Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Possible Malware, Viruses also System Restore error

  • This topic is locked This topic is locked



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm lets see if we can get MBRCheck to fix it.

There is an outside chance that the system will not boot after the change, as this malware can get very uppity at times , if that does occur then run the recovery disc and using the command prompt option run the following command to restore the MBR

Bootrec.exe /FixMbr

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:

Enter >>5<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0





  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Well sorry, my brother decided to do a fresh install of Windows 7 so I have updated it all etc, I havent updated all the drivers though because I don't know which ones need updating besides the graphics card.

If you can help me with this it would be great, also I ran some scans etc assuming there should be no viruses and stuff seeming its a clean install so far so good, also i ran MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-880GM-USB3
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 195):
0x02E51000 \SystemRoot\system32\ntoskrnl.exe
0x02E08000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00C15000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C22000 \SystemRoot\system32\PSHED.dll
0x00C36000 \SystemRoot\system32\CLFS.SYS
0x00C94000 \SystemRoot\system32\CI.dll
0x00D54000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00C00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E5B000 \SystemRoot\system32\drivers\ACPI.sys
0x00EB2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EBB000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EC5000 \SystemRoot\system32\drivers\pci.sys
0x00EF8000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F05000 \SystemRoot\System32\drivers\partmgr.sys
0x00F1A000 \SystemRoot\system32\drivers\volmgr.sys
0x00F2F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F8B000 \SystemRoot\system32\drivers\pciide.sys
0x00F92000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FA2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FBC000 \SystemRoot\system32\drivers\vmbus.sys
0x00E00000 \SystemRoot\system32\drivers\winhv.sys
0x00E14000 \SystemRoot\system32\drivers\atapi.sys
0x00E1D000 \SystemRoot\system32\drivers\ataport.SYS
0x00E47000 \SystemRoot\system32\drivers\amdxata.sys
0x0106F000 \SystemRoot\system32\drivers\fltmgr.sys
0x010BB000 \SystemRoot\system32\drivers\fileinfo.sys
0x0124B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010CF000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0112D000 \SystemRoot\System32\Drivers\cng.sys
0x0121B000 \SystemRoot\System32\drivers\pcw.sys
0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01421000 \SystemRoot\system32\drivers\ndis.sys
0x01514000 \SystemRoot\system32\drivers\NETIO.SYS
0x01574000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0167A000 \SystemRoot\System32\drivers\tcpip.sys
0x0187E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018C8000 \SystemRoot\system32\drivers\vmstorfl.sys
0x018D8000 \SystemRoot\system32\drivers\volsnap.sys
0x01924000 \SystemRoot\System32\Drivers\spldr.sys
0x0192C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01966000 \SystemRoot\System32\Drivers\mup.sys
0x01978000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01981000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019BB000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019D1000 \SystemRoot\system32\drivers\cdrom.sys
0x01666000 \SystemRoot\System32\Drivers\Null.SYS
0x0166F000 \SystemRoot\System32\Drivers\Beep.SYS
0x0159F000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x015C6000 \SystemRoot\System32\drivers\vga.sys
0x015D4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01400000 \SystemRoot\System32\drivers\watchdog.sys
0x01410000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01236000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0123F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0119F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011B0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E05000 \SystemRoot\system32\drivers\afd.sys
0x03E8E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03ED3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03EDC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F02000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F11000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F2E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F49000 \SystemRoot\system32\drivers\termdd.sys
0x03F5D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03FAE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03FBA000 \SystemRoot\system32\drivers\mssmbios.sys
0x03FC5000 \SystemRoot\System32\drivers\discache.sys
0x040DB000 \SystemRoot\system32\drivers\csc.sys
0x0415E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0417C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0418D000 \SystemRoot\system32\DRIVERS\AppleCharger.sys
0x04195000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x041BB000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x041D0000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04000000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0486F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x052C5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x053B9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04800000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04824000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x04854000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04055000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04856000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x01000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x040AC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0423B000 \SystemRoot\system32\drivers\1394ohci.sys
0x04279000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04286000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04292000 \SystemRoot\system32\drivers\CompositeBus.sys
0x042A2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x042B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x042DC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x042E8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04317000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04332000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04353000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0436D000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04378000 \SystemRoot\system32\drivers\kbdclass.sys
0x04387000 \SystemRoot\system32\drivers\mouclass.sys
0x04396000 \SystemRoot\system32\drivers\swenum.sys
0x04398000 \SystemRoot\system32\drivers\ks.sys
0x043DB000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x04200000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04212000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x060C4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0611E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x06129000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0613E000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x06175000 \SystemRoot\system32\drivers\portcls.sys
0x061B2000 \SystemRoot\system32\drivers\drmk.sys
0x061D4000 \SystemRoot\system32\drivers\ksthunk.sys
0x06AD5000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06D0F000 \SystemRoot\system32\drivers\hidusb.sys
0x06D1D000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x06D36000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x00080000 \SystemRoot\System32\win32k.sys
0x06D3F000 \SystemRoot\System32\drivers\Dxapi.sys
0x06D4B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06D59000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06D65000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06D6E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06D81000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06D9E000 \SystemRoot\system32\drivers\kbdhid.sys
0x06DAC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06DB9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x06DC7000 \SystemRoot\system32\drivers\luafv.sys
0x05435000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x05517000 \SystemRoot\system32\drivers\WudfPf.sys
0x05538000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0554D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06A00000 \SystemRoot\system32\drivers\HTTP.sys
0x05565000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05583000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0559B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x055C8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05400000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x0604E000 \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
0x0607F000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x08852000 \SystemRoot\system32\drivers\peauth.sys
0x088F8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08903000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08934000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08946000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E75000 \SystemRoot\System32\DRIVERS\srv.sys
0x08F7E000 \??\C:\Windows\gdrv.sys
0x08F87000 \??\C:\Windows\system32\drivers\mbam.sys
0x76E30000 \Windows\System32\ntdll.dll
0x47E30000 \Windows\System32\smss.exe
0xFF150000 \Windows\System32\apisetschema.dll
0xFF4A0000 \Windows\System32\autochk.exe
0xFF030000 \Windows\System32\msctf.dll
0x76CE0000 \Windows\System32\urlmon.dll
0x76BE0000 \Windows\System32\user32.dll
0xFEFB0000 \Windows\System32\shlwapi.dll
0xFEF30000 \Windows\System32\difxapi.dll
0xFEE90000 \Windows\System32\clbcatq.dll
0xFEE60000 \Windows\System32\imm32.dll
0x76AC0000 \Windows\System32\kernel32.dll
0x768B0000 \Windows\System32\iertutil.dll
0xFEE40000 \Windows\System32\imagehlp.dll
0x77000000 \Windows\System32\normaliz.dll
0xFE0B0000 \Windows\System32\shell32.dll
0xFDFE0000 \Windows\System32\usp10.dll
0x76FF0000 \Windows\System32\psapi.dll
0xFDFD0000 \Windows\System32\nsi.dll
0x76750000 \Windows\System32\wininet.dll
0xFDDF0000 \Windows\System32\setupapi.dll
0xFDBE0000 \Windows\System32\ole32.dll
0xFDB70000 \Windows\System32\gdi32.dll
0xFDA40000 \Windows\System32\rpcrt4.dll
0xFD9E0000 \Windows\System32\Wldap32.dll
0xFD900000 \Windows\System32\oleaut32.dll
0xFD8E0000 \Windows\System32\sechost.dll
0xFD840000 \Windows\System32\comdlg32.dll
0xFD760000 \Windows\System32\advapi32.dll
0xFD710000 \Windows\System32\ws2_32.dll
0xFD700000 \Windows\System32\lpk.dll
0xFD660000 \Windows\System32\msvcrt.dll
0xFD5C0000 \Windows\System32\comctl32.dll
0xFD550000 \Windows\System32\KernelBase.dll
0xFD530000 \Windows\System32\devobj.dll
0xFD3C0000 \Windows\System32\crypt32.dll
0xFD380000 \Windows\System32\wintrust.dll
0xFD340000 \Windows\System32\cfgmgr32.dll
0xFD330000 \Windows\System32\msasn1.dll
0x76FE0000 \Windows\SysWOW64\normaliz.dll

Processes (total 60):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
452 csrss.exe
512 C:\Windows\System32\wininit.exe
544 csrss.exe
576 C:\Windows\System32\services.exe
616 C:\Windows\System32\winlogon.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\atiesrxx.exe
960 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\atieclxx.exe
1224 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\dwm.exe
1448 C:\Windows\explorer.exe
1540 C:\Windows\System32\spoolsv.exe
1568 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\taskhost.exe
1788 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1816 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1888 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
1940 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1988 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
2008 C:\Windows\System32\svchost.exe
2036 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
1196 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1212 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2064 C:\Windows\SysWOW64\PnkBstrA.exe
2112 C:\Windows\SysWOW64\PnkBstrB.exe
2152 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
2160 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2244 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2412 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2896 C:\Windows\System32\SearchIndexer.exe
2584 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2512 C:\Program Files\Windows Media Player\wmpnetwk.exe
3264 WmiPrvSE.exe
2668 C:\Windows\System32\svchost.exe
3232 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1716 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
3964 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
2576 C:\Windows\System32\svchost.exe
2208 C:\Windows\System32\audiodg.exe
1696 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1948 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2636 C:\Windows\System32\msiexec.exe
344 <unknown>
3192 C:\Windows\System32\svchost.exe
3016 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4340 C:\Windows\System32\SearchProtocolHost.exe
4448 C:\Windows\System32\SearchFilterHost.exe
3144 C:\Windows\explorer.exe
4788 C:\Users\SuhrGaming\Downloads\MBRCheck.exe
3896 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST31000524AS, Rev: JC45

Size Device Name MBR Status
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is one way of resetting the MBR :lol:

For drivers I use DriverMax you get two driver updates per day with the free version

Download and install the small programme - you will need to stop it from starting with the computer though

Let me know if you require any further help
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Alright I have one more thing, I am getting blue screens that i thought were caused by my Ram as they stopped occuring when i took one of my 4gb sticks out then when my dad went out to replace that stick of ram i mean while got another blue screen. I'm starting to think that there is something wrong with my graphics card or motherboard as sometimes it will just randomly crash without a blue screen but will go multicolored etc instead or just restart the computer completely, also i got blue screens ages ago that referred to the graphics card, but before i go out to replace or get a new gpu and mobo i need to make sure of it. Can you help me out with this one? thanks.
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You could run this stress test programme and if the card is bad it will show
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Alright I seem to be getting somewhere, My computer seems to dislike 8GB of RAM, I have gotten my RAM replaced about 2 times now so it isnt bad memory, today I got my 4GB RAM stick replaced by 2x 2GB RAM sticks as soon as I installed them my computer crashed when I booted up to the desktop so I kept trying to restart etc until I gave up and took one of the sticks out so now I have 6GB installed and it works perfectly, now this isn't because the other stick is bad RAM as my computer crashed when i had the 4GB stick installed as well which got replaced and still crashed.

Also further note, when i booted to the desktop it gave a bunch of errors about ATI Catalyst not starting etc, when i took out one of the 2GB stick of RAM it works. hmmmm is it my motherboard? I have read up on this problem and people are having problems with their motherboard auto setting the RAM frequency above the recommended.
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Alright I changed the RAM values and it seems to run without blue screening now. My bios had set it automatically to 1333MHz and my RAM says 1600MHz so i set it to that.
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I assume that the motherboard can handle that amount of RAM
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 23 posts
so far so good, no blue screens yet
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you need any further assistance then send me a PM

I will close this topic for now
  • 0




    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP