Folders disappear!

[zeft]

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you are being helped.

Please be patient, someone will assist you as soon as possible.

Hi,

Problem:

Some time ago, I got some messages (like the messages from windows update etc. - in the right lower corner of the screen) saying something about a corrupt file somewhere in the computer asking me to run chkdsk (I can not run chkdsk; when I try to, it says, that I have to schedule it for next boot by clicking Yes/OK. However, the scan doesn't start on next boot)

Yesterday, I noticed that some of my start menu items disappeard!

It seems that they disappear gradually after each reboot.

What have I done so far?

I ran a scan (I had ESET, but it didn't detect all viruses, so I deleted ESET and installed avast + malwarebytes yesterday). Now to the weird thing: When I ran the avast scan, the "corrupt file"-messages that I was getting some time before suddenly came again during the scan - probably because of it wanted to scan the corrupt folders but couldn't.

The log from avast says, that

C:\Program Files\Microsoft Games

C:\Program Files\Windows Sidebar

C:\Program Files\Microsoft\Windows\Start Menu\Programs

all are damaged and can not be read (1392).

Furthermere, there was one more error in the scan:

C:\Windows\System32\DriverStore\FileRepository\ks.inf_x86_neutral_2b583ce4a6a029a1\ks.PNF

It says that the request couldn't be completed due to some I/O device error (1117)

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by ahh at 8:13:17 on 2012-07-25

Microsoft Windows 7 Ultimate 6.1.7601.1.1256.964.1033.18.3071.1628 [GMT 4,5:30]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\hasplms.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Soluto\SolutoService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\ATK Hotkey\HControl.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files\ASUS\ATK Hotkey\WDC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ahh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 115.124.0.68:80

uURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\ahh\appdata\roaming\micros~1\windows\startm~1\programs\startup\SKRMKL~1.LNK -

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\ahh\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{159AB7CF-7E57-440C-A046-D91380F089E0} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{A29067F6-2F20-4C95-9F95-9EB7FE463DDA} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A29067F6-2F20-4C95-9F95-9EB7FE463DDA}\4556C656E6F6275485E4B4 : DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ahh\appdata\roaming\mozilla\firefox\profiles\jzhma072.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\users\ahh\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\ahh\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-3-29 51144]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-24 165456]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-24 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-24 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-7-24 44808]

R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-24 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-30 2348352]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-4-24 584224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-24 22344]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-3-30 148800]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SafeBox;SafeBox;"c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe" --> c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [?]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-3-28 30312]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-7-24 44808]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-7-24 44808]

S3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]

S3 gupdate;Google Update Tjeneste (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-20 116648]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-20 116648]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-11 129976]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-27 15872]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-3-28 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-3-28 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-3-28 136808]

S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]

S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]

S3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-27 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]

SUnknown TsUsbFlt;TsUsbFlt; [x]

SUnknown tsusbhub;tsusbhub; [x]

.

=============== Created Last 30 ================

.

2012-07-25 02:21:21 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-07-25 00:49:54 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-24 19:05:39 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-24 19:05:06 41224 ----a-w- c:\windows\avastSS.scr

2012-07-24 19:04:57 -------- d-----w- c:\programdata\Alwil Software

2012-07-24 18:52:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-24 16:24:05 -------- d-----w- c:\users\ahh\appdata\roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1

2012-07-24 16:23:58 -------- d-----w- c:\program files\focus booster

2012-07-24 15:54:00 -------- d-----w- c:\users\ahh\appdata\roaming\Malwarebytes

2012-07-24 15:53:20 -------- d-----w- c:\programdata\Malwarebytes

2012-07-24 15:53:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-05 11:59:19 -------- d-----w- c:\users\ahh\appdata\local\{D208931F-4B38-4843-9BF8-77BAD5AA7E38}

2012-07-05 11:59:18 -------- d-----w- c:\users\ahh\appdata\local\{513F727A-450C-48A5-B1A3-A3B23491E839}

2012-07-01 07:10:44 -------- d-----w- c:\users\ahh\appdata\local\{F6549E5B-26BA-44E1-9250-04C2F5C25FA5}

2012-06-29 11:53:37 -------- d-----w- c:\users\ahh\appdata\local\{1852579C-B041-45D0-9D6F-C9D24A6F69C3}

2012-06-29 11:53:26 -------- d-----w- c:\users\ahh\appdata\local\{A1CBE02E-27EA-4FBE-ACC1-205F56B36AFF}

2012-06-29 11:53:12 -------- d-----w- c:\users\ahh\Tracing

2012-06-28 20:59:49 53248 ----a-w- c:\windows\system32\ZTAG.dll

2012-06-28 20:59:49 413696 ----a-w- c:\windows\system32\ZSM1120.exe

2012-06-28 20:59:49 106496 ----a-w- c:\windows\system32\ZSPOOL.dll

2012-06-28 20:59:48 61440 ----a-w- c:\windows\system32\ZIMF.DLL

2012-06-28 20:59:48 167936 ----a-w- c:\windows\system32\hpsfs.dll

2012-06-28 20:59:48 135168 ----a-w- c:\windows\system32\ZLM1120.dll

2012-06-28 20:59:48 114688 ----a-w- c:\windows\system32\HPMCoSetup.dll

2012-06-28 20:09:25 221184 ----a-w- c:\windows\brprs.exe

2012-06-28 20:09:25 -------- d-----w- c:\program files\HP

2012-06-28 20:03:42 -------- d-----w- C:\hp_LJ_M1120_Full_Solution

2012-06-25 17:16:34 -------- d-----w- c:\program files\WinSnap

2012-06-25 17:11:30 -------- d-----w- c:\program files\Loquendo

2012-06-25 17:09:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard

.

==================== Find3M ====================

.

2012-07-25 01:27:08 44544 ----a-w- c:\windows\system32\agremove.exe

2012-07-05 11:58:27 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-06-23 13:29:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-23 13:29:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-04 17:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-04 17:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 04:41:44 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

============= FINISH: 8:13:34,48 ===============

Thanks in advance.

I forgot to write, that I yesterday actually managed to run chkdsk - but I don't think that it was the "real thing", because it completed very fast (less than 30 seconds).. This is how I did it: Reboot --> Pressed F8 --> Repair Computer --> Run CMD --> ran chkdsk

It found no errors, but I don't think that it actually scanned the drive.

Also - it seems that my internal/main harddisk is being treated as if it was an external harddisk - in the right lower corner next to the clock, I have the option of securely removing my harddisk (it won't remove it, if I click on it though. It says that it's in use and therefore can not be removed).

[screen317]

Hi and welcome to Malwarebytes.

A lot of what you're saying it pretty vague.

Please concisely describe the issues that you are currently facing with this computer, with bullet points.

Thank you.

[zeft]

Hi screen317,

Thank you very much for your reply.

Well - I only have one problem: My start menu items are disappearing!

Everything else in the first post is just information, that you might need.

Thanks in advance.

[zeft]

I fixed it!

On boot, press F8, choose "Repair Windows". Then choose the first option, which is startup-repair. Though I didn't have any start-up problems, it did fix the problem.

And now for the funny thing - after logging into windows, a couple of minutes later, avast popped up with two viruses. Don't know why - it recommended me doing a boot-time scan, which I did (it found nothing).

The only remaining problem for me now is that the avast scan keeps showing me an error on this place:

C:\Windows\System32\DriverStore\FileRepository\ks.inf_x86_neutral_2b583ce4a6a029a1\ks.PNF

Yesterday it said that the file/folder can not be handled/read due to a I/O device error 1117. Today it says that it's a cyclic redundancy check error 23. I googled it, and it seems that there might be something wrong with my drive... Uh well, at least I can do my work now :-)

Thank you all for your generous help!

[screen317]

Hi,

Thanks for the update. Your hard drive may be beginning to show signs of failure.

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

[zeft]

Hi,

Thanks for your reply :-)

I ran the chkdsk (and translated it to english - sorry if it isn't good enough). Windows couldn't run chkdsk before, I don't know why it can now. It asked me to run chkdsk /F, and I'm doing it right now (again with logging just in case - please tell me, if you want the log for the chkdsk /F)

____________________

Filesystem type is NTFS.

Warning: F parameter not specified

Chkdsk running in read-only mode

CHKDSK controlling files (step 1 of 3)...

0 percent done. (0 of 286720 file records completed)

0 percent done. (10502 of 286720 file records completed)

0 percent done. (21024 of 286720 file records completed)

1 percent done. (28672 of 286720 file records completed)

1 percent done. (51123 of 286720 file records completed)

2 percent done. (57344 of 286720 file records completed)

2 percent done. (68097 of 286720 file records completed)

2 percent done. (85761 of 286720 file records completed)

3 percent done. (86016 of 286720 file records completed)

3 percent done. (104703 of 286720 file records completed)

4 percent done. (114688 of 286720 file records completed)

4 percent done. (135425 of 286720 file records completed)

5 percent done. (143360 of 286720 file records completed)

5 percent done. (152430 of 286720 file records completed)

6 percent done. (172032 of 286720 file records completed)

7 percent done. (200704 of 286720 file records completed)

7 percent done. (218369 of 286720 file records completed)

8 percent done. (229376 of 286720 file records completed)

8 percent done. (257537 of 286720 file records completed)

9 percent done. (258048 of 286720 file records completed)

9 percent done. (277249 of 286720 file records completed)

286720 file records processed

File verification completed

577 big file records processed.

0 damaged file records processed.

2 EA records processed.

76 reparse records processed.

CHKDSK kontrollerer indeks (trin 2 of 3)...

11 percent done. (5741 of 368752 index posts completed)

12 percent done. (11701 of 368752 index posts completed)

13 percent done. (17660 of 368752 index posts completed)

14 percent done. (23619 of 368752 index posts completed)

15 percent done. (29578 of 368752 index posts completed)

16 percent done. (35538 of 368752 index posts completed)

17 percent done. (41497 of 368752 index posts completed)

18 percent done. (47456 of 368752 index posts completed)

19 percent done. (53415 of 368752 index posts completed)

20 percent done. (59375 of 368752 index posts completed)

21 percent done. (65334 of 368752 index posts completed)

22 percent done. (71293 of 368752 index posts completed)

23 percent done. (77252 of 368752 index posts completed)

24 percent done. (83212 of 368752 index posts completed)

25 percent done. (89171 of 368752 index posts completed)

26 percent done. (95130 of 368752 index posts completed)

27 percent done. (101089 of 368752 index posts completed)

28 percent done. (107049 of 368752 index posts completed)

29 percent done. (113008 of 368752 index posts completed)

30 percent done. (118967 of 368752 index posts completed)

31 percent done. (124926 of 368752 index posts completed)

32 percent done. (130886 of 368752 index posts completed)

33 percent done. (136845 of 368752 index posts completed)

34 percent done. (142804 of 368752 index posts completed)

35 percent done. (148763 of 368752 index posts completed)

36 percent done. (154723 of 368752 index posts completed)

37 percent done. (160682 of 368752 index posts completed)

38 percent done. (166641 of 368752 index posts completed)

39 percent done. (172600 of 368752 index posts completed)

40 percent done. (178560 of 368752 index posts completed)

41 percent done. (184519 of 368752 index posts completed)

42 percent done. (190478 of 368752 index posts completed)

43 percent done. (196437 of 368752 index posts completed)

44 percent done. (202397 of 368752 index posts completed)

45 percent done. (208356 of 368752 index posts completed)

46 percent done. (214315 of 368752 index posts completed)

47 percent done. (220274 of 368752 index posts completed)

48 percent done. (226234 of 368752 index posts completed)

49 percent done. (232193 of 368752 index posts completed)

50 percent done. (238152 of 368752 index posts completed)

51 percent done. (244111 of 368752 index posts completed)

52 percent done. (250071 of 368752 index posts completed)

53 percent done. (256030 of 368752 index posts completed)

54 percent done. (261989 of 368752 index posts completed)

55 percent done. (267948 of 368752 index posts completed)

56 percent done. (273908 of 368752 index posts completed)

57 percent done. (279867 of 368752 index posts completed)

58 percent done. (285826 of 368752 index posts completed)

58 percent done. (287092 of 368752 index posts completed)

58 percent done. (288089 of 368752 index posts completed)

58 percent done. (288712 of 368752 index posts completed)

58 percent done. (289214 of 368752 index posts completed)

58 percent done. (289257 of 368752 index posts completed)

58 percent done. (289314 of 368752 index posts completed)

58 percent done. (290214 of 368752 index posts completed)

58 percent done. (291467 of 368752 index posts completed)

59 percent done. (291785 of 368752 index posts completed)

59 percent done. (292761 of 368752 index posts completed)

59 percent done. (293593 of 368752 index posts completed)

59 percent done. (294277 of 368752 index posts completed)

59 percent done. (295220 of 368752 index posts completed)

59 percent done. (295924 of 368752 index posts completed)

59 percent done. (296179 of 368752 index posts completed)

59 percent done. (296465 of 368752 index posts completed)

59 percent done. (296781 of 368752 index posts completed)

59 percent done. (297013 of 368752 index posts completed)

59 percent done. (297464 of 368752 index posts completed)

60 percent done. (297745 of 368752 index posts completed)

60 percent done. (297888 of 368752 index posts completed)

60 percent done. (298317 of 368752 index posts completed)

60 percent done. (298985 of 368752 index posts completed)

60 percent done. (299268 of 368752 index posts completed)

60 percent done. (300980 of 368752 index posts completed)

60 percent done. (301640 of 368752 index posts completed)

60 percent done. (302324 of 368752 index posts completed)

60 percent done. (302439 of 368752 index posts completed)

60 percent done. (302971 of 368752 index posts completed)

61 percent done. (303704 of 368752 index posts completed)

61 percent done. (304658 of 368752 index posts completed)

61 percent done. (305059 of 368752 index posts completed)

61 percent done. (305519 of 368752 index posts completed)

61 percent done. (305853 of 368752 index posts completed)

61 percent done. (306237 of 368752 index posts completed)

61 percent done. (306711 of 368752 index posts completed)

61 percent done. (307041 of 368752 index posts completed)

61 percent done. (307458 of 368752 index posts completed)

61 percent done. (307729 of 368752 index posts completed)

61 percent done. (307832 of 368752 index posts completed)

61 percent done. (308016 of 368752 index posts completed)

61 percent done. (308117 of 368752 index posts completed)

61 percent done. (308280 of 368752 index posts completed)

61 percent done. (308541 of 368752 index posts completed)

61 percent done. (308867 of 368752 index posts completed)

61 percent done. (309246 of 368752 index posts completed)

62 percent done. (309663 of 368752 index posts completed)

62 percent done. (309824 of 368752 index posts completed)

62 percent done. (309980 of 368752 index posts completed)

62 percent done. (310049 of 368752 index posts completed)

62 percent done. (310373 of 368752 index posts completed)

62 percent done. (310593 of 368752 index posts completed)

62 percent done. (310649 of 368752 index posts completed)

62 percent done. (311009 of 368752 index posts completed)

62 percent done. (311188 of 368752 index posts completed)

62 percent done. (311334 of 368752 index posts completed)

62 percent done. (311797 of 368752 index posts completed)

62 percent done. (311817 of 368752 index posts completed)

62 percent done. (312328 of 368752 index posts completed)

62 percent done. (313528 of 368752 index posts completed)

62 percent done. (313717 of 368752 index posts completed)

62 percent done. (313947 of 368752 index posts completed)

62 percent done. (314171 of 368752 index posts completed)

62 percent done. (314292 of 368752 index posts completed)

62 percent done. (314616 of 368752 index posts completed)

62 percent done. (314797 of 368752 index posts completed)

62 percent done. (315123 of 368752 index posts completed)

62 percent done. (315520 of 368752 index posts completed)

63 percent done. (315622 of 368752 index posts completed)

63 percent done. (316412 of 368752 index posts completed)

63 percent done. (317089 of 368752 index posts completed)

63 percent done. (317687 of 368752 index posts completed)

63 percent done. (318081 of 368752 index posts completed)

63 percent done. (318122 of 368752 index posts completed)

63 percent done. (318226 of 368752 index posts completed)

63 percent done. (318453 of 368752 index posts completed)

63 percent done. (318748 of 368752 index posts completed)

63 percent done. (318951 of 368752 index posts completed)

63 percent done. (319134 of 368752 index posts completed)

63 percent done. (319337 of 368752 index posts completed)

63 percent done. (319765 of 368752 index posts completed)

63 percent done. (320124 of 368752 index posts completed)

63 percent done. (320589 of 368752 index posts completed)

63 percent done. (320743 of 368752 index posts completed)

63 percent done. (320897 of 368752 index posts completed)

63 percent done. (321050 of 368752 index posts completed)

63 percent done. (321261 of 368752 index posts completed)

63 percent done. (321421 of 368752 index posts completed)

64 percent done. (321582 of 368752 index posts completed)

64 percent done. (321760 of 368752 index posts completed)

64 percent done. (321919 of 368752 index posts completed)

64 percent done. (322106 of 368752 index posts completed)

64 percent done. (322368 of 368752 index posts completed)

64 percent done. (322584 of 368752 index posts completed)

64 percent done. (323747 of 368752 index posts completed)

64 percent done. (324341 of 368752 index posts completed)

64 percent done. (324843 of 368752 index posts completed)

64 percent done. (325108 of 368752 index posts completed)

64 percent done. (325401 of 368752 index posts completed)

64 percent done. (325559 of 368752 index posts completed)

64 percent done. (325790 of 368752 index posts completed)

64 percent done. (326587 of 368752 index posts completed)

65 percent done. (327541 of 368752 index posts completed)

368752 index posts processed.

Index verification completed.

0 non-indexed files scanned.

0 non-indexed files recovered.

CHKDSK veryfying security descriptors (trin 3 of 3)...

72 percent done. (1510 of 286720 fil-SD'er/SID'er completed)

73 percent done. (19387 of 286720 fil-SD'er/SID'er completed)

74 percent done. (37265 of 286720 fil-SD'er/SID'er completed)

75 percent done. (55143 of 286720 fil-SD'er/SID'er completed)

76 percent done. (73021 of 286720 fil-SD'er/SID'er completed)

77 percent done. (90898 of 286720 fil-SD'er/SID'er completed)

78 percent done. (108776 of 286720 fil-SD'er/SID'er completed)

79 percent done. (126654 of 286720 fil-SD'er/SID'er completed)

80 percent done. (144532 of 286720 fil-SD'er/SID'er completed)

81 percent done. (162409 of 286720 fil-SD'er/SID'er completed)

82 percent done. (180287 of 286720 fil-SD'er/SID'er completed)

83 percent done. (198165 of 286720 fil-SD'er/SID'er completed)

84 percent done. (216043 of 286720 fil-SD'er/SID'er completed)

85 percent done. (233920 of 286720 fil-SD'er/SID'er completed)

86 percent done. (251798 of 286720 fil-SD'er/SID'er completed)

87 percent done. (269676 of 286720 fil-SD'er/SID'er completed)

286720 fil-SDs/SIDs completed.

Security descriptors verification completed.

41017 datafiles processed.

CHKDSK verifying USN journal...

99 percent done. (0 of 35759864 USN-byte completed)

100 percent done. (35758080 of 35759864 USN-byte completed)

35759864 USN-byte completed.

Verification of USN journal file completed

The disk/volume bitmap is wrong.

Windows found errors in file system.

Run CHKDSK with the parameter /F (fix) to correct them.

488282111 KB total disc space.

409320276 KB in 211109 files

115856 KB in 41018 indexes.

0 KB in damaged sectors

404867 KB in use by system

65536 KB occupied by log file

78441112 KB disc space available

4096 bytes in each allocation unit

122070527 total allocation units on disk

19610278 allocation units available on disk

[screen317]

Hi,

I was afraid of this. Looks like your hard drive is showing the beginning signs of failure. I recommend backing up your important data as soon as possible. Do consider getting a new hard drive soon if the repair command cannot repair the damage.

Yes please post the log for the chkdsk /f

Afterward, perform the same with chkdsk /r

[zeft]

Dear Screen,

Thanks again for your help. Just wanted to give you and update:

When I started the chkdsk /f it said, that it would run chkdsk on next startup - it didn't. My computer is starting to freeze sometimes (freezes, then sometimes the screen turns light blue (everything disappears) and a part of the screen starts flashing) and doesn't respond to anything, even if I wait for several minutes. Only solution is to "force" a shutdown (by pressing and holding the power button).

I'm right now backing up my documents etc. How can I run chkdsk with logging? Is that possible in safe mode?

Thanks again for your help.

/ Muhammed Zeft.

[screen317]

Hi,

Don't worry about logging for /f.

Instead, just run chkdsk /r with no additional parameters.

If it asks to reboot, press Y and Enter. See if it runs now. If it does, run the original code I gave (to log the regular chkdsk run) and post its log.

Alternatively, give this a try:

http://www.sevenforums.com/tutorials/433-disk-check.html

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[zeft]

Hi,

Sorry for not responding for a while.

I did the chkdsk as you asked me to do, but it didn't work. So I tried doing it in safe mode w/ command prompt - didn't work either!

I'm glad you told me to backup my stuff - yesterday I suddenly got the BSD and afterwards, the next 5-10 startup attempts, it was stuck in "Checking nvram" and I didn't do anything to fix it - it just happened by itself.

I installed BlueScreenView (no idea how to correctly use it) and opened the crash .dmp file. Here's what it said:

Dump File: 081812-23056-01.dmp

Crash Time: 18-08-2012 17:13:01

Bug Check String: KERNEL_DATA_INPAGE_ERROR

Bug Check Code: 0x0000007a

Parameter 1: 0xc06ddac8

Parameter 2: 0xc0000185

Parameter 3: 0x6b8b7be0

Parameter 4: 0xdbb59000

Caused By Driver: ntkrnlpa.exe

Caused By Address: ntkrnlpa.exe+dee9c

File Description: NT Kernel & System

Product Name: Microsoft® Windows® Operating System

Company: Microsoft Corporation

File Version: 6.1.7601.17803 (win7sp1_gdr.120330-1504)

Processor: 32-bit

Crash Address: ntkrnlpa.exe+dee9c

Stack Address 1: ntkrnlpa.exe+a3dd8

Stack Address 2: ntkrnlpa.exe+a76b9

Stack Address 3: ntkrnlpa.exe+9091b

Computer Name

Full Path: C:\Windows\Minidump\081812-23056-01.dmp

Processors Count: 2

Major Version: 15

Minor Version: 7601

Dump File Size: 166.408

I think that you're right about that it's the harddisk. It does make a click sound once in a while - it's a physical (and not a software/driver) error, right?

[zeft]

So I ran the chkdsk /r and /f today. I did that by booting up in repair mode and -unfortunately- I didn't get the log report because it asked, if I want to force a dismount of the volume (in order for it to run), and I of course pressed yes. It took for ever to complete the chkdsk /r, but it did eventually complete.

Please tell me, if you want me to run it again and this time WITH logging (I'll try to save the log on external drive, another volume or something).

Thank you very much for your help!!

[screen317]

Hi,

Is it still making sounds? If so, then it's a hardware issues and will get worse soon. Please consider getting a new hard drive (they are cheap and have a lot of space nowadays), backup your data, and starting fresh.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[zeft]

Well, it doesn't make the sound all the time. It's like a "click" once a while. Today the it suddenly froze and the screen went orange and flickering. Still think that it's hardware?

[screen317]

Look on the inside and clean out any dust in the fans, particularly those above the CPU.

Is the sound coming from the hard drive itself?

[zeft]

I haven't opened the laptop recently, but I did clean it like a year ago. I'm almost sure that the sound comes from the drive - it's a click sound that comes once in a while.. Sometimes a double-click. I think that the only solution is to change the drive. Is there a way to run a test to see if there actually are hardware problems w/ the drive?

[screen317]

Hi,

If the drive is making a sound, that's the easiest test there is.

Please back up your data ASAP. A new hard drive (probably with more space than you currently have) is very cheap nowadays.

[zeft]

Will do. Thanks for your help.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!