Windows Securty 2012 virus
Solved/Closed
Related:
- Windows Securty 2012 virus
- Kmspico windows 10 - Download - Other
- Need for speed most wanted 2012 download - Download - Racing
- Goose virus - Download - Other
- Windows 10 iso download 64-bit - Download - Windows
- Gta 5 download apk pc windows 10 - Download - Action and adventure
66 responses
System cannot find path specified
aswMBR will download and it is in downloads folder but will not run. I am in safe mode w/ networking still FYI
aswMBR will download and it is in downloads folder but will not run. I am in safe mode w/ networking still FYI
I got Unhide to run so that is in process now.... I appreciate you putting up with me, The reason I was not following your directions is because my system was not allowing me to follow your instructions.. Sometimes it would let me and other times it would not... I ran my cpu in normal mode and the "system Check" thing that was giving me issues did not show up... So it seems I just need to Unhide my folders.... Hoping Unhide will do the trick!!!! Let me know if I missed something this thread is a screwed up because of me... Sorry and Thank You!!!
I ran the commands as you instructed and it told me "system cannot find path instructed" . BUT I got UnHide to run and it got all of my files back as far as I can tell so far... I ran Malware twice and finally got a clean scan....
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/2/2012 8:59:09 PM
mbam-log-2012-02-02 (20-59-08).txt
Scan type: Quick scan
Objects scanned: 253909
Time elapsed: 47 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/2/2012 8:59:09 PM
mbam-log-2012-02-02 (20-59-08).txt
Scan type: Quick scan
Objects scanned: 253909
Time elapsed: 47 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Didn't find the answer you are looking for?
Ask a question
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C72000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8530000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF848D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF846D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D4D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7645000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF62DF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 17):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
680 C:\WINDOWS\system32\svchost.exe
764 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1016 svchost.exe
1420 C:\WINDOWS\explorer.exe
1736 C:\WINDOWS\system32\ctfmon.exe
2024 C:\Program Files\Mozilla Firefox\firefox.exe
696 C:\Program Files\Mozilla Firefox\plugin-container.exe
756 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C72000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8530000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF848D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF846D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D4D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7645000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF62DF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 17):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
680 C:\WINDOWS\system32\svchost.exe
764 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1016 svchost.exe
1420 C:\WINDOWS\explorer.exe
1736 C:\WINDOWS\system32\ctfmon.exe
2024 C:\Program Files\Mozilla Firefox\firefox.exe
696 C:\Program Files\Mozilla Firefox\plugin-container.exe
756 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Anonymous User
Feb 2, 2012 at 09:16 PM
Feb 2, 2012 at 09:16 PM
I want you to back up important datas before trying this fix
Run MBRCheck.exe
Wait until you see the following line
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Please push the 'Y' key and then press Enter
When program ask you Enter your choice: enter 2 and press the Enter key
Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
Enter 0 and press the Enter key.
The program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.
When asked Do you want to fix the MBR code? type in YES and press enter
Restart your PC.
Post the new MBRcheck log
Run MBRCheck.exe
Wait until you see the following line
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Please push the 'Y' key and then press Enter
When program ask you Enter your choice: enter 2 and press the Enter key
Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
Enter 0 and press the Enter key.
The program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.
When asked Do you want to fix the MBR code? type in YES and press enter
Restart your PC.
Post the new MBRcheck log
I dont know how to back up information. I only have a flash drive to put things on.... What am I in danger of losing?? The only things I was worried about losing are my files from my phone-pictures.... This file has been missing since this whole virus thing happened before and I restored system to a previous date. A month later It happened again and that's where you came in... So if there is a good way to back stuff up I dont know about.... Otherwise I am prolly sol and better off just saving the computer ,What do you recommend?
When I am in safe mode and I sign in on Admin- the downloads seem to run better but when I sign in on my name w/ password i get the issue where I cannot run downloads. Is that my settings for internet?
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C72000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8530000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF848D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF846D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D4E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7F6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF637F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 18):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
680 C:\WINDOWS\system32\svchost.exe
764 svchost.exe
860 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1020 svchost.exe
1324 C:\WINDOWS\explorer.exe
744 wmiprvse.exe
1824 C:\WINDOWS\system32\ctfmon.exe
1820 C:\WINDOWS\system32\notepad.exe
1620 C:\Program Files\Mozilla Firefox\firefox.exe
348 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C72000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8530000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF848D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF846D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D4E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7F6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF637F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 18):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
680 C:\WINDOWS\system32\svchost.exe
764 svchost.exe
860 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1020 svchost.exe
1324 C:\WINDOWS\explorer.exe
744 wmiprvse.exe
1824 C:\WINDOWS\system32\ctfmon.exe
1820 C:\WINDOWS\system32\notepad.exe
1620 C:\Program Files\Mozilla Firefox\firefox.exe
348 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
Yes I restarted the computer and didnt run into any issues... My reply before the last reply is the log from running it again after restart.
Here is the Log after restart - Trying your other instructions now.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C6E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8534000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8C16000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8479000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D50000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7645000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF62DF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 16):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
684 C:\WINDOWS\system32\svchost.exe
768 svchost.exe
856 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1016 svchost.exe
1412 C:\WINDOWS\explorer.exe
1780 C:\WINDOWS\system32\ctfmon.exe
1792 C:\Program Files\Mozilla Firefox\firefox.exe
716 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C6E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8534000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8C16000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8479000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D50000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7645000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF62DF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 16):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
684 C:\WINDOWS\system32\svchost.exe
768 svchost.exe
856 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1016 svchost.exe
1412 C:\WINDOWS\explorer.exe
1780 C:\WINDOWS\system32\ctfmon.exe
1792 C:\Program Files\Mozilla Firefox\firefox.exe
716 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Yea still cannot run either aswMBR.exe or Tdsskiller..... Tdsskiller will at least get to the "Run" option but cannot get even that from aswMBR
Going to have to pick this up tomorrow.... Leave me instructions and I will follow them... If you can give me options in case one doesnt work...
So I am repeating the same thing again?? I did do exactly what you said for me to do.... Ill b back after I restart
Anonymous User
Feb 2, 2012 at 10:50 PM
Feb 2, 2012 at 10:50 PM
OK ,good luck
I want you to make a back up of important files to a flash drive before playing with MBR
When i mean back up files ,i refer to things like your pictures,family videos etc.Softwares and other stuffs can be downloaded so they can be ignored
I want you to make a back up of important files to a flash drive before playing with MBR
When i mean back up files ,i refer to things like your pictures,family videos etc.Softwares and other stuffs can be downloaded so they can be ignored
Anonymous User
Feb 2, 2012 at 11:00 PM
Feb 2, 2012 at 11:00 PM
If your log still shows that
37 GB \\.\PhysicalDrive0 MBR Code Faked!
Then run mbrcheck again,press 2
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Press 0(NOT 1) at this stage ,type YES and press ENTER
Restart the PC and let me know IF you can run TDSSkiller and aswmbr
37 GB \\.\PhysicalDrive0 MBR Code Faked!
Then run mbrcheck again,press 2
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Press 0(NOT 1) at this stage ,type YES and press ENTER
Restart the PC and let me know IF you can run TDSSkiller and aswmbr
Still getting the sam thing... I did it exactly they way you said
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C6E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8534000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8C16000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8479000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D4D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7F76000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF6307000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 17):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
680 C:\WINDOWS\system32\svchost.exe
764 svchost.exe
860 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1016 svchost.exe
1384 C:\WINDOWS\system32\userinit.exe
1424 C:\WINDOWS\explorer.exe
1616 wmiprvse.exe
1736 C:\WINDOWS\system32\ctfmon.exe
1784 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C6E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8534000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8C16000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8479000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D4D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7F76000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF6307000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 17):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
680 C:\WINDOWS\system32\svchost.exe
764 svchost.exe
860 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1016 svchost.exe
1384 C:\WINDOWS\system32\userinit.exe
1424 C:\WINDOWS\explorer.exe
1616 wmiprvse.exe
1736 C:\WINDOWS\system32\ctfmon.exe
1784 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Ok leave me more instructions and ill get to them first thing A.M. If you cannot help till later try giving me some options....
Still getting MBR Code faked!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C72000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8530000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF848D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8471000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B56000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D5E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7671000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF62DF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 16):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
684 C:\WINDOWS\system32\svchost.exe
768 svchost.exe
868 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1016 svchost.exe
1424 C:\WINDOWS\explorer.exe
1636 wmiprvse.exe
1728 C:\WINDOWS\system32\ctfmon.exe
1832 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF850D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF840B000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C72000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF831B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF82F9000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF822E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8530000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF848D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8471000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B56000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D5E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7671000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6CDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF62DF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 16):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
508 C:\WINDOWS\system32\services.exe
520 C:\WINDOWS\system32\lsass.exe
684 C:\WINDOWS\system32\svchost.exe
768 svchost.exe
868 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1016 svchost.exe
1424 C:\WINDOWS\explorer.exe
1636 wmiprvse.exe
1728 C:\WINDOWS\system32\ctfmon.exe
1832 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
