Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirects


  • This topic is locked This topic is locked

#31
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Nope, there is no .iso file, there's .sdi .bin and .wim and the others don't have one.
  • 0

Advertisements


#32
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

lets try something different.

Download GETxPUD.exe to the desktop
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow Athe prompts to burn the image to a CD.
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Make sure both the USB and CD are inserted
  • Boot the computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter

The first screen will present log options - press Enter to continue.

Posted Image

TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

Posted Image

Select [Intel] partiton and press Enter to continue.

Posted Image

Select [MBR Code] and press Enter to continue.

Posted Image

Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.

Posted Image

Press Q repeatedly until TestDisk exits then reboot.
  • 0

#33
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
When I boot from CD, the xPUD screen shows with language settings. I select English and press enter & a black screen shows up. It's been 35 minutes and nothing has happened, it's just a black screen.. Is it supposed to take longer than 35 minutes for it to load?

Edited by chrysalis, 17 July 2011 - 06:08 PM.

  • 0

#34
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

You will have to create a Windows 7 recovery CD

See Here

Boot from the CD

you will presented with the following screen

Posted Image

Click on the Command Prompt

Type this command and hit Enter.

Bootrec.exe /FixMbr

Once finished type Exit and hit enter.

Click on Restart to reboot your system.

Let me know how it goes.
  • 0

#35
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It went perfectly, no errors. (:

May I ask what this is all for though? I thought it was just google redirects, but it seems to be a whole lot more..
  • 0

#36
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
The google redirects are caused by a fake MBR code on your system, we are trying to rewrite it to fix that.

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#37
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Oh, okay. Thanks for telling me. (x




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7740
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 201):
0x02E06000 \SystemRoot\system32\ntoskrnl.exe
0x033E2000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00CE4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D28000 \SystemRoot\system32\PSHED.dll
0x00D3C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EBF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F63000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F72000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FC9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FD2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x010E3000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01000000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01009000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01033000 \SystemRoot\system32\drivers\amdxata.sys
0x0103E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0108A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01223000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01485000 \SystemRoot\System32\Drivers\msrpc.sys
0x014E3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014FD000 \SystemRoot\System32\Drivers\cng.sys
0x01570000 \SystemRoot\System32\drivers\pcw.sys
0x01581000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0165C000 \SystemRoot\system32\drivers\ndis.sys
0x0174E000 \SystemRoot\system32\drivers\NETIO.SYS
0x017AE000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\System32\Drivers\spldr.sys
0x0158B000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D9000 \SystemRoot\System32\Drivers\mup.sys
0x017EB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015C5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x01416000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02B94000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02BBE000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x02BC7000 \SystemRoot\System32\Drivers\Null.SYS
0x02BD0000 \SystemRoot\System32\Drivers\Beep.SYS
0x02BD7000 \SystemRoot\System32\drivers\vga.sys
0x02A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A25000 \SystemRoot\System32\drivers\watchdog.sys
0x02A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02A3E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A47000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02A50000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BE5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03C02000 \SystemRoot\System32\drivers\tcpip.sys
0x03E9C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03EE6000 \SystemRoot\System32\Drivers\Mpfp.sys
0x03F23000 \SystemRoot\System32\Drivers\TDI.SYS
0x03F30000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03F4E000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03F6C000 \SystemRoot\system32\drivers\afd.sys
0x03E00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E45000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03E4E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03E74000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03E8A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01454000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0146F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04050000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x040A1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x040AD000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x040C0000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x040C8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x040D3000 \SystemRoot\system32\drivers\mfehidk.sys
0x0411D000 \SystemRoot\System32\drivers\discache.sys
0x0412C000 \SystemRoot\System32\Drivers\dfsc.sys
0x0414A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0415B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04627000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x05046000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0513A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05180000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05191000 \SystemRoot\system32\drivers\usbehci.sys
0x051A2000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04181000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04212000 \SystemRoot\system32\DRIVERS\athrx.sys
0x0438E000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0439B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x043A0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043BE000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x043CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04000000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x043D9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x043DB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043EA000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x043F2000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04200000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x041D2000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x013C5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03FF5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x013DB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x01200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0109E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x017F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05448000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05477000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05492000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x054B3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x054CD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x054CF000 \SystemRoot\system32\DRIVERS\ks.sys
0x05512000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05524000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0557E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A0A000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05593000 \SystemRoot\system32\drivers\portcls.sys
0x055D0000 \SystemRoot\system32\drivers\drmk.sys
0x05BF6000 \SystemRoot\system32\drivers\ksthunk.sys
0x05C75000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x05DA6000 \SystemRoot\system32\drivers\modem.sys
0x05DB5000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x05C00000 \SystemRoot\System32\drivers\Dxapi.sys
0x05C0C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05C29000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05C57000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x007C0000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x05400000 \SystemRoot\system32\drivers\luafv.sys
0x05C65000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x05423000 \SystemRoot\system32\drivers\WudfPf.sys
0x02A5B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A70000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02AC3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02AD6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05DF6000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x02AEE000 \SystemRoot\system32\DRIVERS\udfs.sys
0x024E8000 \SystemRoot\system32\drivers\HTTP.sys
0x025B0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x026D8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02600000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02613000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02631000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02649000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02676000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x025BE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x025E1000 \SystemRoot\System32\Drivers\adfs.SYS
0x02400000 \SystemRoot\system32\drivers\peauth.sys
0x026C4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0643E000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x064F5000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x06542000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0656F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06581000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A98000 \SystemRoot\System32\DRIVERS\srv.sys
0x06B2D000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x06B38000 \SystemRoot\system32\drivers\mfeavfk.sys
0x06B50000 \SystemRoot\system32\drivers\mfesmfk.sys
0x06B5B000 \SystemRoot\system32\drivers\spsys.sys
0x77A50000 \Windows\System32\ntdll.dll
0x478C0000 \Windows\System32\smss.exe
0xFFD70000 \Windows\System32\apisetschema.dll
0xFFCF0000 \Windows\System32\autochk.exe
0xFFD40000 \Windows\System32\imagehlp.dll
0xFFC10000 \Windows\System32\wininet.dll
0xFFB70000 \Windows\System32\msvcrt.dll
0x77C20000 \Windows\System32\psapi.dll
0xFFAA0000 \Windows\System32\usp10.dll
0xFFA00000 \Windows\System32\comdlg32.dll
0xFF7A0000 \Windows\System32\iertutil.dll
0xFF5C0000 \Windows\System32\setupapi.dll
0xFF490000 \Windows\System32\rpcrt4.dll
0x77C10000 \Windows\System32\normaliz.dll
0xFF480000 \Windows\System32\lpk.dll
0xFF400000 \Windows\System32\shlwapi.dll
0xFF1F0000 \Windows\System32\ole32.dll
0xFE460000 \Windows\System32\shell32.dll
0xFE3C0000 \Windows\System32\clbcatq.dll
0xFE2B0000 \Windows\System32\msctf.dll
0x77950000 \Windows\System32\user32.dll
0xFE230000 \Windows\System32\difxapi.dll
0xFE1E0000 \Windows\System32\ws2_32.dll
0xFE170000 \Windows\System32\gdi32.dll
0xFE090000 \Windows\System32\advapi32.dll
0x77830000 \Windows\System32\kernel32.dll
0xFE070000 \Windows\System32\sechost.dll
0xFDEF0000 \Windows\System32\urlmon.dll
0xFDE10000 \Windows\System32\oleaut32.dll
0xFDDC0000 \Windows\System32\Wldap32.dll
0xFDD90000 \Windows\System32\imm32.dll
0xFDD80000 \Windows\System32\nsi.dll
0xFDD40000 \Windows\System32\wintrust.dll
0xFDCD0000 \Windows\System32\KernelBase.dll
0xFDC90000 \Windows\System32\cfgmgr32.dll
0xFDBF0000 \Windows\System32\comctl32.dll
0xFDBD0000 \Windows\System32\devobj.dll
0xFDA60000 \Windows\System32\crypt32.dll
0xFDA50000 \Windows\System32\msasn1.dll
0x75CA0000 \Windows\SysWOW64\normaliz.dll

Processes (total 109):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
480 csrss.exe
544 C:\Windows\System32\wininit.exe
572 csrss.exe
604 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\audiodg.exe
352 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\winlogon.exe
1148 C:\Windows\System32\spoolsv.exe
1208 C:\Windows\System32\svchost.exe
1340 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1404 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
1428 C:\Windows\System32\rundll32.exe
1440 C:\Windows\SysWOW64\rundll32.exe
1560 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1592 C:\Program Files\LSI SoftModem\agr64svc.exe
1612 C:\Windows\SysWOW64\svchost.exe
1632 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1792 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1844 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1892 C:\Windows\System32\svchost.exe
1916 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
1952 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1272 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1500 C:\Windows\System32\lxeacoms.exe
1812 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
1516 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2108 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
2160 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2420 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2468 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
2728 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2756 C:\Windows\System32\svchost.exe
2820 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2860 C:\Windows\System32\svchost.exe
2892 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
3040 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3152 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3216 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
3436 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\taskhost.exe
3552 C:\Windows\System32\taskeng.exe
2308 C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
3648 C:\Windows\System32\dwm.exe
252 C:\Windows\explorer.exe
1316 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
3404 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2244 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
3564 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1180 C:\Windows\PLFSetI.exe
3328 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1656 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2324 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
3184 C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
3512 C:\Windows\System32\igfxtray.exe
3336 C:\Windows\System32\SearchIndexer.exe
3320 C:\Windows\System32\hkcmd.exe
4128 C:\Windows\System32\igfxpers.exe
4136 C:\Windows\System32\igfxsrvc.exe
4160 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
4252 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4320 C:\Windows\System32\igfxext.exe
4328 C:\Program Files\Windows Sidebar\sidebar.exe
4396 C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
4480 C:\Windows\System32\wbem\unsecapp.exe
4488 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
4584 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
4604 WmiPrvSE.exe
4612 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
4692 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4824 C:\Program Files (x86)\Launch Manager\LManager.exe
4836 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
4844 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
4880 C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
4904 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
4960 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4996 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
5008 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
5028 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5096 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
5024 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
3572 C:\Program Files\Windows Media Player\wmpnetwk.exe
5432 C:\Program Files\iPod\bin\iPodService.exe
6140 C:\Windows\System32\sppsvc.exe
3556 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
6100 C:\Windows\System32\svchost.exe
1716 taskhost.exe
6532 WmiPrvSE.exe
6596 C:\Windows\servicing\TrustedInstaller.exe
3992 C:\Windows\System32\SearchProtocolHost.exe
6296 C:\Windows\System32\SearchFilterHost.exe
6492 C:\Windows\System32\VSSVC.exe
4036 C:\Windows\System32\svchost.exe
3880 dllhost.exe
4640 dllhost.exe
6776 C:\Users\Andy\Desktop\MBRCheck.exe
6784 C:\Windows\System32\conhost.exe
6800 C:\Windows\System32\dllhost.exe
5684 C:\Windows\System32\SearchProtocolHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001J

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0

#38
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
The redirects should be gone, can you please confirm that?
  • 0

#39
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yayy! The redirects are gone!

Thank you so much ! :D

Edited by chrysalis, 19 July 2011 - 05:00 PM.

  • 0

#40
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

Advertisements


#41
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
The computer seems to be working fine, no redirects or anything.




Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7209

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/20/2011 1:55:30 AM
mbam-log-2011-07-20 (01-55-30).txt

Scan type: Quick scan
Objects scanned: 199324
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)













[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
  • 0

#42
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Stay safe :unsure:
  • 0

#43
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you for helping me once again and I'll certainly look through the guides on how to keep safe to prevent this from happening again. Thanks. (:
  • 0

#44
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP