Redirect and Random Application Shutdown Issues

Hello and welcome. You have an MBR infection. Please be warned that you would be wise to back up any important data before proceeding with the next step of attempting to fix your MBR.



If you don't have your Win7 disc, you can create a Recovery Environment disc for your system here:

Win7 64bit Recovery Environment

Win7 32bit Recovery Environment

You can use ImageBurn to create the disc.

Once the disc is created, boot into the bios and change the boot order to CD/DVD as first boot device. Put in the disc and reboot. Once in the RE, type this:

Bootrec.exe /fixmbr

Note the space after the exe.

Exit out when done and boot back into normal mode. Re-run MBRCheck and attach the new log.

 

I am seeking advice, hang in there.

 

Can you have another go at making the CD? Repeat everything again and see if it works this time.

 

It should not be zipped. What did you use to create the disc? Did you use ImageBurn to create the disc? Are you booting up with the disc in the drive, which should take you to a screen that is blank except for the message to hit any key to boot from the disc?

 

We are seeing a hidden partition.

According to what we've read, we need to delete this partition (the one highlighted in red), and THEN, we can attempt to fix the MBR.

Since I have not seen this first hand, can you tell me if you can see this 1KB partition when you open My Computer and look under "Hard Disk Drives"?

What about if you go into Storage > Disk Management

 

First, download Download gparted-live-0.10.0-3.iso (115.1 MB)
You will need a blank CD to burn this ISO to. You can burn the .ISO using software like ImgBurn.

Now boot off of this newly created CD.


You should be here...
Press ENTER


By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.


Choose your language and press ENTER. English is default [33]


Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below

According to your logs, the partition that you want to delete is 1,016.00 KB (1,040,384 bytes)
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:


Now you should be here:


Now double-click the button.

You should receive a small pop up like this:

Choose reboot and then press OK.

Now follow the steps in my post # 2 again.

 

Good job, that seems to have taken care of it. Let Kes know if you have any more issues.

 

You can thank Thisisu for the clear and easy to follow steps, he created those. I am glad it worked for you. I still need to review the rest of your logs though, but will not get chance to do this until tomorrow evening now. I have just finished a shift at the bar, and it's late.

Please make a response to this, any kind of response to let me know you recieved my reply and then it will appear in my subscribed threads as one I need to look at.

 

Now we need to use ComboFix by sUBs

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

DirLook::
C:\{6132F318-293F-43B9-866F-2ED6A2A19608}
C:\ProgramData\{0BA93836-BC46-4268-B5B7-7C67A4C2A7E8}
File::
C:\vseqrntn.bin
C:\ProgramData\~6DSS92c31Apgjk
C:\ProgramData\~6DSS92c31Apgjkr
C:\Users\Jason\Local Settings\TEMP\2147483647.dat
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Uninstall the below:

• CyberDefender Early Detection Center
• CyberDefender Link Patrol

Delete this folder.
C:\{6132F318-293F-43B9-866F-2ED6A2A19608}

Delete this file.
C:\ProgramData\6DSS92c31Apgjk

Reboot, has the file and folder definately been deleted?

If so you can follow final steps.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required (If we renamed it please rename it back to Combofix.exe.
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

:-D Try this.

Try Revo Uninstaller. http://majorgeeks.com/Revo_Uninstaller_d5706.html
Choose the option on the bottom of the list (#4). Be very careful while deleting the bolded registry items ONLY!! This software will create a system restore point for you as well prior to uninstalling a software program.

 

Well, you would need to give me the exact word for word error and name of the .dll.

This is something you would be better off informing AT&T about.

 

Again, something to ask about in the software forum.