Two red lines on aswMBR scan. What should i do?

[metalguru]

Hi all! First, excuse my english. Have Windows Vista and Avast!AV
Days ago, IE8 crashed,then BSOD, and every time i shut down the Pc.
First i ran a malwarebytes scan and deleted a few things; then i run Tdsskiller and detected infection and one suspicious file, then delete a Rootkit.Win32.TDSS.tdl4

After i use the aswMBR and i get two red lines. These are:
ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8700e1f8]<<
\Driver\nvstor32[0x8704e8d0] -> IRP_MJ_CREATE -> 0x8700e1f8

By clicking FixMBR appears a Warning:"writing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessible."      In other forum say me that don't worry   Now the Pc seems to work ok, only the cooler a bit more noisy than before(maybe is other kind of problem)

[Pondus]

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )


To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when posted

[essexboy]

Could you post the aswMBR log please so that I can see where it points

[metalguru]

OK, i have already a new scan:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-10 22:49:47
-----------------------------
22:49:47.364    OS Version: Windows 6.0.6002 Service Pack 2
22:49:47.364    Number of processors: 4 586 0xF0B
22:49:47.366    ComputerName: JUAN2  UserName: Juan
22:49:50.304    Initialize success
22:51:09.602    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
22:51:09.605    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6
22:51:09.610    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000059
22:51:09.613    Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6
22:51:11.645    Disk 0 MBR read successfully
22:51:11.652    Disk 0 MBR scan
22:51:11.663    Disk 0 unknown MBR code
22:51:13.684    Disk 0 scanning sectors +976771072
22:51:13.720    Disk 0 scanning C:\Windows\system32\drivers
22:51:18.288    Service scanning
22:51:20.200    Disk 0 trace - called modules:
22:51:20.216    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8700e1f8]<<
22:51:20.224    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e0eac8]
22:51:20.231    3 CLASSPNP.SYS[8bbb08b3] -> nt!IofCallDriver -> [0x87043958]
22:51:20.250    5 acpi.sys[807b76bc] -> nt!IofCallDriver -> \Device\00000058[0x87044030]
22:51:20.263    \Driver\nvstor32[0x870b9c18] -> IRP_MJ_CREATE -> 0x8700e1f8
22:51:20.275    Scan finished successfully
22:51:36.014    Disk 0 MBR has been saved successfully to "C:\Users\Juan\Desktop\MBR.dat"
22:51:36.025    The log file has been saved successfully to "C:\Users\Juan\Desktop\aswMBR.txt"

Thanks for reply

[essexboy]

That looks like the new TDL3/4 hybrid - could you run an OTS scan on completion please

Please read carefully and follow these steps. 

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[metalguru]

Hi again, i made the Tdsskiller scan:

[metalguru]

Sorry, i forgot OTS scan

[essexboy]

What problems are you experiencing as that looks to be OK

[metalguru]

Actually, everything seems to be running well, my consultation was for the lines of aswMBR scan; this mean not infection? Other question you said that seems TDL3/4 hybrid, OTS and Tdsskiller verify it's clear? is 

[essexboy]

Yes 'tis good - It is just an indication but not a confirmation that it was there.  TDSSKiller was a second opinion