23:28:52.922 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238474MB BusType: 3
23:28:52.923 Device \Driver\atapi → MajorFunction fffffa8005cf46c8
23:28:52.926 Disk 0 MBR read successfully
23:28:52.929 Disk 0 MBR scan
23:28:52.931 Disk 0 TDL4@MBR code has been found
23:28:52.933 Disk 0 MBR hidden
23:28:52.935 Disk 0 MBR [TDL4] ROOTKIT
23:28:52.937 Disk 0 trace - called modules:
23:28:52.940 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8005cf46c8]<<
23:28:52.942 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005cde060]
23:28:52.946 3 CLASSPNP.SYS[fffff8800180143f] → nt!IofCallDriver → [0xfffffa8005be1520]
23:28:52.949 5 ACPI.sys[fffff88000f05781] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bda060]
23:28:52.951 \Driver\atapi[0xfffffa8005ce77d0] → IRP_MJ_CREATE → 0xfffffa8005cf46c8
23:28:52.956 Scan finished successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-09 03:05:18

03:05:18.860 OS Version: Windows x64 6.1.7600
03:05:18.860 Number of processors: 2 586 0x4303
03:05:18.860 ComputerName: MY-PC UserName: Matt
03:05:36.094 Initialize success
03:05:49.594 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
03:05:49.610 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238474MB BusType: 3
03:05:51.657 Disk 0 MBR read successfully
03:05:51.657 Disk 0 MBR scan
03:05:51.657 Service scanning
03:05:56.704 Disk 0 trace - called modules:
03:05:56.704 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
03:05:56.704 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005cb96f0]
03:05:56.719 3 CLASSPNP.SYS[fffff8800192e43f] → nt!IofCallDriver → [0xfffffa8005bb7520]
03:05:56.719 5 ACPI.sys[fffff88000ec7781] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bb0060]
03:05:56.719 Scan finished successfully
03:06:15.173 Disk 0 Windows 601 MBR fixed successfully

this is scan after reboot

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-08 23:19:58

23:19:58.000 OS Version: Windows x64 6.1.7600
23:19:58.000 Number of processors: 2 586 0x4303
23:19:58.000 ComputerName: MY-PC UserName: Matt
23:19:58.796 Initialize success
23:28:52.919 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
23:28:52.922 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238474MB BusType: 3
23:28:52.923 Device \Driver\atapi → MajorFunction fffffa8005cf46c8
23:28:52.926 Disk 0 MBR read successfully
23:28:52.929 Disk 0 MBR scan
23:28:52.931 Disk 0 TDL4@MBR code has been found
23:28:52.933 Disk 0 MBR hidden
23:28:52.935 Disk 0 MBR [TDL4] ROOTKIT
23:28:52.937 Disk 0 trace - called modules:
23:28:52.940 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8005cf46c8]<<
23:28:52.942 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005cde060]
23:28:52.946 3 CLASSPNP.SYS[fffff8800180143f] → nt!IofCallDriver → [0xfffffa8005be1520]
23:28:52.949 5 ACPI.sys[fffff88000f05781] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bda060]
23:28:52.951 \Driver\atapi[0xfffffa8005ce77d0] → IRP_MJ_CREATE → 0xfffffa8005cf46c8
23:28:52.956 Scan finished successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-09 03:05:18

03:05:18.860 OS Version: Windows x64 6.1.7600
03:05:18.860 Number of processors: 2 586 0x4303
03:05:18.860 ComputerName: MY-PC UserName: Matt
03:05:36.094 Initialize success
03:05:49.594 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
03:05:49.610 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238474MB BusType: 3
03:05:51.657 Disk 0 MBR read successfully
03:05:51.657 Disk 0 MBR scan
03:05:51.657 Service scanning
03:05:56.704 Disk 0 trace - called modules:
03:05:56.704 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
03:05:56.704 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005cb96f0]
03:05:56.719 3 CLASSPNP.SYS[fffff8800192e43f] → nt!IofCallDriver → [0xfffffa8005bb7520]
03:05:56.719 5 ACPI.sys[fffff88000ec7781] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bb0060]
03:05:56.719 Scan finished successfully
03:06:15.173 Disk 0 Windows 601 MBR fixed successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-09 03:15:27

03:15:27.363 OS Version: Windows x64 6.1.7600
03:15:27.363 Number of processors: 2 586 0x4303
03:15:27.363 ComputerName: MY-PC UserName: Matt
03:15:28.269 Initialize success
03:15:34.957 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
03:15:34.957 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238474MB BusType: 3
03:15:34.957 Disk 0 MBR read successfully
03:15:34.972 Disk 0 MBR scan
03:15:34.972 Service scanning
03:15:37.269 Disk 0 trace - called modules:
03:15:37.269 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:15:37.269 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005cb8060]
03:15:37.285 3 CLASSPNP.SYS[fffff8800186c43f] → nt!IofCallDriver → [0xfffffa8005bc1520]
03:15:37.285 5 ACPI.sys[fffff88000ea0781] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bb5060]
03:15:37.285 Scan finished successfully

sorry about the info i thought it would over right the file when i saved over it Not add too it

What problems remain ? Is your pc running OK?

The log looks clean

Avast,spybot,,Windows defender,Avira cannot kill and i don't wanna
never install multiple AV programs as this will creat all kind of windows errors and false positive detections. So uninstall Avira, i would also remove SpyBot and Windows defender as they are no good It is also recomended to use a removaltool so all leftovers are gone after Avira uninstall can be found here http://uninstallers.blogspot.com/

Have you downloaded the program suggested by Mikaelrask?
please do and do a quick scan, post the log here

Yes think i got it as said in my first post. i was really don’t know how to read the log files all gibberish to me. I did get another blue screen of death. but its a error i have scene before. but i think that is a driver issue and not really the biggest concern right now.

i only use one active shield, with one scan at a time, and i just like to keep others on hand not running but can be put on in safe mode. that’s OK right

No

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

You can use avast and Malwarebytes, they do not conflict

Link doesn’t work ;D

Thank you guys Mal Marebytes log was squeaky clean. And Avast was clean too.

My blue screen of Death appeared how show you my cpu specs to make its not it a dsk diag

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log )

Essexboy will look at the logs when he arrive here later today…

It is working now…

I have the reports.

Now relax and wait for Essexboy :wink:

Logs look good. Do you know what driver is causing the BSOD ?

I have no real solid idea. It could be a compilation of things. Unlikely is a bad hardrive. possible a ati 3d card that appears to be using an nevidia drive. but all information that i have gathered says this piticular card runs that way. I would love to show you a BIOS log, but im not entirly sure how to show you this.

P.S.
The problem that i thought i fixed happened again. I could show you the log microsoft has to show you.

Do you have a minidump at C:\windows\minidumps ? If so could you upload it to Mediafire and post the sharing link.

If you cannot find it - what is your video card make and model