Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer crashing


  • This topic is locked This topic is locked
2 replies to this topic

#1 EnterShift

EnterShift

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 03 November 2009 - 08:42 PM

My computer has crashed several times, rebooted on it's own and told me "internal hard disk drive not found..." I restart and everything is fine. I ran a microsoft online scan and the computer crashed during the scan. So I would greatly appreciate for anyone to look through my log to tell me if it's a malware problem or not. I did just recently do a clean install of windows 7.

I've followed the preparation guide, the only thing that is not included is the RootRepel. I received an error message will provide details of that at bottom of post. Here is the DDS.txt:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Roo Laptop at 20:20:24.17 on Tue 11/03/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2602 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Roo Laptop\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: digitalriver.com\store
Trusted Zone: digitalriver.com\www
Trusted Zone: trendmicro.com\store
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\roolap~1\appdata\roaming\mozilla\firefox\profiles\3hu147ja.default\
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-10-31 146448]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-10-31 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-10-31 283152]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2009-5-6 413208]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-10-31 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-10-31 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-10-31 689416]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-10-31 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-31 79360]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

=============== Created Last 30 ================

2009-11-04 00:27:33 0 d-----w- c:\program files\CCleaner
2009-11-03 23:52:47 0 d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-11-03 10:22:55 0 d-----w- c:\users\roolap~1\appdata\roaming\Win7codecs
2009-11-02 13:00:34 524288 --sha-w- c:\users\roo laptop\ntuser.dat{7c5f9d92-c7ad-11de-99aa-001d09c98d6f}.TMContainer00000000000000000002.regtrans-ms
2009-11-02 13:00:34 524288 --sha-w- c:\users\roo laptop\ntuser.dat{7c5f9d92-c7ad-11de-99aa-001d09c98d6f}.TMContainer00000000000000000001.regtrans-ms
2009-11-02 13:00:33 65536 --sha-w- c:\users\roo laptop\ntuser.dat{7c5f9d92-c7ad-11de-99aa-001d09c98d6f}.TM.blf
2009-11-02 08:29:41 0 d-----w- c:\program files\Win7codecs
2009-11-02 08:29:06 0 d-----w- c:\programdata\Win7codecs
2009-11-02 00:55:56 0 d-----w- C:\hhdump
2009-10-31 21:22:48 0 d-----w- c:\windows\PCHEALTH
2009-10-31 21:19:52 0 d-----w- c:\programdata\Microsoft Help
2009-10-31 11:42:38 0 d-----w- c:\programdata\WinZip
2009-10-31 09:51:12 0 d-----w- c:\program files\PostgreSQL
2009-10-31 09:03:26 0 d-----w- c:\programdata\Trend Micro
2009-10-31 09:03:12 0 d-----w- c:\program files\Trend Micro
2009-10-31 09:00:08 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-10-31 09:00:08 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-10-31 09:00:08 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-10-31 09:00:08 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-10-31 09:00:08 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2009-10-31 09:00:08 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-10-31 09:00:08 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-31 09:00:08 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2009-10-31 09:00:08 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-10-31 08:24:26 0 d-----w- c:\program files\Full Tilt Poker
2009-10-31 07:56:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-31 06:42:23 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-31 06:41:09 7062 ----a-w- c:\windows\system32\audiopid.vxd
2009-10-31 06:41:04 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 06:41:03 2873823 ------w- c:\windows\system32\Sens_oal.dll
2009-10-31 06:41:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-31 06:40:52 0 d-----w- c:\program files\common files\Creative Labs Shared
2009-10-31 06:40:26 0 d-----w- c:\program files\Creative
2009-10-31 06:40:01 0 d-----w- c:\programdata\Creative
2009-10-31 06:39:55 87 ---ha-r- c:\windows\ctfile.rfc
2009-10-31 06:39:55 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2009-10-31 06:39:55 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2009-10-31 06:34:58 0 d-----w- c:\program files\RVG Software
2009-10-31 06:20:31 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-31 06:20:11 0 d-----w- c:\users\roolap~1\appdata\roaming\SUPERAntiSpyware.com
2009-10-31 06:20:11 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-31 06:19:38 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-30 22:46:22 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-30 22:46:22 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-30 22:45:11 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-30 22:45:11 0 d-----w- c:\program files\iTunes
2009-10-30 22:45:11 0 d-----w- c:\program files\iPod
2009-10-30 22:44:29 0 d-----w- c:\program files\Bonjour
2009-10-30 22:43:57 0 d-----w- c:\programdata\Apple Computer
2009-10-30 22:42:33 0 d-----w- c:\programdata\Apple
2009-10-30 22:41:53 0 d-sh--w- c:\windows\Installer
2009-10-30 15:22:48 0 d-----w- c:\windows\Panther
2009-10-30 15:05:43 0 d-----w- C:\Windows.old
2009-10-30 14:27:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-30 12:10:35 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 11:58:54 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-10-30 11:03:22 8192 --sha-r- C:\BOOTSECT.BAK

==================== Find3M ====================

2009-10-02 04:06:59 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-07 08:13:04 69382 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-03 07:04:15 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-08-29 06:57:31 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 06:54:52 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-27 13:18:38 30318616 ----a-w- c:\windows\system32\t3apstp.exe
2009-08-26 09:29:28 150016 ----a-w- c:\windows\system32\OemSpiE.dll
2009-08-19 07:20:32 442920 ----a-w- c:\windows\system32\winresume.exe
2009-08-19 07:20:31 507568 ----a-w- c:\windows\system32\winload.exe
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 16:08:36 178176 ----a-w- c:\windows\system32\unrar.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:20:36.95 ===============




When I ran root repel I received an Error message:

RootRepel Error
FOPS - DeviceIoContro Error! Error Code = 0xc000024
Extended Info (0x000000dc)


Under details it says:

FOPS - DeviceIoContro Error! Error Code = 0xc000024 Extended Info (0x000000dc) 18:48
DeviceIoContro Error! Error Code =0x1e7 18:49
FOPS - DeviceIoContro Error! Error Code = 0xc000024 Extended Info (0x000000dc)18:49

And when I try to scan an Error Message also comes up:

Could not initialize driver! Pleas contact the author!

And then when I click ok for that error message another one popped up:

Error Dumping SSDT (0xc0000024)!

After this, the scanning progress bar lit up green for a second.
Then i tried to access report again and another error message popped up:

Attempt to read from address: 0x00000004

Then I clicked ok and another error message popped up:

DeviceIoControl Error! Code = 0x0

Attached Files


Edited by EnterShift, 03 November 2009 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 EnterShift

EnterShift
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 06 November 2009 - 01:24 AM

I don't need help anymore. I'm just going to replace my hard drive. I guess I should have bumped my post an hour after posting to get immediate help like the other person.

http://www.bleepingcomputer.com/forums/t/267863/ie-pop-up-while-using-ff-and-google-results-being-redirected/

#3 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:42 PM

Posted 06 November 2009 - 09:39 AM

Hello EnterShift,

Thanks for letting me know that the original problem you were having has been resolved.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.
Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Thank you for your understanding. :(

Regards,

htv8



As the problem here seems to be resolved, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. If you should have a new issue, please start a new topic. Everyone else with similar problems, please start a new topic.

Edited by htv8, 06 November 2009 - 09:39 AM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users