whistler/black internet@mbr again!

Please put ComboFix directly on your desktop, not here:
ausgeführt von:: d:\dowloads firefox\ComboFix.exe

Use windows explorer to find and delete:
c:\windows\system32\CBD.tmp
c:\windows\system32\4E8C.tmp

please do the following:

* Run MBRCheck.exe
* Wait until you see the following lines:
o Enter 'Y' and hit ENTER for more options, or 'N' to exit:
o Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:

* Please push the 'Y' key and then press Enter
* When the program asks you to Enter your choice: enter 2 to Restore the MBR and press the Enter key
* Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
o Enter 0 and press the Enter key.
* The program will show Available MBR codes as below

* You need to select your version of Windows from the list. For example, enter 0 or 1 for XP or enter 3 for Vista.....etc. and then press Enter.
* The program will prompt for confirmation. Type 'YES' and hit Enter.
* Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
* You will see all the text in the window get highlighted.
* Hit the Enter key on your keyboard to copy all of the text into the clipboard.
* Paste that text into Notepad, save it to your desktop as MBRfix.txt
* Restart your PC.
* Attach the MBRfix.txt file to your next message..

Now do it again and this time choose Physical disc 1.

Now please re-run MBRCheck.exe and attach that log also.

 

Do you have your Win7 CD? If so, reboot to the bios and change the boot order to CD/DVD as first boot device. Put in your CD and reboot. Then go into the Command panel and type this:
fixmbr \device\harddisk1 ( Enter )
fixmbr \device\harddisk0 ( Enter )

Reboot and then re-run MBRCheck. Attach that log.

See these instructions:
http://www.sevenforums.com/tutorials/20864-mbr-restore-windows-7-master-boot-record.html
http://support.microsoft.com/kb/927392

 

What is that drive? Is it an external? We can try doing it again with MBRCheck.
* Run MBRCheck.exe
* Wait until you see the following lines:
o Enter 'Y' and hit ENTER for more options, or 'N' to exit:
o Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:

* Please push the 'Y' key and then press Enter
* When the program asks you to Enter your choice: enter 2 to Restore the MBR and press the Enter key
* Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
o Enter 0 and press the Enter key.
* The program will show Available MBR codes as below

* You need to select your version of Windows from the list. For example, enter 0 or 1 for XP or enter 3 for Vista.....etc. and then press Enter.
* The program will prompt for confirmation. Type 'YES' and hit Enter.
* Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
* You will see all the text in the window get highlighted.
* Hit the Enter key on your keyboard to copy all of the text into the clipboard.
* Paste that text into Notepad, save it to your desktop as MBRfix.txt
* Restart your PC.
* Attach the MBRfix.txt file to your next message..

 

Is it a partition with a different OS on it?

 

If it is not an external, is just a partition with data, then there should be no MBR on it. When you went into the Recovery Environment, you where not given an option of which Hard Drive you wanted to fix, did you? So I am thinking this is a false report by MBRCheck.

Tell me what this reports:
aswMBR 0.9

 

Ok, so it is a slave drive? Let's see if Hirams can see it:

*** Please print these instructions ***

1. Download Hiren's BootCD Iso to the desktop of a clean computer.
2. Extract the zipped HirensBootCD.zip to your desktop.
3. Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
4. Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
5. Insert a blank CD in your drive.
6. Press Start. This will burn the image to disc. After it has completed...
7. Restart your sick computer and boot from the HBCD you created.
o If your PC is not booting from the CD, you need to change the boot order:
+ Restart your PC
+ As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
+ Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
+ Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
+ The tab should now show your current boot order.
+ If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
+ Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
o Your PC should now boot from your CD.
o Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
8. When the CD boots choose "DOS BootCD".
http://noahdfear.net/10.2_startup.gif
At the Hiren's BootCD main menu, select Next and hit Enter.
http://noahdfear.net/main_menu.gif
At the second menu select 1 MBR (Master Boot Record)Tools
http://noahdfear.net/menu2.gif
In the list of MBR Tools select 1 MBR Work 1.08
http://noahdfear.net/mbr_tool.gif
This screen will show the hard drive configuration. --> Does it show both drives and give you a choice?
http://noahdfear.net/mbr_tool_fix.gif
Type 5 to Install standard MBR code then hit Enter
Type 1 to select Standard then hit Enter
Type Y then hit Enter to confirm
Type E then hit Enter to exit
Press Ctrl+Alt+Del to restart the machine

 

Yes, that did it. What malware issues are you still having, if any?

 

You can use the guideline at the bottom of the final cleanup procedures to check your system against what we recommend:

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   
   
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
10. After doing the above, you should work thru the below link:
    
    • How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook