-
Possible Malware attack
I have AVG installed, but as of this morning it does not allow me to access the interface. I have tried to uninstall it via control panel and that has not worked either. When I went to google to try and get to the AVG website this message occurred "C:\Progam Files\AVG\AVG2012\avgcfgx.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or software vendor for support"
I thank you in advance for your kind help.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Brian at 13:16:52 on 2011-12-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1708 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\brian\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{79365D4C-DA64-427C-8B4F-06C08E0E2CDA} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-16 366152]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-8 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-16 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-13 17:58:46 -------- d-----w- c:\program files\iPod
2011-12-13 17:58:43 -------- d-----w- c:\program files\iTunes
2011-12-13 17:45:13 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-03 21:45:04 -------- d-----w- c:\users\brian\appdata\local\{E432D8C2-10E4-486D-8F7F-1C4CDB64A02F}
2011-12-03 21:44:53 -------- d-----w- c:\users\brian\appdata\local\{268D0B4E-E013-4E1C-BDE0-328892BA93A2}
2011-12-03 19:25:45 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-12-03 19:25:45 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-12-03 19:25:45 153088 ----a-w- c:\windows\system32\xvid.ax
.
==================== Find3M ====================
.
2011-12-13 17:45:03 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 01:24:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 13:17:45.13 ===============
-
Hi and Welcome!! 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
----------
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Right-click and Run as Administrator GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download aswMBR to your desktop.
- Right click and Run as Administrator the aswMBR icon to run it.
- Click the Scan button to start scan.
- When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Click the image to enlarge it
----------
In your next reply please post the logs created by GMER and aswMBR.
-
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 20:22:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 Hitachi_HTS545025B9A300 rev.PB2OCA0G
Running: gmer.exe; Driver: C:\Users\Brian\AppData\Local\Temp\agloqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9F8E6F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9F8E6FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9F8E7080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9F8E711C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EE6B74 4 Bytes [3C, 6F, 8E, 9F]
.text ntkrnlpa.exe!KeSetEvent + 621 81EE6DA4 8 Bytes [E4, 6F, 8E, 9F, 80, 70, 8E, ...] {IN AL, 0x6f; MOV DS, [EDI-0x60718f80]}
.text ntkrnlpa.exe!KeSetEvent + 681 81EE6E04 4 Bytes [1C, 71, 8E, 9F]
? C:\Users\Brian\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
-
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-13 20:23:32
-----------------------------
20:23:32.310 OS Version: Windows 6.0.6002 Service Pack 2
20:23:32.310 Number of processors: 2 586 0x301
20:23:32.312 ComputerName: BRIAN-PC UserName: Brian
20:23:34.372 Initialize success
20:29:36.338 AVAST engine defs: 11121302
20:34:46.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
20:34:46.209 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OCA0G Size: 238475MB BusType: 3
20:34:48.268 Disk 0 MBR read successfully
20:34:48.284 Disk 0 MBR scan
20:34:48.284 Disk 0 unknown MBR code
20:34:48.690 Disk 0 scanning sectors +488390656
20:34:49.017 Disk 0 scanning C:\Windows\system32\drivers
20:35:20.327 Service scanning
20:35:21.638 Modules scanning
20:35:37.878 Disk 0 trace - called modules:
20:35:37.909 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:35:37.909 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d1a0e8]
20:35:37.925 3 CLASSPNP.SYS[8079d8b3] -> nt!IofCallDriver -> [0x8556a700]
20:35:38.441 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85560390]
20:35:39.503 AVAST engine scan C:\Windows
20:35:44.232 AVAST engine scan C:\Windows\system32
20:39:26.018 AVAST engine scan C:\Windows\system32\drivers
20:39:38.345 AVAST engine scan C:\Users\Brian
20:43:20.214 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
20:43:20.229 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"
-
Hi redwingsfan81,
Please download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 201):
0x81E3A000 \SystemRoot\system32\ntkrnlpa.exe
0x81E07000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\PSHED.dll
0x80424000 \SystemRoot\system32\BOOTVID.dll
0x8042C000 \SystemRoot\system32\CLFS.SYS
0x8046D000 \SystemRoot\system32\CI.dll
0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\system32\drivers\acpi.sys
0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065A000 \SystemRoot\system32\drivers\pci.sys
0x80681000 \SystemRoot\system32\drivers\isapnp.sys
0x80690000 \SystemRoot\system32\drivers\mpio.sys
0x806AC000 \SystemRoot\System32\drivers\partmgr.sys
0x806BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806BE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806C8000 \SystemRoot\system32\drivers\volmgr.sys
0x806D7000 \SystemRoot\System32\drivers\volmgrx.sys
0x80721000 \SystemRoot\system32\drivers\intelide.sys
0x80728000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80736000 \SystemRoot\system32\drivers\pciide.sys
0x8073D000 \SystemRoot\system32\drivers\aliide.sys
0x80744000 \SystemRoot\system32\drivers\amdide.sys
0x8074B000 \SystemRoot\system32\drivers\cmdide.sys
0x80753000 \SystemRoot\System32\drivers\mountmgr.sys
0x80763000 \SystemRoot\system32\drivers\msdsm.sys
0x8077D000 \SystemRoot\system32\drivers\nvraid.sys
0x80798000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807B9000 \SystemRoot\system32\drivers\viaide.sys
0x89C02000 \SystemRoot\system32\drivers\iastorv.sys
0x89CA3000 \SystemRoot\system32\drivers\atapi.sys
0x89CAB000 \SystemRoot\system32\drivers\ataport.SYS
0x89CC9000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x89CE3000 \SystemRoot\system32\drivers\storport.sys
0x89D24000 \SystemRoot\system32\drivers\msahci.sys
0x89D2E000 \SystemRoot\system32\drivers\hpcisss.sys
0x89D39000 \SystemRoot\system32\drivers\adp94xx.sys
0x89DA3000 \SystemRoot\system32\drivers\adpahci.sys
0x807C1000 \SystemRoot\system32\drivers\adpu160m.sys
0x805D6000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x89E0C000 \SystemRoot\system32\drivers\adpu320.sys
0x89E32000 \SystemRoot\system32\drivers\djsvs.sys
0x89E46000 \SystemRoot\system32\drivers\arc.sys
0x89E5C000 \SystemRoot\system32\drivers\arcsas.sys
0x89E72000 \SystemRoot\system32\drivers\elxstor.sys
0x89F06000 \SystemRoot\system32\drivers\i2omp.sys
0x89F10000 \SystemRoot\system32\drivers\iirsp.sys
0x89F20000 \SystemRoot\system32\drivers\iteatapi.sys
0x89F2C000 \SystemRoot\system32\drivers\iteraid.sys
0x89F38000 \SystemRoot\system32\drivers\lsi_fc.sys
0x89F52000 \SystemRoot\system32\drivers\lsi_sas.sys
0x89F6A000 \SystemRoot\system32\drivers\megasas.sys
0x8A004000 \SystemRoot\system32\drivers\megasr.sys
0x8A0BB000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A0C6000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A0D4000 \SystemRoot\system32\drivers\nvstor.sys
0x8A20E000 \SystemRoot\system32\drivers\ql2300.sys
0x8A346000 \SystemRoot\system32\drivers\ql40xx.sys
0x8A39B000 \SystemRoot\system32\drivers\sisraid2.sys
0x8A3A8000 \SystemRoot\system32\drivers\sisraid4.sys
0x8A3BD000 \SystemRoot\system32\drivers\symc8xx.sys
0x8A3C9000 \SystemRoot\system32\drivers\sym_hi.sys
0x8A3D4000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A0E1000 \SystemRoot\system32\drivers\uliahci.sys
0x8A3DF000 \SystemRoot\system32\drivers\ulsata.sys
0x8A11D000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A149000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A16A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A19C000 \SystemRoot\system32\drivers\fileinfo.sys
0x89F74000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A40C000 \SystemRoot\system32\drivers\ndis.sys
0x8A517000 \SystemRoot\system32\drivers\msrpc.sys
0x8A542000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60D000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A808000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A918000 \SystemRoot\system32\drivers\wd.sys
0x8A920000 \SystemRoot\system32\drivers\volsnap.sys
0x8A959000 \SystemRoot\System32\Drivers\spldr.sys
0x8A961000 \SystemRoot\system32\drivers\sbp2port.sys
0x8A976000 \SystemRoot\System32\Drivers\mup.sys
0x8A985000 \SystemRoot\System32\drivers\ecache.sys
0x8A9AC000 \SystemRoot\system32\drivers\disk.sys
0x8A9BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9C6000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8A9CD000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8A9F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A712000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A71B000 \SystemRoot\system32\DRIVERS\processr.sys
0x8A72A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A733000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A800000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8A746000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A751000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A805000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A781000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A9FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A78C000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A794000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A79E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7DC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E28D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E2A5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E2AB000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8ED58000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8ED5A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E2F1000 \SystemRoot\System32\drivers\watchdog.sys
0x8F007000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F115000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F144000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F14F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F166000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F171000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F194000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F1A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F1B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F1CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F1DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E2FD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F1DE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F1E8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E327000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E35C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E36D000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8E3A8000 \SystemRoot\system32\drivers\portcls.sys
0x8E3D5000 \SystemRoot\system32\drivers\drmk.sys
0x8A57D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5B8000 \SystemRoot\system32\drivers\modem.sys
0x8F5C5000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F5D3000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F5E6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8A5BB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8A7EB000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8F1F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F000000 \SystemRoot\System32\Drivers\Null.SYS
0x8A7F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A5DC000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8A600000 \SystemRoot\System32\drivers\vga.sys
0x8A1AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A5E3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8A5EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A5F3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A400000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A1CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A1E3000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F608000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F64F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F681000 \SystemRoot\system32\drivers\afd.sys
0x8F6C9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F6DF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F6ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F700000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F73C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F746000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F75D000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8F794000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F7A1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F7AC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x996C0000 \SystemRoot\System32\win32k.sys
0x8F7B4000 \SystemRoot\System32\drivers\Dxapi.sys
0x998E0000 \SystemRoot\System32\TSDDD.dll
0x99900000 \SystemRoot\System32\ATMFD.DLL
0x99950000 \SystemRoot\System32\cdd.dll
0x8F7CD000 \SystemRoot\system32\drivers\luafv.sys
0x9EE04000 \SystemRoot\system32\drivers\spsys.sys
0x9EEB4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9EEC4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9EEEE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9EEF8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9EF0B000 \SystemRoot\system32\drivers\HTTP.sys
0x9EF78000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EF95000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EFAE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9EFC3000 \SystemRoot\system32\drivers\mrxdav.sys
0x8A9D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F806000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F83F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F857000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F87F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F8E6000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x9F8E9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F8ED000 \SystemRoot\system32\drivers\peauth.sys
0x9F9CB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F9D5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F9E1000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F9E9000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x807DC000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x9F9EE000 \??\C:\Windows\system32\drivers\mbam.sys
0x9F8CE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9F9F2000 \??\C:\Users\Brian\AppData\Local\Temp\mbr.sys
0x9EFE4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x89FE5000 \??\C:\Users\Brian\AppData\Local\Temp\agloqpow.sys
0x9EFF3000 \??\C:\Users\Brian\AppData\Local\Temp\aswMBR.sys
0x773E0000 \Windows\System32\ntdll.dll
Processes (total 81):
0 System Idle Process
4 System
5928 C:\Windows\System32\smss.exe
6104 csrss.exe
988 csrss.exe
1020 C:\Windows\System32\wininit.exe
1164 C:\Windows\System32\services.exe
1212 C:\Windows\System32\lsass.exe
1244 C:\Windows\System32\lsm.exe
312 C:\Windows\System32\winlogon.exe
360 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\nvvsvc.exe
248 C:\Windows\System32\svchost.exe
776 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\audiodg.exe
1480 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\SLsvc.exe
1736 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\nvvsvc.exe
860 C:\Windows\System32\svchost.exe
2528 C:\Windows\System32\spoolsv.exe
2576 C:\Windows\System32\svchost.exe
2936 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
3024 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3080 C:\Program Files\Bonjour\mDNSResponder.exe
3144 C:\Windows\System32\svchost.exe
3216 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3432 C:\Windows\System32\svchost.exe
3664 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
3832 C:\Program Files\SMINST\BLService.exe
3864 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2244 C:\Windows\System32\svchost.exe
2332 C:\Windows\System32\svchost.exe
2428 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2492 C:\Windows\System32\SearchIndexer.exe
2532 C:\Windows\System32\drivers\XAudio.exe
4268 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4188 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
4636 C:\Windows\System32\dwm.exe
4660 C:\Windows\System32\taskeng.exe
2628 C:\Windows\explorer.exe
2788 C:\Windows\System32\taskeng.exe
3780 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1508 C:\Program Files\Windows Media Player\wmpnscfg.exe
1836 C:\Program Files\Windows Media Player\wmpnetwk.exe
5140 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
372 C:\Program Files\HP\QuickPlay\QPService.exe
5220 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
5276 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
468 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
5316 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
5396 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
5444 WmiPrvSE.exe
5580 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5612 C:\Program Files\iTunes\iTunesHelper.exe
692 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
708 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
5644 C:\Windows\ehome\ehtray.exe
648 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
5716 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
5524 C:\Windows\ehome\ehmsas.exe
1840 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4728 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5424 C:\Program Files\iPod\bin\iPodService.exe
1704 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5016 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3196 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4524 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2052 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5144 C:\Windows\System32\svchost.exe
2404 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4140 C:\Windows\System32\conime.exe
3676 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
1216 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
5568 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
4120 C:\Windows\System32\rundll32.exe
3508 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
1888 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
4992 C:\Users\Brian\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`b0d00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000037`8ab00000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OCA0G
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
-
Hi redwingsfan81,
Re-run MBRCheck again.
When prompted, enter Y
Then enter 1 to dump the MBR to physical disk
Name the dumped file as Dump.dat
Enter -1 to exit
A log file named "dump.dat" will be located in the same folder as MBRCheck was saved, please zip it up and attach in your next reply.
-
Ok,
I ran MBRcheck
Entered Y
Then entered 1.
Then it asks for a number between 0-99, or -1 to exit.
What do I do?
-
I apologize....I left that out. When it asks you that, type 0
-
No worries Jeff.
Also to note, my hotmail account has been blocked do to sending out junk messages.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
