Could you re-scan with aswMBR(the latest version)?
You scanned with the old version of aswMBR which is reporting suspicious mui files,it is confirmed as a bug i think and it’s fixed at the new version.
Ok I will download the latest version. I thought that’s what I downloaded…lol. On my way to find it now. I am still laughing over here. Today is when I noticed a page 2 on responses. Sigh… One of these days I will get all this down to memory. As you can see I am new to forums too. 8)
Okey dokey - aswmbr has been updated as you appear to have an MBR infection - how is your computer behaving at the moment ?
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Ok sorry for the absence. Looks like the PC virus attacked my body… … just came home from hospital yesterday.
:‘(OH NO… :’(I just read your MBR post and the log is below this latest reply/update.
The system went totally bonkers the day I went into the hospital. Before I left I had already made copies of my important things I could not do without. I ended up starting from scratch all over again. “Hate I did it too” but today’s issues are minor compared to last weeks!!
As stated I am having a few issues still. I can at least open .exe’e and run programs. (YIPEE) I still think one of the updates is what created the mess in the first place.
Norton was Compaq’s-Hewlett Packards freebie, so it was in operation until I put Avast back on in a few. Ran the scan, no viruses drivers were updated and all are working – made sure so I dbl checked HP’s drivers page and used Uniblue (Speed My PC/Drivers-RegistryCleaner (Powersuite)
The PC appeared to work fine until those darn updates – then :
(1) I use Firefox and noticed downloads were slow…unless I ran mouse across it to move it along, <—(sound stupid? it looked stupid doing that and I happened upon that --or so I thought until Chrome acted the same way…not sure what that is all about? DAP will be downloaded shortly –
(2) Attempted to run copied discs to scan them and hopefully at least see the contents. Nope that was not happening. The inserted disc(s) refuse to load/read-- these were my system formatted backup files. Some of the other were RAR files I had done, but nothing loaded and froze the PC up numerous times. Tried a MP3 disc from that batch I burned, same thing, however discs burned before calamity (June’s burns) all work fine. So at least I know it is not my CD/DVD drive. If it had the MBR virus those cd/dvd’s or headed to the trash ASAP!! I do not wanna ever go through this again.
(3)My Firefox’s bookmark html (json) files from June’s burns are giving me the blues…so I am about to check Firefox’s site to see what that’s all about. (more groans – groaning is allowed–“I’m still under par”)
So Norton will be kicked to the curb quick, fast and in a hurry - just wanted to post this and off I go to handle that. I am definitely going to download Malewarebytes amongst many programs I know I’ll need a.g.a.i.n… At first it seemed I was zipping along the internet highway…now I am still moving but with alot of freezes.
Windows installed their updates and once again (to me) that is when I noticed the strange behavior. It was I think (unsure 28 of them) so which one is the culprit who knows? SP1 is installed…so any suggestions on checking to see what is creating this issue? – groans groans and more groans.
BTW I am still extremely grateful for everyone’s help…even tho I ended up thinking to self "Keep current state of PC and lose PC in this battle or start fresh and keep PC. Latter was probably the best move – just lost a ton of graphic art, and since discs are not loading thats down the drain -b-u-t- "if I designed it once, I guess I can do it again…
Soft-Breeze? nope it is hot as hell here in Indiana today
…uh, how hot is hell anyways… ??? ;D
__________MBR
20:27:00.514 Disk 0 MBR read successfully
20:27:00.519 Disk 0 MBR scan
20:27:00.550 Disk 0 unknown MBR code
20:27:00.556 Service scanning
20:27:02.600 Disk 0 trace - called modules:
20:27:02.659 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:27:02.666 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80024bb660]
20:27:02.674 3 CLASSPNP.SYS[fffff8800104a43f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002475060]
20:27:02.683 Scan finished successfully
20:28:26.807 Disk 0 MBR has been saved successfully to “C:\Users\Terry S\Documents\MBR.dat”
20:28:26.808 The log file has been saved successfully to “C:\Users\Terry S\Documents\aswMBR.txt”
Thanks BostonLover!! LOL I thought the TM had been nailed by that darn virus…lol It worked just by clicking that border… I sure love complicating solutions that are simple… ;D
Download OTS http://oldtimer.geekstogo.com/OTS.exe to your Desktop and double-click on it to run it
Make sure you close all other programs and don't use the PC while the scan runs. Select All Users Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop CheckUnder the Custom Scan box paste this in
%SYSTEMDRIVE%*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINTNow click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. When the scan is complete Notepad will open with the report file loaded in it. Please attach the log in your next post.
Edited to add custom scans
Please ensure that all logs are saved in the ANSI format
Just wanted to Thank you too for all your patience and help!! You all are awesome!
Okey dokey - aswmbr has been updated as you appear to have an MBR infection - how is your computer behaving at the moment ?
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Essexboy, you are one heck of a knowledgeable individual! How can I even begin to Thank you for your replies…uh how bout by me asking more questions…lol j/k/
Well it is well past essexboy’s bed time, almost 2:45am in the UK now.
I don’t know if you have downloaded aswMBR.exe again or used the one you had (as you have cropped all that information), but there has been another update to that, currently on version 0.9.7.777 @ 1.82MB. If you don’t have that one you should download it and run the scan again and then attach the log file or paste the complete contents of the log.
LOL ya know I think that’s pretty important!. I am going to do it I am zonked myself tonight and need to install Avast since I have not done it yet after PC went bonkers last Wednesday and I . I will do so, no wonder my report was empty – I didn’t trash it, I ran exe without installing aVast :-X since I restored my PC back to Manf’s original settings.
So I’ll kill Norton (Hewlett-Packards install on my laptop - install aVast) and run scan.
Thanks for the heads up…still under the weather just wasn’t thinking clearly–glad you noticed my blunder. I’ll dwnload newest version
Thumbs up for your help!
No problem.
But at least you can still smile - good attitude ;D
But at least you can still smile - good attitude ;D
Greetings Essexboy! Finally reinstalled Avast and did the MBR scan…taa dah! yep I saw one nasty red blazing line…is this the culprit? Also had a blue screen for my very first time ever. Posting it also. I removed HP’s excess stuff and used CCleaner today and finally understood how it works. Bumping my Avast for dummies up to a D- “Hey! thats a major improvement for this lady ;)” Back to class I go.
aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-19 22:38:04
22:38:04.034 OS Version: Windows x64 6.1.7601 Service Pack 1
22:38:04.034 Number of processors: 1 586 0x602
22:38:04.034 ComputerName: TERRYS UserName:
22:38:06.468 Initialize success
22:38:06.951 AVAST engine defs: 11071901
22:38:11.132 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
22:38:11.132 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 11
22:38:11.210 Disk 0 MBR read successfully
22:38:11.210 Disk 0 MBR scan
22:38:11.210 Disk 0 unknown MBR code
22:38:11.226 Service scanning
22:38:21.475 Disk 0 trace - called modules:
22:38:21.491 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:38:21.506 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80024d3060]
22:38:21.506 3 CLASSPNP.SYS[fffff880010f443f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800248c060]
22:38:22.551 AVAST engine scan C:\Windows
22:38:25.515 AVAST engine scan C:\Windows\system32
22:40:55.369 AVAST engine scan C:\Windows\system32\drivers
22:41:11.016 AVAST engine scan C:\Users\Terry S
22:41:45.726 File: C:\Users\TerryS\AppData\Roaming\Bc\svhst.exe INFECTED Win32:Dropper-gen [Drp]
22:43:42.680 AVAST engine scan C:\ProgramData
22:44:49.619 Scan finished successfully
22:46:16.027 Disk 0 MBR has been saved successfully to “C:\Users\Terry S\Desktop\MBR.dat”
22:46:16.027 The log file has been saved successfully to “C:\Users\Terry S\Desktop\aswMBR-7-19-11_scan.txt”
~ Blue Screen ~
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: a
BCP1: 0000000000000000
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFF80002A8F78C
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\071911-33181-01.dmp
C:\Users\TS\AppData\Local\Temp\WER-48141-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
OK lets kill that if Avast hasn’t allready, once done could you run a fresh OTS scan please and let me know how your computer is behaving
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Custom Items]
:Files
C:\Users\TerryS\AppData\Roaming\Bc\svhst.exe
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!