Bert24 Posted September 4, 2011 ID:472618 Share Posted September 4, 2011 Hi D-Fred,I want to apologize to you, because I didn´t answered to your support.The PC is now running well after your support. The random shutdowns were due to a software collision of different Antivirus Programms(and Firewall) like Norton , Spybot, Malwarebytes etc.Further more I did a forced Windows update with "wsusoffline" "UpdateInstaller.exe"Yours sincerelyBernie Link to post Share on other sites More sharing options...
Bert24 Posted September 5, 2011 Author ID:472929 Share Posted September 5, 2011 Hi D-Fred,today I had a random shutdown an the PC was only able to start after I pulled out the power cable. Eset(atteched) has found something ,yesterday. What should I do next ?Thank for your support !Bernie Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 5, 2011 ID:473041 Share Posted September 5, 2011 Glad to hear things are better The random shutdown sounds like a power/battery issue to me- I don't think its malware related.Let's run a deep scan to see if there's anything concerning:Download the latest version of Kaspersky Virus Removal ToolClose all other applications and double-click and run the installer.When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats. Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK. Select all the scanable items except for CD-ROM drives and click the Start scan button.If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all buttonIn the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.In the Scan window click the Reports button and select Save to file.Name the report AVPT.txt, and save it to the Desktop.Close AVPTool.You will be prompted if you want to uninstall the program; click Yes.You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.Copy and paste the first part of the report (Detected) that you saved in your next reply. Link to post Share on other sites More sharing options...
Bert24 Posted September 6, 2011 Author ID:473253 Share Posted September 6, 2011 Hello D -Fred,I can´t install the Kaspersky Removal Tool.First time the pc shut down while installing.At second time a message appaered , have a look at it.As I tryed Kaspersky in safe mode, the pc shows the same behavior.When I started in safe mode I recognized a "new feature".I attached some pictures of the problems.The last message on the black screen was: "Press enter to continue loading SPTD.sys" Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 7, 2011 ID:473501 Share Posted September 7, 2011 Please download WVCheck from Artellos.com.Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)As indicated by the prompt, This program can take a while depending on your hard drive space.Once the program is done, copy the contents of the notepad file as a reply. Link to post Share on other sites More sharing options...
Bert24 Posted September 8, 2011 Author ID:473947 Share Posted September 8, 2011 Hi D-Fred,here ist the log file:Windows Validation CheckVersion: 1.9.12.5Log Created On: 0724_08-09-2011-----------------------Windows Information-----------------------Windows Version: Windows XP Service Pack 3 Windows Mode: NormalSystemroot Path: C:\WINDOWSWVCheck's Auto Update Check-----------------------Auto-Update Option: Download updates automatically, but ask me when I want to install them.-----------------------Last Success Time for Update Detection: 2011-09-08 05:11:52Last Success Time for Update Download: 2011-09-08 05:13:39Last Success Time for Update Installation: 2011-09-08 05:18:42WVCheck's Registry Check Check-----------------------Antiwpa: Not Found-----------------------Chew7Hale: Not Found-----------------------WVCheck's File Dump-----------------------WVCheck found no known bad files.WVCheck's Dir Dump-----------------------WVCheck found no known bad directories.WVCheck's Missing File Check-----------------------WVCheck found no missing Windows files.WVCheck's MBAM Quarantine Check-----------------------There were no bad files quarantined by MBAM.WVCheck's HOSTS File Check-----------------------WVCheck found no bad lines in the hosts file.WVCheck's MD5 CheckEXPERIMENTAL!!-----------------------user32.dll - b0050cc5340e3a0760dd8b417ff7aebd-------- End of File, program close at 0724_08-09-2011 --------What do think ? Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 8, 2011 ID:474102 Share Posted September 8, 2011 My sincerest apologies for the delay,Let's try ComboFix:Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.Also, please let me know if any problems still remain. Link to post Share on other sites More sharing options...
Bert24 Posted September 9, 2011 Author ID:474415 Share Posted September 9, 2011 Hi D-Fred,the log file is atteched.Please have a look on it. Thank you.BernieCombofix.zip Link to post Share on other sites More sharing options...
Bert24 Posted September 9, 2011 Author ID:474516 Share Posted September 9, 2011 Hi D-Fred,here is al log from an other account with Antimalware:Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatenbank Version: 7674Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870209.09.2011 15:38:01mbam-log-2011-09-09 (15-38-01).txtArt des Suchlaufs: Quick-ScanDurchsuchte Objekte: 155578Laufzeit: 6 Minute(n), 18 Sekunde(n)Infizierte Speicherprozesse: 0Infizierte Speichermodule: 0Infizierte Registrierungsschlüssel: 0Infizierte Registrierungswerte: 1Infizierte Dateiobjekte der Registrierung: 0Infizierte Verzeichnisse: 0Infizierte Dateien: 0Infizierte Speicherprozesse:(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Delete on reboot.Infizierte Dateiobjekte der Registrierung:(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:(Keine bösartigen Objekte gefunden)Infizierte Dateien:(Keine bösartigen Objekte gefunden)What do you think?Bernie Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 9, 2011 ID:474530 Share Posted September 9, 2011 Before we do anything else, please let me know if you're still encountering the issues you were before Link to post Share on other sites More sharing options...
Bert24 Posted September 10, 2011 Author ID:474662 Share Posted September 10, 2011 Hi D-Fred,I don´t understand your question. What do you want to know exactly ?Bernie Link to post Share on other sites More sharing options...
Bert24 Posted September 10, 2011 Author ID:474691 Share Posted September 10, 2011 Hi D-Fred,I think you want to know, how the pc is running.The Pc is running well, only while Scanning with Norton Internet Security or Kaspersky Virus Removalwere random shutdowns. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 10, 2011 ID:474734 Share Posted September 10, 2011 Well, it looks like you already have an Antivirus and Anti-spyware suite (Spyware Doctor with Antivirus) installed and running besides Norton... I suggest you pick one (either Spyware Doctor or Norton) to keep and see if that resolves the issue. Let me know how it goes. Link to post Share on other sites More sharing options...
Bert24 Posted September 11, 2011 Author ID:474960 Share Posted September 11, 2011 Hi D-Fred,here a result of Kaspersky, but it stopped at the file: spoolsv.exeI will delete Norton , and than report to you.Kaspersky.zip Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 11, 2011 ID:475006 Share Posted September 11, 2011 here a result of Kaspersky, but it stopped at the file: spoolsv.exeI'm not sure I understand what you mean by it "stopped" at that point... did it crash when it reached that file? Did the computer shut down when it reached that point? Please clarify this for me Link to post Share on other sites More sharing options...
Bert24 Posted September 12, 2011 Author ID:475187 Share Posted September 12, 2011 Hi D-Fred,at this point on the picture Kaspersky stopped, the pc doesn´t crashed.But today I tryed again a scan with Kaspersky, and during the scan the pc shut down. Spyware Dr. and Spybot were disabled.Bernie Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 12, 2011 ID:475394 Share Posted September 12, 2011 Are you getting any blue screens before shut down, or is it just shutting down? Link to post Share on other sites More sharing options...
Bert24 Posted September 16, 2011 Author ID:476500 Share Posted September 16, 2011 Hi D-Fred,there is no bluescreen. The PC only shut down.At 3 or 4 restarts I have no Internet access and Windows update doesn´t work. Bernie Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 17, 2011 ID:476708 Share Posted September 17, 2011 Let's try removing Norton- it has been observed as causing similar behavior in the past:See this website for instructions and links for downloading the Norton removal tool:https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-homeAfter that, let me know how it goes. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 17, 2011 ID:476816 Share Posted September 17, 2011 Please ignore the posts of Caxap as he/she is not authorized to help in this forum.With that being said, how is the computer running after removing Norton? Link to post Share on other sites More sharing options...
Bert24 Posted September 22, 2011 Author ID:478253 Share Posted September 22, 2011 Hi D-Fred,there is no change, after running Norton cleaningtool. Link to post Share on other sites More sharing options...
Bert24 Posted September 22, 2011 Author ID:478255 Share Posted September 22, 2011 Hi D-Fred,there are no changes, after running Norton removaltool What shall we do now ? Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 22, 2011 ID:478454 Share Posted September 22, 2011 Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:http://ad13.geekstogo.com/MBRCheck.exehttp://download.bleepingcomputer.com/rootrepeal/MBRCheck.exehttp://www.kernelmode.info/MBRCheck.exeClose all opened programs/ windows and double-click on MBRCheck.exe.It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".Press the "Enter" key to close the MBRCheck window and post the contents of the log file. Link to post Share on other sites More sharing options...
Bert24 Posted September 28, 2011 Author ID:480305 Share Posted September 28, 2011 Hi D-Fred,here is the log file:----------------------------------------------------------------------------------------------MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP ProfessionalWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000001dKernel Drivers (total 154): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80701000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF74C6000 sptd.sys 0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF74AE000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF748E000 fltmgr.sys 0xF745F000 ACPI.sys 0xF744E000 pci.sys 0xF75F7000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF798B000 viaide.sys 0xF7607000 MountMgr.sys 0xF7858000 ftdisk.sys 0xF798D000 dmload.sys 0xF7832000 dmio.sys 0xF770F000 PartMgr.sys 0xF7717000 videX32.sys 0xF771F000 hotcore3.sys 0xF7617000 VolSnap.sys 0xF796F000 atapi.sys 0xF7956000 nvatabus.sys 0xF7627000 disk.sys 0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB874E000 sr.sys 0xB870B000 PCTCore.sys 0xB86B4000 pctDS.sys 0xB860F000 pctEFA.sys 0xF7727000 xfilt.sys 0xB85FC000 TfSysMon.sys 0xB85EB000 TfFsMon.sys 0xF7647000 PxHelp20.sys 0xB85D4000 KSecDD.sys 0xB8547000 Ntfs.sys 0xB851A000 NDIS.sys 0xF7657000 uagp35.sys 0xF7667000 ohci1394.sys 0xF7677000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xB8500000 Mup.sys 0xF742E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB7598000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB7584000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB755C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB74D8000 \SystemRoot\system32\DRIVERS\fpcibase.sys 0xF741E000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF740E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7887000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB74B5000 \SystemRoot\system32\DRIVERS\ks.sys 0xB7FBA000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB7491000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xB7FB2000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB7FAA000 \SystemRoot\system32\DRIVERS\fdc.sys 0xB747D000 \SystemRoot\system32\DRIVERS\parport.sys 0xB83D8000 \SystemRoot\system32\DRIVERS\gameenum.sys 0xF7877000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xB7FA2000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB7F9A000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xB87F0000 \SystemRoot\system32\DRIVERS\serial.sys 0xB83D4000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB87E0000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys 0xB87D0000 \SystemRoot\system32\DRIVERS\AVMCOWAN.sys 0xB742C000 \SystemRoot\system32\DRIVERS\NETFRITZ.SYS 0xB8158000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB7F92000 \SystemRoot\system32\DRIVERS\rasirda.sys 0xB7F8A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB87C0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB83CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB7415000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xB87B0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xB87A0000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xB7404000 \SystemRoot\system32\DRIVERS\psched.sys 0xB8790000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xB7F82000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xB7F7A000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB73D4000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xB8780000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79C9000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB7376000 \SystemRoot\system32\DRIVERS\update.sys 0xF793B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF793F000 \SystemRoot\system32\DRIVERS\vsb.sys 0xF7787000 \SystemRoot\system32\DRIVERS\UimBus.sys 0xB7330000 \SystemRoot\System32\Drivers\Uim_IM.sys 0xF79CB000 \SystemRoot\System32\Drivers\UimFIO.SYS 0xB6EDC000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xB6EB8000 \SystemRoot\system32\drivers\portcls.sys 0xB8770000 \SystemRoot\system32\drivers\drmk.sys 0xB8760000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAACB3000 \SystemRoot\system32\drivers\AtiHdmi.sys 0xB844C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF778F000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF79D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB7FCD000 \SystemRoot\System32\Drivers\Null.SYS 0xF79D5000 \SystemRoot\System32\Drivers\Beep.SYS 0xF779F000 \SystemRoot\System32\drivers\vga.sys 0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF77A7000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB734E000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAAB00000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAAAA7000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAAA6B000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys 0xAAA45000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xAAA1D000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB842C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xB6E9C000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xAA9FB000 \SystemRoot\System32\drivers\afd.sys 0xB841C000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAA9D0000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAA995000 \SystemRoot\System32\Drivers\PCTSD.sys 0xAA982000 \??\C:\Programme\Clarus\Samsung SecretZone\mvd20.sys 0xAA912000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB83DC000 \SystemRoot\system32\DRIVERS\DFSTOR2K.SYS 0xF76E7000 \??\C:\Programme\Clarus\Samsung SecretZone\mdf15.sys 0xF77B7000 \SystemRoot\System32\Drivers\GearAspiWDM.SYS 0xF76F7000 \SystemRoot\System32\Drivers\Fips.SYS 0xF79DD000 \SystemRoot\system32\drivers\AsIO.sys 0xB7D10000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAA882000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79DF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xAAC5C000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77C7000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xB7E38000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\ati2dvag.dll 0xBD060000 \SystemRoot\System32\ati2cqag.dll 0xBD10A000 \SystemRoot\System32\atikvmag.dll 0xBD1B6000 \SystemRoot\System32\atiok3x2.dll 0xBD21B000 \SystemRoot\System32\ati3duag.dll 0xBD5DE000 \SystemRoot\System32\ativvaxx.dll 0xBD86A000 \SystemRoot\System32\ATMFD.DLL 0xAA85E000 \??\C:\WINDOWS\system32\drivers\mbam.sys 0xA7BEF000 \SystemRoot\system32\DRIVERS\irda.sys 0xA7D29000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA7E05000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA78CA000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA7B87000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys 0xF79A1000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xA7A07000 \SystemRoot\System32\Drivers\ASPI32.SYS 0xA75CC000 \??\C:\WINDOWS\system32\drivers\hardlock.sys 0xA75A8000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xA7460000 \SystemRoot\system32\DRIVERS\srv.sys 0xA7508000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xA71D0000 \??\C:\PROGRA~1\VCOM\Fix-It\Vsapint.sys 0xA73D8000 \??\C:\PROGRA~1\VCOM\Fix-It\tmpreflt.sys 0xA70C9000 \??\C:\PROGRA~1\VCOM\Fix-It\tmxpflt.sys 0xA6D44000 \SystemRoot\system32\drivers\wdmaud.sys 0xA7388000 \SystemRoot\system32\drivers\sysaudio.sys 0xA6031000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dllProcesses (total 45): 0 System Idle Process 4 System 900 C:\WINDOWS\system32\smss.exe 948 csrss.exe 980 C:\WINDOWS\system32\winlogon.exe 1024 C:\WINDOWS\system32\services.exe 1036 C:\WINDOWS\system32\lsass.exe 1216 C:\WINDOWS\system32\ati2evxx.exe 1236 C:\WINDOWS\system32\svchost.exe 1304 svchost.exe 1612 C:\WINDOWS\system32\svchost.exe 1856 svchost.exe 244 C:\WINDOWS\system32\spoolsv.exe 300 C:\WINDOWS\system32\ati2evxx.exe 1588 svchost.exe 1664 C:\Programme\FRITZ!DSL\IGDCTRL.EXE 1684 C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe 1388 C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe 1440 C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe 1464 C:\PROGRA~1\VCOM\Fix-It\mxtask.exe 1484 C:\WINDOWS\system32\gearsec.exe 1556 C:\CombiPlus\SQLBase\dbnt10sv.exe 1872 C:\Programme\Java\jre6\bin\jqs.exe 280 C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe 328 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 1780 C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe 2292 C:\SDII\TRANSBAS\sd2mux32.exe 2508 C:\WINDOWS\system32\svchost.exe 2680 C:\WINDOWS\system32\searchindexer.exe 3656 C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe 2912 alg.exe 2484 C:\PROGRA~1\VCOM\Fix-It\mxtask.exe 2624 C:\WINDOWS\system32\wscntfy.exe 2988 C:\WINDOWS\explorer.exe 2796 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe 2304 C:\WINDOWS\RTHDCPL.exe 3780 C:\Programme\PC Tools Security\BDT\FGuard.exe 528 C:\Programme\Microsoft ActiveSync\wcescomm.exe 780 C:\WINDOWS\system32\ctfmon.exe 3352 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 2824 C:\WINDOWS\system32\wuauclt.exe 324 C:\Programme\Windows NT\Zubehör\wordpad.exe 3796 C:\WINDOWS\system32\searchprotocolhost.exe 2132 searchfilterhost.exe 1384 C:\Dokumente und Einstellungen\svjaksch\Desktop\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)PhysicalDrive0 Model Number: SAMSUNGSP2514N, Rev: VF100-41 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 5B1F0F8C0ADB0E04C3CB211B6DBB46F6EB98650BFound non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: Done! Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted September 29, 2011 ID:480550 Share Posted September 29, 2011 Let's try the following :Step 1Run MBRCheck.exe once again.You will be presented with the following dialog:Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit:Enter Y and press Enter.The following dialog will be presented:Options:[1] Dump the MBR of a physical disk to file.[2] Restore the MBR of a physical disk with a standard boot code.[3] Exit.Enter your choice:Enter 1 and press EnterThe following dialog will be presented:Enter the physical disk number to fix (0-99, -1 to cancel):Enter 0 (zero) and press EnterThe following dialog will be presented:Enter filename to dump to:Type mbr-dump.dat and press EnterThe following dialog will be presented:Dumped successfully!Enter the physical disk to dump (0-99, -1 to exit):Enter -1 and press EnterAnd last the following dialog will be presented:Done! Press ENTER to exit...Press Enter.A file mbr-dump.dat will be produced on the desktop. Now you have to compress this file:Right click on itNavigate and select Send toThen navigate and select Compressed (zipped) FolderA file mbr-dump.zip will be produced on the desktopPlease attach this file (mbr-dump.zip) in your next reply. Link to post Share on other sites More sharing options...
Recommended Posts