[mike@webacts]

This problem was first noticed when the internet would slow down and then stop. Eventually the entire workstation freezes, forcing a hard shut down. Running Windows XP SP3 on a Dell Dimension 4500. OTL log not attached because it won't run. Tried downloading from two different servers. Running OTLView revealed "TDL4@MBR code has been found".

[Advertisements]

Hi there download and extract the following zip file



Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi there download and extract the following zip file



Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[mike@webacts]

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-25 22:55:00
-----------------------------
22:55:00.687 OS Version: Windows 5.1.2600 Service Pack 3
22:55:00.687 Number of processors: 1 586 0x204
22:55:00.687 ComputerName: BILLING UserName:
22:55:01.328 Initialize success
22:57:33.937 AVAST engine defs: 11062501
23:34:26.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:34:26.328 Disk 0 Vendor: WDC_WD200BB-75DEA0 05.03E05 Size: 19073MB BusType: 3
23:34:28.343 Disk 0 MBR read successfully
23:34:28.343 Disk 0 MBR scan
23:34:28.343 Disk 0 Windows XP default MBR code
23:34:30.343 Disk 0 scanning sectors +39054015
23:34:30.375 Disk 0 scanning C:\WINDOWS\system32\drivers
23:34:58.078 Service scanning
23:34:59.187 Disk 0 trace - called modules:
23:34:59.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:34:59.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f81ab8]
23:34:59.203 3 CLASSPNP.SYS[f7523fd7] -> nt!IofCallDriver -> \Device\0000005a[0x86f2f130]
23:34:59.203 5 ACPI.sys[f749a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fc7d98]
23:34:59.406 AVAST engine scan C:\WINDOWS
00:57:04.625 AVAST engine scan C:\Documents and Settings\Billing coordinator
01:08:54.625 AVAST engine scan C:\Documents and Settings\All Users
01:14:08.796 Scan finished successfully
01:14:16.859 Disk 0 MBR has been saved successfully to "Z:\ACTS\Malware Tools\MBR.dat"
01:14:16.953 The log file has been saved successfully to "Z:\ACTS\Malware Tools\aswMBR.txt"

Attached Files

•  aswMBR.txt   1.63KB   104 downloads

[Essexboy]

What error did tou get with OTL - could you download and run this different version

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

• Under the Custom Scan box paste this in
  
  
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
  
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

[mike@webacts]

Upon executing OTL.exe I get the following error dialog box: "OTL has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. For more information about this error, click here."

I attempted to run OTS from the desktop and got the same error dialog.

[Essexboy]

Could you try from safe mode please

[mike@webacts]

Same error whether in Safe Mode or normal Windows startup.

[Essexboy]

OK I do not like working blind like this - but there is no other option I feel

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

[mike@webacts]

During the wait I ran MSERT and it cleaned off 3 infections. Then, after I saw your reply I ran DrWeb and it found no infections. OTR or OTS still generate the same error but I'm going to consider this resolved for now. Thanks for your help.

[Essexboy]

If you are sure, I will leave this thread open for a few days just in case

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.