Internet Connection Permanently Disabled after Avast Clean

Hello,

I have recently caught a virus. While surfing the web, I suddenly had a number of pop ups. Avast found some suspicious files (lapeg.scr), and I directed Avast to delete them. I restarted my computer and the pop ups came back immediately. I tried "Ctrl+Alt+Del" in an attempt to open the Task Manager, but it would immediately force close, as well as any other program I tried to open.

I restarted the computer again and noticed that "Start Up" programs, such as Avast, would start before the virus disabled them. I was able to open a few programs before the virus started blocking executables again. Because Avast was able to start running, I rescanned my computer and deleted the viruses found, then restarted the computer. This stopped the blockups, and everything seemed fine until I discovered that my internet was disabled.

Currently, my computer seems fine and runs very quickly, but my Internet Connection shows that it is "Disabled". When I right-click to enable it, the status changes to "Enabled", but I still cannot connect to the internet. When I return to Network Connections, the Internet Connection is magically "Disabled" again. I know I have a connection because I am using another PC with the same connection to write this. Any ideas?

Thanks in advance for your help.


DDS (Ver_10-11-27.01) - NTFSx86
Run by Valued Customer at 16:07:59.40 on Tue 11/30/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2434 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Valued Customer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.live.com
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [lapeg] c:\documents and settings\valued customer\lapeg.exe
uRun: [fxpmoxnd] c:\docume~1\valued~1\locals~1\temp\wxtnkmqpy\hthywgctsbl.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\11c7o6qn.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\11c7o6qn.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-30 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-30 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-30 40384]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-15 91456]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-30 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-30 40384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-8-15 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-8-15 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-8-15 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-8-15 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-8-15 9472]
S4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]

=============== Created Last 30 ================

2010-11-15 00:18:51 38848 ----a-w- c:\windows\avastSS.scr

==================== Find3M ====================


============= FINISH: 16:08:14.96 ===============

Edited by cobbs, 30 November 2010 - 06:08 PM.

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

Hello, and thanks for the help.

Hopefully this is just malware (or more precisely the removal of it) that has disabled your connection and we should be able to kick-start it with this program:

• Please download WinsockXPFix from a working machine and copy it to a CD or flash media.
• Copy the file to the desktop on the non working machine.
• Double Click on on your desktop.
• Push the button.
• Allow your system to reboot.

Please let me know if your connection is restored in your next reply

No luck there. Upon restart, the connection showed that it was enabled, then switched back to disabled. I tried to re-enable, and it disabled itself, like before.

And another thing I've noticed that may or may not help your diagnosis... Ever since the infection, my computer gets hung up on the boot screen when I do a Windows "Restart" (such as when WinsockxpFix automatically restarted my computer for me). I have to do a hard shutdown, then restart via the power button. If I do a proper "Shutdown", then a restart via the power button, this does not happen. Like I said, maybe this helps, maybe not?

Okay, sounds like you still have something there.

Run TDSSKiller

• Download TDSSKiller and save it to your Desktop.
  
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
  
  
• Now click Start Scan.
  
• If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  
• Click Close
  
• Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Then MBRCheck, both check for rootkits in their own way

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Sorry for the late reply, and again, I really appreciate what you guys do here. Thanks!


So, nothing was found with TDSSKiller. Below are the logs for it and MBR check.


2010/12/09 16:36:47.0578 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/09 16:36:47.0578 ================================================================================
2010/12/09 16:36:47.0578 SystemInfo:
2010/12/09 16:36:47.0578
2010/12/09 16:36:47.0578 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/09 16:36:47.0578 Product type: Workstation
2010/12/09 16:36:47.0578 ComputerName: OFFICE
2010/12/09 16:36:47.0578 UserName: Valued Customer
2010/12/09 16:36:47.0578 Windows directory: C:\WINDOWS
2010/12/09 16:36:47.0578 System windows directory: C:\WINDOWS
2010/12/09 16:36:47.0578 Processor architecture: Intel x86
2010/12/09 16:36:47.0578 Number of processors: 2
2010/12/09 16:36:47.0578 Page size: 0x1000
2010/12/09 16:36:47.0578 Boot type: Normal boot
2010/12/09 16:36:47.0578 ================================================================================
2010/12/09 16:36:47.0687 Initialize success
2010/12/09 16:36:55.0187 ================================================================================
2010/12/09 16:36:55.0187 Scan started
2010/12/09 16:36:55.0187 Mode: Manual;
2010/12/09 16:36:55.0187 ================================================================================
2010/12/09 16:36:55.0906 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/09 16:36:55.0953 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/09 16:36:55.0968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/09 16:36:55.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/09 16:36:56.0015 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/09 16:36:56.0062 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/09 16:36:56.0109 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/09 16:36:56.0125 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/09 16:36:56.0125 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/09 16:36:56.0140 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/09 16:36:56.0156 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/09 16:36:56.0156 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/09 16:36:56.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/09 16:36:56.0187 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/09 16:36:56.0203 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/09 16:36:56.0218 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/09 16:36:56.0218 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/09 16:36:56.0250 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/09 16:36:56.0250 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/09 16:36:56.0265 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/09 16:36:56.0281 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/09 16:36:56.0296 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/09 16:36:56.0328 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/09 16:36:56.0343 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/09 16:36:56.0359 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/09 16:36:56.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/09 16:36:56.0484 ati2mtag (79e69e18960e8013840af2681c5e77ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/09 16:36:56.0546 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/12/09 16:36:56.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/09 16:36:56.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/09 16:36:56.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/09 16:36:56.0656 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
2010/12/09 16:36:56.0656 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/09 16:36:56.0671 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/09 16:36:56.0687 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/09 16:36:56.0687 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/09 16:36:56.0703 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/09 16:36:56.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/09 16:36:56.0734 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/09 16:36:56.0750 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/09 16:36:56.0765 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/09 16:36:56.0781 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/09 16:36:56.0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/09 16:36:56.0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/09 16:36:56.0859 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/09 16:36:56.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/09 16:36:56.0890 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/09 16:36:56.0906 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/09 16:36:56.0921 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/09 16:36:56.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/09 16:36:56.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/09 16:36:56.0984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/09 16:36:56.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/09 16:36:57.0000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/09 16:36:57.0015 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/09 16:36:57.0015 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/09 16:36:57.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/09 16:36:57.0031 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/09 16:36:57.0046 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/09 16:36:57.0078 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/09 16:36:57.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/09 16:36:57.0125 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/09 16:36:57.0125 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/09 16:36:57.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/09 16:36:57.0156 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/09 16:36:57.0265 IntcAzAudAddService (2feb5bf0312e1cb76cd2caa875cbaa5d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/09 16:36:57.0281 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/09 16:36:57.0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/09 16:36:57.0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/09 16:36:57.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/09 16:36:57.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/09 16:36:57.0359 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/09 16:36:57.0359 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/09 16:36:57.0390 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/09 16:36:57.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/09 16:36:57.0421 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/09 16:36:57.0437 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/09 16:36:57.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/09 16:36:57.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/09 16:36:57.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/09 16:36:57.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/09 16:36:57.0562 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2010/12/09 16:36:57.0578 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2010/12/09 16:36:57.0593 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/12/09 16:36:57.0609 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
2010/12/09 16:36:57.0625 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
2010/12/09 16:36:57.0640 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
2010/12/09 16:36:57.0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/09 16:36:57.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/09 16:36:57.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/09 16:36:57.0718 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/09 16:36:57.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/09 16:36:57.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/09 16:36:57.0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/09 16:36:57.0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/09 16:36:57.0859 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/09 16:36:57.0875 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/09 16:36:57.0890 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/09 16:36:57.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/09 16:36:57.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/09 16:36:57.0906 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/09 16:36:57.0937 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/09 16:36:57.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/09 16:36:57.0953 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/09 16:36:57.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/09 16:36:57.0984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/09 16:36:58.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/09 16:36:58.0046 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/09 16:36:58.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/09 16:36:58.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/09 16:36:58.0093 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/09 16:36:58.0109 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/09 16:36:58.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/09 16:36:58.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/09 16:36:58.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/09 16:36:58.0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/09 16:36:58.0171 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/09 16:36:58.0187 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/09 16:36:58.0218 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/09 16:36:58.0234 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/09 16:36:58.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/09 16:36:58.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/09 16:36:58.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/09 16:36:58.0281 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/09 16:36:58.0296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/09 16:36:58.0296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/09 16:36:58.0312 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/09 16:36:58.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/09 16:36:58.0328 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/09 16:36:58.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/09 16:36:58.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/09 16:36:58.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/09 16:36:58.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/09 16:36:58.0375 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/09 16:36:58.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/09 16:36:58.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/09 16:36:58.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/09 16:36:58.0421 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/09 16:36:58.0468 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/09 16:36:58.0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/09 16:36:58.0531 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/09 16:36:58.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/09 16:36:58.0593 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/09 16:36:58.0734 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/09 16:36:58.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/09 16:36:58.0890 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/09 16:36:58.0906 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/09 16:36:58.0937 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/09 16:36:58.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/09 16:36:58.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/09 16:36:59.0000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/09 16:36:59.0000 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/09 16:36:59.0015 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/09 16:36:59.0031 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/09 16:36:59.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/09 16:36:59.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/09 16:36:59.0093 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/09 16:36:59.0109 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/09 16:36:59.0109 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/09 16:36:59.0125 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/09 16:36:59.0156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/09 16:36:59.0171 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/09 16:36:59.0171 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/09 16:36:59.0203 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/09 16:36:59.0234 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/09 16:36:59.0250 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/09 16:36:59.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/09 16:36:59.0296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/09 16:36:59.0312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/09 16:36:59.0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/09 16:36:59.0328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/09 16:36:59.0359 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/09 16:36:59.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/09 16:36:59.0390 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/09 16:36:59.0421 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/09 16:36:59.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/09 16:36:59.0515 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/09 16:36:59.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/09 16:36:59.0546 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/09 16:36:59.0578 ================================================================================
2010/12/09 16:36:59.0578 Scan finished
2010/12/09 16:36:59.0578 ================================================================================





MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7328000 ftdisk.sys
0xF798B000 dmload.sys
0xF7302000 dmio.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF72EA000 atapi.sys
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72CA000 fltMgr.sys
0xF72B8000 sr.sys
0xF74D7000 PxHelp20.sys
0xF72A1000 KSecDD.sys
0xF728E000 WudfPf.sys
0xF7201000 Ntfs.sys
0xF71D4000 NDIS.sys
0xF71BA000 Mup.sys
0xF7677000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6DBC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6DA8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6D80000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6D63000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF779F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6D3F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D1C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79A3000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7B43000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6CF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6CC4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7507000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C3E000 \SystemRoot\system32\DRIVERS\update.sys
0xF796B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7517000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7E3000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAE7BF000 \SystemRoot\system32\drivers\portcls.sys
0xF7557000 \SystemRoot\system32\drivers\drmk.sys
0xAE2CA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF7947000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B82000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7817000 \SystemRoot\System32\drivers\vga.sys
0xF79BF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF781F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7827000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6CC0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE26F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE216000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7577000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAE1F0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7587000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE1C8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE1A6000 \SystemRoot\System32\drivers\afd.sys
0xF7597000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE17B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE0E3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE0BC000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7837000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF75C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6C32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF785F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6C2E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6C26000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAE004000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79CD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7186000 \SystemRoot\System32\drivers\Dxapi.sys
0xF787F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A63000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF571000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xABDC3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xABD4B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABACF000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAB9E3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAB596000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB75B000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB339000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAB1A2000

The MBRCheck log was cut off. Please post it again for me, cobbs.

Thanks

**EDIT: Actually, that looks the same, let me run it again and see if I get more.**

Doh!



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7328000 ftdisk.sys
0xF798B000 dmload.sys
0xF7302000 dmio.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF72EA000 atapi.sys
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72CA000 fltMgr.sys
0xF72B8000 sr.sys
0xF74D7000 PxHelp20.sys
0xF72A1000 KSecDD.sys
0xF728E000 WudfPf.sys
0xF7201000 Ntfs.sys
0xF71D4000 NDIS.sys
0xF71BA000 Mup.sys
0xF7677000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6DBC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6DA8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6D80000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6D63000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF779F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6D3F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D1C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79A3000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7B43000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6CF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6CC4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7507000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C3E000 \SystemRoot\system32\DRIVERS\update.sys
0xF796B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7517000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7E3000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAE7BF000 \SystemRoot\system32\drivers\portcls.sys
0xF7557000 \SystemRoot\system32\drivers\drmk.sys
0xAE2CA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF7947000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B82000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7817000 \SystemRoot\System32\drivers\vga.sys
0xF79BF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF781F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7827000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6CC0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE26F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE216000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7577000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAE1F0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7587000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE1C8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE1A6000 \SystemRoot\System32\drivers\afd.sys
0xF7597000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE17B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE0E3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE0BC000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7837000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF75C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6C32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF785F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6C2E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6C26000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAE004000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79CD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7186000 \SystemRoot\System32\drivers\Dxapi.sys
0xF787F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A63000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF571000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xABDC3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xABD4B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABACF000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAB9E3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAB596000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB75B000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB339000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAB1A2000

Edited by cobbs, 09 December 2010 - 06:27 PM.

Try this one.


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7328000 ftdisk.sys
0xF798B000 dmload.sys
0xF7302000 dmio.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF72EA000 atapi.sys
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72CA000 fltMgr.sys
0xF72B8000 sr.sys
0xF74D7000 PxHelp20.sys
0xF72A1000 KSecDD.sys
0xF728E000 WudfPf.sys
0xF7201000 Ntfs.sys
0xF71D4000 NDIS.sys
0xF71BA000 Mup.sys
0xF7677000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6DBC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6DA8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6D80000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6D63000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF779F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6D3F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D1C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79A3000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7B43000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6CF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6CC4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7507000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C3E000 \SystemRoot\system32\DRIVERS\update.sys
0xF796B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7517000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7E3000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAE7BF000 \SystemRoot\system32\drivers\portcls.sys
0xF7557000 \SystemRoot\system32\drivers\drmk.sys
0xAE2CA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF7947000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B82000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7817000 \SystemRoot\System32\drivers\vga.sys
0xF79BF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF781F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7827000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6CC0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE26F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE216000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7577000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAE1F0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7587000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE1C8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE1A6000 \SystemRoot\System32\drivers\afd.sys
0xF7597000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE17B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE0E3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE0BC000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7837000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF75C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6C32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF785F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6C2E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6C26000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAE004000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79CD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7186000 \SystemRoot\System32\drivers\Dxapi.sys
0xF787F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A63000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF571000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xABDC3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xABD4B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABACF000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAB9E3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAB596000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB75B000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB339000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAB1A2000 \SystemRoot\system32\DRIVERS\srv.sys
0xAAE69000 \SystemRoot\System32\Drivers\HTTP.sys
0xAAD29000 \SystemRoot\system32\DRIVERS\wpdusb.sys
0xAAB30000 \SystemRoot\system32\DRIVERS\wudfrd.sys
0xAAA3A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
420 C:\WINDOWS\system32\smss.exe
468 csrss.exe
504 C:\WINDOWS\system32\winlogon.exe
548 C:\WINDOWS\system32\services.exe
560 C:\WINDOWS\system32\lsass.exe
716 C:\WINDOWS\system32\ati2evxx.exe
748 C:\WINDOWS\system32\svchost.exe
800 svchost.exe
868 C:\Program Files\Dell\DellDock\DockLogin.exe
880 C:\WINDOWS\system32\svchost.exe
920 C:\WINDOWS\system32\svchost.exe
972 svchost.exe
1064 svchost.exe
1200 C:\WINDOWS\system32\ati2evxx.exe
1276 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1480 C:\WINDOWS\explorer.exe
1572 C:\WINDOWS\RTHDCPL.EXE
1596 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1600 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1644 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
1696 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1704 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1712 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
1724 C:\WINDOWS\system32\ctfmon.exe
1796 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
348 C:\WINDOWS\system32\spoolsv.exe
2520 svchost.exe
2576 C:\Program Files\Java\jre6\bin\jqs.exe
2600 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2672 C:\WINDOWS\system32\svchost.exe
2776 C:\WINDOWS\system32\searchindexer.exe
3084 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
3680 alg.exe
232 C:\WINDOWS\system32\svchost.exe
3112 WudfHost.exe
3696 C:\Documents and Settings\Valued Customer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-75A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: FEA788F8B8DE9383212521CD72B531C4A4BD3942


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

First go here and see how to back up your MBR

When that's done please rerun MBRCheck as shown below


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:

• How to use the Recovery Console
• How to fix MBR in Windows XP and Vista

If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe

• Run MBRCheck.exe
• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Please push the 'Y' key and then press Enter
• When program ask you Enter 2 and press the Enter key
• Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
• Enter 0 and press the Enter key.
• The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
• when asked Do you want to fix the MRB code? type in YES and press enter
• Restart your PC.

After you restart the PC

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some data on it
• a report called MBRcheck will be on your desktop
• open this report
• Right click on the screen and select > Select All
• Press Control+C
• now please copy that report to this thread

I have a question/problem.

While performing the steps in setting up the Recovery Console, it mentions letting DynamicUpdate connect to the internet to make sure I have the latest files. The problem is, the computer I'm trying to set up the Recovery Console on is the computer with no internet connection.

How should I handle this?

Do you have another machine which you could download and update on? You could then transfer the recovery console program via flashdrive.

If not then just say No to the update.

I continued without checking for the latest files, but I have a new issue that was not mentioned in the recovery console links.

At the command prompt, I type "fixmbr", but I got a warning:

"** Caution **

This computer appears to have a non-standard or invalid master boot record.

FIXMBR may damage your partition tables if you proceed.

This could cause all the partitions on the current hard disk to become inaccessible.

If you are not having problems accessing your drive, do not continue.

Are you sure you want to write a new MBR?"

Could this have anything to do with the fact that I installed the recovery console with an XP disc that did not come with the infected computer (it has been lost)?

That's a standard warning. We have backed up the MBR just in case so go ahead and fixmbr