WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Possible Virus?

2 posters

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?10th November 2012, 4:02 am

more_horiz
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 22:01:39
-----------------------------
22:01:39.562 OS Version: Windows 5.1.2600 Service Pack 3
22:01:39.562 Number of processors: 2 586 0x403
22:01:39.562 ComputerName: WARCRAFT UserName: Bob
22:01:40.125 Initialize success
22:01:47.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:01:47.453 Disk 0 Vendor: WDC_WD16 02.0 Size: 152627MB BusType: 3
22:01:47.453 Disk 0 MBR read successfully
22:01:47.453 Disk 0 MBR scan
22:01:47.453 Disk 0 Windows XP default MBR code
22:01:47.453 Disk 0 MBR hidden
22:01:47.453 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 131069 MB offset 63
22:01:47.453 Disk 0 scanning sectors +268430085
22:01:47.500 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:53.312 Service scanning
22:02:00.703 Modules scanning
22:02:04.656 Disk 0 trace - called modules:
22:02:04.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88a674b1]<<
22:02:04.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9a3ab8]
22:02:04.656 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x8a9fd630]
22:02:04.656 \Driver\iastor[0x88904360] -> IRP_MJ_CREATE -> 0x88a674b1
22:02:04.671 Scan finished successfully
22:02:13.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat"
22:02:13.156 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?10th November 2012, 7:45 pm

more_horiz
Good morning bobu,

Please download MBRCheck to your Desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your Desktop.
  • Open this report and post its content in your next reply.

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?10th November 2012, 9:34 pm

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0x89E38000 \WINDOWS\system32\KDCOM.DLL
0xB84BC000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB7EBE000 iaStor.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7E9E000 fltmgr.sys
0xB7E8C000 sr.sys
0xB7E75000 KSecDD.sys
0xB7E56000 FirePM.sys
0xB7DC9000 Ntfs.sys
0xB7D9C000 NDIS.sys
0xB7D82000 Mup.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB5E91000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB5E7D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB5E4F000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB5E2B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB5D94000 \SystemRoot\system32\drivers\smwdm.sys
0xB5D70000 \SystemRoot\system32\drivers\portcls.sys
0xB82D8000 \SystemRoot\system32\drivers\drmk.sys
0xB5D4D000 \SystemRoot\system32\drivers\ks.sys
0xB5C9A000 \SystemRoot\system32\drivers\senfilt.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8408000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB5C86000 \SystemRoot\system32\DRIVERS\parport.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8568000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8108000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB86E0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8118000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8578000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB5C6F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8128000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8138000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8410000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB5C5E000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8148000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8418000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8420000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8158000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8604000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5C00000 \SystemRoot\system32\DRIVERS\update.sys
0xB7BDE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAD5CB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAD5AB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8666000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8648000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA44D3000 \SystemRoot\System32\Drivers\Null.SYS
0xB864A000 \SystemRoot\System32\Drivers\Beep.SYS
0xA4033000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA402B000 \SystemRoot\System32\drivers\vga.sys
0xB864C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB864E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA4023000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA401B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA488C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA3658000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA35FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA35D9000 \??\C:\WINDOWS\system32\Drivers\FireTDI.sys
0xA35B3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA358B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA48CC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA3569000 \SystemRoot\System32\drivers\afd.sys
0xA48BC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA4013000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA353E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA34CE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA48AC000 \??\C:\WINDOWS\system32\Drivers\Firehk5x.sys
0xA414F000 \SystemRoot\System32\Drivers\Fips.SYS
0xA400B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA4419000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA412F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA4411000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA411F000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0xA34A9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xA40CF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA3436000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA3B43000 \SystemRoot\System32\drivers\Dxapi.sys
0xA3A19000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8707000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD42F000 \SystemRoot\System32\ATMFD.DLL
0xA28C5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB8488000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA6385000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2848000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8616000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB3B9E000 \??\C:\WINDOWS\system32\drivers\firelm01.sys
0xA2750000 \SystemRoot\system32\DRIVERS\srv.sys
0xA269B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB42C8000 \SystemRoot\system32\drivers\sysaudio.sys
0xA2026000 \SystemRoot\system32\DRIVERS\RT61.sys
0xA1EF5000 \SystemRoot\System32\Drivers\HTTP.sys
0xA1F36000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
612 C:\WINDOWS\system32\smss.exe
660 csrss.exe
688 C:\WINDOWS\system32\winlogon.exe
732 C:\WINDOWS\system32\services.exe
744 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1232 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1304 C:\WINDOWS\system32\svchost.exe
1592 C:\WINDOWS\system32\spoolsv.exe
1648 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1712 svchost.exe
1812 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1848 C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
1940 C:\Program Files\Java\jre6\bin\jqs.exe
1992 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
176 naPrdMgr.exe
168 C:\WINDOWS\system32\nvsvc32.exe
296 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
316 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
596 C:\WINDOWS\explorer.exe
1776 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
1784 C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
1904 C:\WINDOWS\system32\rundll32.exe
2056 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2084 C:\WINDOWS\system32\ctfmon.exe
2200 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3292 alg.exe
1160 C:\WINDOWS\system32\svchost.exe
2944 C:\Program Files\Mozilla Firefox\firefox.exe
3568 C:\Program Files\Mozilla Firefox\plugin-container.exe
3188 C:\Documents and Settings\Bob\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JS-22MHB0, Rev: 02.01C03

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?11th November 2012, 1:25 am

more_horiz
Hey bobu,

Please download BlueScreenVew.
Unzip the downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit > Select All.
Go File > Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?11th November 2012, 1:43 am

more_horiz
Hi - nothing happens when I run this.

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?11th November 2012, 9:31 pm

more_horiz
Howdy bobu,

Please download WhoCrashed from here.
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next.
Put a tick in the Don't create a start menu folder then click Next.
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish.
Click Analyze.
It will want to download the Debugger and install it. Say Yes.

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply.

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?12th November 2012, 1:37 am

more_horiz
System Information (local)
--------------------------------------------------------------------------------

computer name: WARCRAFT
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Pentium(R) 4 CPU 3.00GHz Intel586, level: 15
2 logical processors, active mask: 3
RAM: 2682351616 total
VM: 2147352576, free: 2048966656




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?12th November 2012, 10:08 am

more_horiz
Hey bobu,

Please go to C:\Windows and upload any dmp files that are present.

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?17th November 2012, 12:27 pm

more_horiz
Are you still with me bobu?

descriptionPossible Virus? - Page 1 EmptyRe: Possible Virus?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum