General file data corruption with hex D2 FA 01 C0

I hope you can help me, I don’t have a clue wha’s going on with my PC, I think it’s a boot sector virus, but I’m not sure.

Avast! (w/autosandbox, searches for malware root kits on boot), Comodo: AV, D+, Clean Endpoint, auto-sandbox, IObit Antimalware, MalwareBytes Antimalware, nothing detects anything.

Symptoms:
1.- offload on network is disabled and can’t be enabled.
2.- keyboard stops working, a few seconds later the mouse, then stays that way or restarts.
3.- When you have your Win 7 64-bit long starts to give BSODs: Windows informs kernel data corruption, 1A (complete Windows hang), 50, 3B, many more.
4.- The computer have a slight lag.
5.- the mouse won’t click the first time and sometimes will dobleclick instead of single-click (it’s not windows mouse config).
6.- programs crash.
7.- I have Planetside 2, if you know the game you’ll know it’s big, 13+ GB, among its files there are 256 that range from 3x MB to 1xx MB, so I made a back up copy on another hard drive and compared with TotalCommander 8 ‘Synchronize directories’ function and it find differences on random files, the thing is when individually compared a some of those pair of files sometimes they’re identical, sometimes the only difference is a hex string ‘D2 FA 01 C0’, seldom times 2 strings, but only on big files, copied or downloaded.

The corruption is progressive and eventually will corrupt the .exe files.

Any ideas?

Edit: I have tried to overwrite the master boot record with a tool called bootsect.exe, it’s used to change the partition boot type between WinXP (NT52) and Win WinVista/7 (NT60), reinstalled windows 7 64-bit 6 times, 2 different installers. It could be Seagate hard drive self-corrupting, as I’ve seen it only once, but I don’t think so.

I have tested RAM (2x 4 GB) with Microsoft Memory Diagnostic, extended test suit, extended memory map, 1 1-pass and 2 2-pass, no errors, so si not RAM, MoBo, CPU or Video Card, I booted from a CD-ROM.

That leaves Hard Disk Drive (HDD), I have made a chkdsk c: /r /x and all OK (70 GB partition). The WIndows 7 installers should be OK, so it’s either HDD self-corruption or virus/malware/spyware on boot sectros/records.

Can anyone at Avast! please check if there are any virus signatures with those 4 bytes please?

follow guide and attach the requested logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done removal experts will be notified and check the logs for infections…

if trouble running any of the Tools, try run from safe mode…

Thank you, I’ll do that, I’ll post ASAP

OK here are the 4 logs.
There was another log produced by OTL, but I can only attach 4 files so, I Pastebin it

The logs look clean, AswMBR has flagged an unknown but that may be Comodo. However, I will check that out

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

The message exceeds the maximum allowed length (10000 characters). SO I pastebin it, again; the forum won’t let me use 7-zip attachment.

The MBR also looks good as it stands I can see no indication of malware. We could run a scan outside of windows if you wish

Kind of you, but I’d like to check the ‘unknown’ first, I’ll post again if I can’t find the answer, thank you for your help.

The unknown is most probably related to sptd.sys (Daemon tools) CD emulating software

Thank you for the tip, I’ll keep searching for now.

Nothing worked because it wasn’t a virus, bad Win installation nor hard drive failure, it was a bad BIOS, the newer version for some reason weren’t working well, I take it back to the newest version that would let a normal PC operation, thanks for all your help.

Glad it is resolved :slight_smile: