First topic message reminder :Hi,
I have
a Ramnit Virus. Within a few second from a system load my security
NOD32 finds infected files. I can not run Mozilla, IE etc
I have Windows XP SP2
Please help!Ok, it has cleaned 44 out of 48 infected files (so 4 are still left uncleaned). Here is my log.1. Please
download The Avenger by Swandog46 to your
Desktop.
- Right click on the Avenger.zip folder and select "Extract All..."
- Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (
Ctrl+C):
<blockquote>Files to delete:
C:\Program Files\QuickTime\QTSystem\QTCF.dll
C:\Program Files\iTunes\iTunesHelperSrv.exe
</blockquote>
Note:
the above code was created specifically for this user. If you are not
this user, do NOT follow these directions as they could damage the
workings of your system.3. Now, open the avenger folder and
start The Avenger program by clicking on its icon.
- Right click on the window under Input script here:, and select Paste.
- You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
- Click on Execute
- Answer "Yes" twice when prompted.
4.
The Avenger will automatically do the following:
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please
copy/paste the content of
c:\avenger.txt into your next reply along with a re-run of ESET online scanner..Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Program Files\QuickTime\QTSystem\QTCF.dll" deleted successfully.
File "C:\Program Files\iTunes\iTunesHelperSrv.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
This
is my log for the Avenger task, and attached is my updated log for the
ESET scan. 34 files were found and one could not be cleaned (bottom). Is
this normal? Am I doing something wrong here? I have uninstalled my
antivirus (because it keeps interfering and obviously wasn't very
effective in the first place)and I usually disactivate my Firewall when
running a scan...should I always keep it on? Should I permanently
install an antivirus/antimalware right away or just follow your
step-by-step instructions first? Thank you!I will give you some tips on the antivirus later, if you like.
There could still be tons more infected files. So, we must keep on going till there are no more detections.
Please download
Norman Malware Cleaner and save to your desktop.
alternate download link
- Double-click on Norman_Malware_Cleaner.exe to start the program.
- Read the End User License Agreement and click the Accept button to open the scanning window.
- Click Start Scan to begin.
- In
some cases Norman Malware Cleaner may require that you restart the
computer to completely remove an infection. If prompted, reboot and run
the tool again to ensure that all infections are removed.
- After
the scan has finished, a log file with the date (i.e.
NFix_2009-06-22_07-08-56.log) will be created on your desktop with the
results. Please post the results, when complete.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok..the
L: is my external hard drive, which I thought might not be infected
because I hadn't plugged it in my computer for a long time, but I
scanned it just in case.. Now, ESET online scan once more, please.So I ran the scan again, and 62 out of 63 files were «cleaned»...I want to try something real quick...
Please download
MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
- Double-click on MBRCheck.exe to run it.
- It will open a black window...please do not fix anything (if it gives you an option).
- When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
- A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
- Please copy and paste the contents of that log in your next reply.
==============
Please download
TDSSKiller from
here and save it to your
Desktop.
- Doubleclick TDSSKiller.exe to run the tool
- Click the Start Scan button
- After the scan has finished, click the Close button
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.Ok done! So here's the MBR log.....and the TDSSKiller log:
2010/10/23 15:55:50.0515 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 15:55:50.0515 ================================================================================
2010/10/23 15:55:50.0515 SystemInfo:
2010/10/23 15:55:50.0515
2010/10/23 15:55:50.0515 OS Version: 5.1.2600 ServicePack: 2.0
2010/10/23 15:55:50.0515 Product type: Workstation
2010/10/23 15:55:50.0515 ComputerName: DELL_E521
2010/10/23 15:55:50.0515 UserName: Natty
2010/10/23 15:55:50.0515 Windows directory: C:\WINDOWS
2010/10/23 15:55:50.0515 System windows directory: C:\WINDOWS
2010/10/23 15:55:50.0515 Processor architecture: Intel x86
2010/10/23 15:55:50.0515 Number of processors: 2
2010/10/23 15:55:50.0515 Page size: 0x1000
2010/10/23 15:55:50.0515 Boot type: Normal boot
2010/10/23 15:55:50.0515 ================================================================================
2010/10/23 15:55:50.0859 Initialize success
2010/10/23 15:55:55.0421 ================================================================================
2010/10/23 15:55:55.0421 Scan started
2010/10/23 15:55:55.0421 Mode: Manual;
2010/10/23 15:55:55.0421 ================================================================================
2010/10/23 15:55:56.0578 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/23 15:55:56.0625 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/23 15:55:56.0671 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/10/23 15:55:56.0703 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/10/23 15:55:56.0796 AmdK8 (fefe7f885ea456194656c6a00ea16c93) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/10/23 15:55:56.0890 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/23 15:55:56.0906 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/23 15:55:56.0953 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/23 15:55:56.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/23 15:55:57.0015 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/23 15:55:57.0046 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/23 15:55:57.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/23 15:55:57.0203 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/23 15:55:57.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/23 15:55:57.0265 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/23 15:55:57.0296 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/23 15:55:57.0343 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/23 15:55:57.0437 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/23 15:55:57.0468 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/23 15:55:57.0515 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/23 15:55:57.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/23 15:55:57.0593 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/23 15:55:57.0625 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/23 15:55:57.0781 EverestDriver (54a76d2c2d892dcbd8e9e94293ba8f2c) D:\LogiCiel\Systeme\Everest\kerneld.wnt
2010/10/23 15:55:57.0828 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/23 15:55:57.0843 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/23 15:55:57.0859 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/23 15:55:57.0875 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/23 15:55:57.0906 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/23 15:55:57.0984 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/23 15:55:58.0015 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/23 15:55:58.0031 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/23 15:55:58.0062 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/23 15:55:58.0093 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/23 15:55:58.0109 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/23 15:55:58.0140 HidBatt (13c0d55da4b7148ef980e130b85d9f2c) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/10/23 15:55:58.0171 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/23 15:55:58.0218 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/23 15:55:58.0281 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/10/23 15:55:58.0312 ICAM3NT5 (67ad57ae9aa6a2f02561325ea1b3e4b2) C:\WINDOWS\system32\Drivers\ICAM3D2.SYS
2010/10/23 15:55:58.0359 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/23 15:55:58.0421 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/23 15:55:58.0453 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/23 15:55:58.0500 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/23 15:55:58.0546 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/23 15:55:58.0593 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/23 15:55:58.0656 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/23 15:55:58.0734 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/23 15:55:58.0765 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/23 15:55:58.0765 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/23 15:55:58.0812 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/23 15:55:58.0859 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/23 15:55:58.0921 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/23 15:55:58.0968 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/23 15:55:59.0000 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/23 15:55:59.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/23 15:55:59.0078 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/23 15:55:59.0203 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/23 15:55:59.0218 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/23 15:55:59.0250 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/23 15:55:59.0281 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/23 15:55:59.0296 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/23 15:55:59.0312 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/23 15:55:59.0328 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/23 15:55:59.0359 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/23 15:55:59.0437 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/23 15:55:59.0468 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/23 15:55:59.0484 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/23 15:55:59.0531 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/23 15:55:59.0546 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/23 15:55:59.0562 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/23 15:55:59.0593 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/23 15:55:59.0640 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/23 15:55:59.0687 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/23 15:55:59.0734 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/23 15:55:59.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/23 15:56:00.0468 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/23 15:56:00.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/23 15:56:00.0765 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/23 15:56:00.0796 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/23 15:56:00.0812 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/23 15:56:00.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/23 15:56:00.0859 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/23 15:56:00.0921 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/23 15:56:00.0953 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/23 15:56:01.0062 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/23 15:56:01.0093 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/23 15:56:01.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/23 15:56:01.0187 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/23 15:56:01.0218 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/23 15:56:01.0234 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/23 15:56:01.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/23 15:56:01.0250 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/23 15:56:01.0296 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/23 15:56:01.0343 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/23 15:56:01.0453 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/23 15:56:01.0546 Secdrv (4e7c4709aab1f24e8fe1763ddbffb93d) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/23 15:56:01.0562 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/23 15:56:01.0609 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/23 15:56:01.0656 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/23 15:56:01.0750 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/23 15:56:01.0812 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/23 15:56:01.0984 SQTECH905C (80bba4f191ad76ef2d31dab9162d3fae) C:\WINDOWS\system32\Drivers\Capt905c.sys
2010/10/23 15:56:02.0031 Sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/23 15:56:02.0062 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/23 15:56:02.0125 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/23 15:56:02.0156 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/23 15:56:02.0156 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/23 15:56:02.0203 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/23 15:56:02.0296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/23 15:56:02.0328 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/23 15:56:02.0390 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/23 15:56:02.0437 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/23 15:56:02.0500 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/23 15:56:02.0625 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/23 15:56:02.0703 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/23 15:56:02.0796 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/23 15:56:02.0890 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/23 15:56:02.0953 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/23 15:56:02.0968 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/23 15:56:03.0000 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/23 15:56:03.0031 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/23 15:56:03.0218 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) D:\LogiCiel\Systeme\VirtualDVD\VCdRom.sys
2010/10/23 15:56:03.0281 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/23 15:56:03.0312 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/23 15:56:03.0343 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/23 15:56:03.0390 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/23 15:56:03.0453 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/23 15:56:03.0500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/23 15:56:03.0531 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/23 15:56:03.0687 ================================================================================
2010/10/23 15:56:03.0687 Scan finished
2010/10/23 15:56:03.0687 ================================================================================Run
MBRCheck.exe again by double-clicking on it.
- Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
- Enter 'Y' and then press Enter.
- When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
- Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
- Enter 5 and press the Enter key.
- The program will show Available MBR codes followed by a list of operating systems as shown below:
<blockquote>Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:
</blockquote>
- Please select your version of Windows from the list and enter the corresponding number and then press Enter.
- When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
- Left-click on the title bar (where program name and path is written).
- From the menu chose Edit -> Select All.
- Press the Enter key to copy selected text.
- Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
- When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
- Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
- If your computer does not restart on its own, please restart it manually.
Important Note:
The Master Boot Record contains the Partition Table for the hard disk
and a a little executable code for the boot start. While fixing the
Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may
cause the computer to not boot up or it may corrupt a partition.
The following are signs of a damaged MBR:
- Invalid Partition Table
- Missing Operating System
- Error loading operating system
If it is the worst case scenario, and your computer cannot boot, please take note of the following:Please
have your Windows CD available, which will allow recovering the boot
code via the Windows Recovery Console in case of any problems or install
the
XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:
- How to use the Recovery Console
- How to fix MBR in Windows XP and Vista
If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.I do not have a Windows CD available, but I have a 2 yr-old Ghost and also have access to a computer that can burn CDs.Not a problem. We have proven recovery methods, and since you have XP, we can say there is a good possibility for recovery.