TechSpot

Hard disk problem!

By bartty
Mar 2, 2011
  1. my computer was running slow. windows pup-up continuously so i decided to run a virus scan. after dat a windows appeared. hard disk failure do a back up and shutdown ur pc or something like dat. so idont know if my hard drive is really messed up or is a malware. so any ways there are the logs from my recent scan. hope u guys can help and thanxx in advance. i will really appriciate it.

    =================================================================
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5924

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16982

    3/1/2011 8:37:56 PM
    mbam-log-2011-03-01 (20-37-56).txt

    Scan type: Quick scan
    Objects scanned: 138726
    Time elapsed: 10 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 33
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 16
    Files Infected: 13

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HBLiteAx.Info (Adware.HotBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HBLiteAx.Info.1 (Adware.HotBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.HotBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mp3Tube Toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HOMEPAGE PROTECTION SERVICE (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service\UninstallString (Adware.Mp3Tube) -> Value: UninstallString -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\Users\Owner\AppData\Roaming\HBLite (Adware.Hotbar) -> Delete on reboot.
    c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\HBLite\bin\11.0.323.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\HBLite\bin\11.0.323.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\HBLite\bin\11.0.323.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\HBLite\bin\11.0.323.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2\Bin\2.7.21 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mp3tube toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\HBLite\bin\11.0.323.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\ffmpeg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    c:\program files\mp3tube toolbar\uninstall.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    ==================================================================================================================================
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-02 17:18:15
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500BEVS-75UST0 rev.01.01A01
    Running: 2ry11e58.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgroapow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EBBF8DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
    ==================================================================================================================================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    There is a good chance, it was a fake warning message.
     
  3. bartty

    bartty TS Rookie Topic Starter

    dds and attach

    missing logs>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    any ideas?



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 17:18:43.61 on Wed 03/02/2011
    Internet Explorer: 7.0.6000.16982
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.1911 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero8\InCD\InCD.exe
    C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\DFDWiz.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SecurDisc] c:\program files\nero\nero8\incd\NBHGui.exe
    mRun: [InCD] c:\program files\nero\nero8\incd\InCD.exe
    mRun: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] "c:\program files\cricket broadband connect\avqautorun.exe" "c:\program files\cricket broadband connect\mphonetools.exe" /OnPlug=%s
    mRun: [Bar] c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\s8wxn431\MEDIAPLUGIN_Installer[1].exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MSConfig] "c:\windows\system32\MSCONFIG.exe" /auto
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-1 53592]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-1 42184]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-7-10 53032]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-10-16 111616]
    S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-11-26 54544]
    S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-11-26 22032]
    S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-11-26 12048]
    S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-11-26 160400]
    S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-11-26 115216]
    S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-11-26 160400]

    =============== Created Last 30 ================

    2011-03-02 20:58:29 172032 ----a-w- c:\windows\system32\igfxres.dll
    2011-03-02 01:23:54 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2011-03-02 01:23:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-02 01:23:43 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-02 01:23:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-02 01:23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-01 22:06:35 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-01 22:04:54 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-03-01 22:00:56 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-01 22:00:44 -------- d-----w- c:\program files\AVAST Software
    2011-03-01 22:00:44 -------- d-----w- c:\progra~2\AVAST Software
    2011-03-01 21:37:35 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ce8c562d-8c9a-4e5e-8b7b-f6563cf6ec4e}\mpengine.dll

    ==================== Find3M ====================

    2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-02 23:02:12 414208 ----a-w- c:\windows\system32\msscp.dll

    ============= FINISH: 17:19:12.72 ===============
    ==================================================================================================================================

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/15/2010 5:54:25 PM
    System Uptime: 3/2/2011 4:01:57 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | Microprocessor | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 190.398 GiB free.
    D: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ares 2.1.2
    Avanquest update
    avast! Free Antivirus
    blinkx beat
    Bonjour
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Cricket Broadband Connect
    Dell Wireless WLAN Card
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mobile PhoneTools
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    PANTECH USB Modem V2
    QuickTime
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    3/2/2011 3:58:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswTdi spldr
    3/2/2011 3:58:53 PM, Error: Service Control Manager [7024] - The InCD Helper service terminated with service-specific error 1 (0x1).
    3/2/2011 3:58:53 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the following error: The system cannot find the file specified.
    3/2/2011 3:58:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    3/2/2011 3:58:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    3/2/2011 3:57:56 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
    3/1/2011 4:40:02 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    3/1/2011 3:04:28 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
    3/1/2011 3:03:39 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/1/2011 3:03:39 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Well, we won't know until we check.
    There are certain infections, which will display a fake message like that.

    However, because we don't want to put your data in danger, I'd start with this....

    Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
    For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Pa...rivesUSandCanada/SoftwareUtilities#diagnostic

    Note : If you do not know how to set your computer to boot from CD follow the steps HERE
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...