Two red lines on aswMBR scan. What should i do?

Hi all! First, excuse my english. Have Windows Vista and Avast!AV
Days ago, IE8 crashed,then BSOD, and every time i shut down the Pc.
First i ran a malwarebytes scan and deleted a few things; then i run Tdsskiller and detected infection and one suspicious file, then delete a Rootkit.Win32.TDSS.tdl4

After i use the aswMBR and i get two red lines. These are:
ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8700e1f8]<<
\Driver\nvstor32[0x8704e8d0] → IRP_MJ_CREATE → 0x8700e1f8

By clicking FixMBR appears a Warning:“writing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessible.” :o :-\ In other forum say me that don’t worry ??? Now the Pc seems to work ok, only the cooler a bit more noisy than before(maybe is other kind of problem)

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when posted

Could you post the aswMBR log please so that I can see where it points

OK, i have already a new scan:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-10 22:49:47

22:49:47.364 OS Version: Windows 6.0.6002 Service Pack 2
22:49:47.364 Number of processors: 4 586 0xF0B
22:49:47.366 ComputerName: JUAN2 UserName: Juan
22:49:50.304 Initialize success
22:51:09.602 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000058
22:51:09.605 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6
22:51:09.610 Disk 1 \Device\Harddisk1\DR1 → \Device\00000059
22:51:09.613 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6
22:51:11.645 Disk 0 MBR read successfully
22:51:11.652 Disk 0 MBR scan
22:51:11.663 Disk 0 unknown MBR code
22:51:13.684 Disk 0 scanning sectors +976771072
22:51:13.720 Disk 0 scanning C:\Windows\system32\drivers
22:51:18.288 Service scanning
22:51:20.200 Disk 0 trace - called modules:
22:51:20.216 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8700e1f8]<<
22:51:20.224 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x87e0eac8]
22:51:20.231 3 CLASSPNP.SYS[8bbb08b3] → nt!IofCallDriver → [0x87043958]
22:51:20.250 5 acpi.sys[807b76bc] → nt!IofCallDriver → \Device\00000058[0x87044030]
22:51:20.263 \Driver\nvstor32[0x870b9c18] → IRP_MJ_CREATE → 0x8700e1f8
22:51:20.275 Scan finished successfully
22:51:36.014 Disk 0 MBR has been saved successfully to “C:\Users\Juan\Desktop\MBR.dat”
22:51:36.025 The log file has been saved successfully to “C:\Users\Juan\Desktop\aswMBR.txt”

Thanks for reply

That looks like the new TDL3/4 hybrid - could you run an OTS scan on completion please

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

Hi again, i made the Tdsskiller scan:

Sorry, i forgot OTS scan :-[

What problems are you experiencing as that looks to be OK

Actually, everything seems to be running well, my consultation was for the lines of aswMBR scan; this mean not infection? Other question you said that seems TDL3/4 hybrid, OTS and Tdsskiller verify it’s clear? is :slight_smile:

Yes 'tis good - It is just an indication but not a confirmation that it was there. TDSSKiller was a second opinion ;D