Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google redirect link to someware else [Closed]


  • This topic is locked This topic is locked

#16
NJGraphix

NJGraphix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Never the same

also some music start to play alone like a radio and I can not stop it
I receive somme popup like i have wont something

and 1 time per 2 day my comptuter stop working and a blue screen apprear with fast recovery process in the blue screen
when he boot back it tell me that windows a recovery from a severe crash

did you see that before...

A guy told me to delete the main partition and after that I'll be able to delete the 1 mg partition....

but I need to reinstall all again.. :(
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That actually sounds like a mebroot infection

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#18
NJGraphix

NJGraphix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here it's find 2 thing
here the log file

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio XPS 8000
Logical Drives Mask: 0x00001ffd

Kernel Drivers (total 177):
0x02C4B000 \SystemRoot\system32\ntoskrnl.exe
0x02C02000 \SystemRoot\system32\hal.dll
0x00BD5000 \SystemRoot\system32\kdcom.dll
0x00C3F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C83000 \SystemRoot\system32\PSHED.dll
0x00C97000 \SystemRoot\system32\CLFS.SYS
0x00CF5000 \SystemRoot\system32\CI.dll
0x00EFA000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010FB000 \SystemRoot\System32\drivers\volmgrx.sys
0x01157000 \SystemRoot\system32\DRIVERS\pciide.sys
0x0115E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0116E000 \SystemRoot\System32\drivers\mountmgr.sys
0x01188000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01191000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011BB000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01060000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0106C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014FD000 \SystemRoot\System32\Drivers\cng.sys
0x01570000 \SystemRoot\System32\drivers\pcw.sys
0x01581000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01400000 \SystemRoot\system32\drivers\ndis.sys
0x0158B000 \SystemRoot\system32\drivers\NETIO.SYS
0x0121A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x015EB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x014F2000 \SystemRoot\System32\Drivers\spldr.sys
0x011C6000 \SystemRoot\System32\drivers\rdyboost.sys
0x010CA000 \SystemRoot\System32\Drivers\mup.sys
0x01245000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00DB5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x010DC000 \SystemRoot\system32\DRIVERS\disk.sys
0x00C00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x028C9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x028F3000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02924000 \SystemRoot\System32\Drivers\Null.SYS
0x0292D000 \SystemRoot\System32\Drivers\Beep.SYS
0x02934000 \SystemRoot\System32\drivers\vga.sys
0x02942000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02967000 \SystemRoot\System32\drivers\watchdog.sys
0x02977000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02980000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02989000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02992000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0299D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03C00000 \SystemRoot\System32\drivers\tcpip.sys
0x029AE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0281E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0282B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03EC9000 \SystemRoot\system32\drivers\afd.sys
0x03F52000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F5B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F81000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F90000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03FAB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E68000 \SystemRoot\System32\drivers\discache.sys
0x04041000 \SystemRoot\system32\drivers\csc.sys
0x040C4000 \SystemRoot\System32\Drivers\dfsc.sys
0x040E2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040F3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04119000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x044AD000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04AC3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04BB7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04424000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04435000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0412F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0416D000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0448B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041BE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0449B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E92000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FBF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0402F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03FD9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FE8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x044A7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02870000 \SystemRoot\system32\DRIVERS\ks.sys
0x03EB3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0525F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x052B9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x052CE000 \SystemRoot\system32\drivers\HdAudio.sys
0x0532A000 \SystemRoot\system32\drivers\portcls.sys
0x05367000 \SystemRoot\system32\drivers\drmk.sys
0x05389000 \SystemRoot\system32\drivers\ksthunk.sys
0x05446000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05400000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0540E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0541A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05423000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x05436000 \SystemRoot\System32\drivers\Dxapi.sys
0x0538F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05442000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x053AC000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x053C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x053D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x055FC000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
0x053EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05200000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05212000 \SystemRoot\system32\DRIVERS\SNTUSB64.SYS
0x0521F000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0x05228000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05236000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05242000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0524F000 \SystemRoot\system32\DRIVERS\point64.sys
0x005D0000 \SystemRoot\System32\TSDDD.dll
0x00750000 \SystemRoot\System32\cdd.dll
0x02491000 \SystemRoot\System32\Drivers\fastfat.SYS
0x00960000 \SystemRoot\System32\ATMFD.DLL
0x024C7000 \SystemRoot\system32\drivers\luafv.sys
0x024EA000 \SystemRoot\system32\drivers\WudfPf.sys
0x0250B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02520000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02538000 \SystemRoot\system32\drivers\HTTP.sys
0x02400000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0241E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02436000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x042DC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0432A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0434D000 \SystemRoot\System32\Drivers\adfs.SYS
0x04200000 \SystemRoot\system32\drivers\peauth.sys
0x042A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04365000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04392000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0647B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x064E2000 \SystemRoot\System32\DRIVERS\srv.sys
0x06577000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06471000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x065A8000 \SystemRoot\system32\DRIVERS\udfs.sys
0x06400000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x06410000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77500000 \Windows\System32\ntdll.dll
0x47AB0000 \Windows\System32\smss.exe
0xFF820000 \Windows\System32\apisetschema.dll
0xFFCB0000 \Windows\System32\autochk.exe
0xFF7C0000 \Windows\System32\ws2_32.dll
0xFF740000 \Windows\System32\difxapi.dll
0xFF6D0000 \Windows\System32\gdi32.dll
0xFF630000 \Windows\System32\clbcatq.dll
0xFF560000 \Windows\System32\usp10.dll
0xFF550000 \Windows\System32\lpk.dll
0x776D0000 \Windows\System32\normaliz.dll
0xFF340000 \Windows\System32\ole32.dll
0xFF2A0000 \Windows\System32\comdlg32.dll
0xFE510000 \Windows\System32\shell32.dll
0x773E0000 \Windows\System32\kernel32.dll
0xFE3E0000 \Windows\System32\rpcrt4.dll
0xFE3D0000 \Windows\System32\nsi.dll
0xFE350000 \Windows\System32\shlwapi.dll
0xFE240000 \Windows\System32\msctf.dll
0xFE160000 \Windows\System32\advapi32.dll
0xFE080000 \Windows\System32\oleaut32.dll
0xFDFE0000 \Windows\System32\msvcrt.dll
0xFDFC0000 \Windows\System32\sechost.dll
0xFDFA0000 \Windows\System32\imagehlp.dll
0xFDE70000 \Windows\System32\wininet.dll

Processes (total 64):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
448 csrss.exe
520 csrss.exe
528 C:\Windows\System32\wininit.exe
592 C:\Windows\System32\winlogon.exe
636 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
920 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
988 C:\Windows\System32\atiesrxx.exe
140 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\svchost.exe
456 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1140 C:\Program Files\Dell\DellDock\DockLogin.exe
1296 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\atieclxx.exe
1552 C:\Windows\System32\spoolsv.exe
1584 C:\Windows\System32\svchost.exe
1700 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1736 C:\Program Files (x86)\Tajima\DGML By Pulse 2009\DesignSpooler.exe
1972 C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
1996 C:\Windows\System32\svchost.exe
2040 C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
1400 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1708 C:\Windows\System32\taskhost.exe
1936 C:\Windows\System32\dwm.exe
2076 C:\Windows\explorer.exe
2916 WUDFHost.exe
2940 C:\Windows\System32\svchost.exe
1372 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1192 C:\Program Files\Microsoft IntelliType Pro\itype.exe
1188 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2840 C:\Program Files\Microsoft Security Client\msseces.exe
972 C:\Windows\System32\StikyNot.exe
2880 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
3300 C:\Windows\System32\SearchIndexer.exe
3408 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3472 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3516 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3612 C:\Program Files\Windows Media Player\wmpnetwk.exe
3920 C:\Windows\System32\svchost.exe
2668 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3192 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
4536 C:\Program Files (x86)\Adobe\Adobe InDesign CS4\InDesign.exe
4744 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
4280 C:\Windows\splwow64.exe
3580 C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\Contents\WinOS\cws.exe
784 C:\Program Files (x86)\Adobe\Adobe Illustrator CS4\Support Files\Contents\Windows\Illustrator.exe
3340 C:\Windows\System32\taskhost.exe
5152 C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe
5628 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
4452 C:\Windows\System32\wuauclt.exe
1196 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4244 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
6248 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5728 C:\Windows\System32\audiodg.exe
5868 C:\Users\Heintje\Desktop\MBRCheck.exe
6968 C:\Windows\System32\conhost.exe
2836 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`0c900000 (FAT32)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC45
PhysicalDrive1 Model Number: WDMy Book, Rev: 1012

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
1863 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Attached Files


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter >>5<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...



Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#20
NJGraphix

NJGraphix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here the result

When i made yes the this process my anti-virus told me he stop TROJAN DOS/Alureon.C

I try two time and he block this [bleep] two time

But I run MBRCheck back and the problem was still there here the second log

Let me know

Attached Files


  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have just been looking at a new tool to combat this - please read it carefully and anything you are unsure of then please ask

You will need a CD and a spare flash drive
  • Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Download tdl_fix.sh and save it to the xPUD Flash drive.

    Now use the CD to boot your computer
    If you are unsure of how to do this see this page
  • Boot into xPUD then click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh then press Enter.
  • Read the warning then type y and press Enter to continue.
  • Type sda then press Enter when prompted.
  • You will be shown a list of partitions to choose marking active.
  • Type 2 then press Enter.
  • If you are presented with a warning about no bootloader files, type n then press Enter to choose another. If this happens, type 3 to select partition 3 then press Enter.
  • When you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_fix.txt file that was created on your flash drive and let me know how the computer is behaving.

Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.

This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.

This is a backup of the original mbr and will restore it to it's current state.

  • 0

#22
NJGraphix

NJGraphix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here the result

Its seem to remove the bad thing on PhysicalDrive1

but the bad fake code are still on physicadrive0

I run back mbrcheck and here the result


IT's hard to delete ??

Attached Files


  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter >>5<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...



Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#24
NJGraphix

NJGraphix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here the log it found several things

Attached Files


  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

Posted Image

Save the log as before and post in your next reply
  • 0

Advertisements


#26
NJGraphix

NJGraphix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here the log

I Think it fix it

I can make a search in google and see all image and no redirect... WOWOWOWOWOWOWOW

Let me know to make sure

Thanks Thanks

Attached Files


  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK nice - Lets now have a sweep for orphans - any further problems ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP