Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-28 00:58:51
00:58:51.968 OS Version: Windows 5.1.2600 Service Pack 3
00:58:51.968 Number of processors: 2 586 0x4303
00:58:51.968 ComputerName: 2-8141B4DC8AF14 UserName:
00:58:52.187 Initialize success
00:58:58.531 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP2T0L0-5
00:58:58.531 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
00:58:58.531 Disk 0 MBR read error
00:58:58.531 Disk 0 MBR scan
00:58:58.531 MBR BIOS signature not found 0
00:58:58.531 Disk 0 scanning sectors +488376000
00:58:58.531 Disk 0 scanning C:\WINDOWS\system32\drivers
00:59:01.406 Service scanning
00:59:02.234 Disk 0 trace - called modules:
00:59:02.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89095aee]<<
00:59:02.234 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x89dbeab8]
00:59:02.234 3 CLASSPNP.SYS[b80e8fd7] → nt!IofCallDriver → \Device\00000075[0x89dbff18]
00:59:02.234 5 ACPI.sys[b7e57620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP2T0L0-5[0x89dbdd98]
00:59:02.234 Scan finished successfully
When I tried to do my online banking couple of days ago a pop up window appeared asking for my credit card number, pin, expiry date etc, which could not have possibly come from the bank (I also verified with the bank later that there are no changes in the login).
When I scanned my computer with the Avast it reported MBR:\.|PHYSICALDRIVE0. I scanned and tried to delete or repair many times, but it occurs again and again. When I do the boot-time scan the Avast reports that I have sinlaw@mbr.
This may be the new variant - does a bootscan detect it and try to cure it ?
Lets use TDSSKiller as a test
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.