| Live Chat & Podcast at 1:00PM Eastern on Sunday! |
Advertisement
Advertisement
 Search | |
| |
29-May-2012, 12:54 PM
#1 | ||||||
| cmd.exe and check disk when boot up Welcome and thank you for visiting my thread! Recently, I have discovered that my computer has been behaving differently. During my last cold boot, it went into check disk mode(I'm guessing). So this is what happened, my computer went into a mode which displays white text and black background. After that, it rebooted and went back normally. Today, when I cold booted up my computer, a black window with the title C:\windows\system32\cmd.exe popped up for a couple of seconds (around 3-5s) and right after that it dissapered. I am guessing the Windows look like the command promt thing that you run from "Windows+R". Also, I've scanned my computer with Microsoft security essentials and Malwarebytes Anti-Malware and both of them came out clean. *Database is up to date. That lead me to here. Here is the HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:43:38 AM, on 30/5/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Users\John Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = John Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{E6C37747-7958-4C0B-A2EA-A4AB4089D223}: NameServer = 8.8.8.8 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11916 bytes =================================================================== And the D.D.S.scr log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by John Lee at 0:47:06 on 2012-05-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.6134.3948 [GMT 8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\SysWOW64\ANIWConnService.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Users\John Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\SysWOW64\IoctlSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" mRun: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" mRun: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe mRun: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml StartupFolder: C:\Users\JOHNLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\Dropbox.lnk - C:\Users\John Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\JOHNLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E6C37747-7958-4C0B-A2EA-A4AB4089D223} : NameServer = 8.8.8.8 TCP: Interfaces\{E6C37747-7958-4C0B-A2EA-A4AB4089D223} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E6C37747-7958-4C0B-A2EA-A4AB4089D223}\A4F686E602C456562E08993702960586F6E656 : NameServer = 8.8.8.8 TCP: Interfaces\{E6C37747-7958-4C0B-A2EA-A4AB4089D223}\A4F686E602C456562E08993702960586F6E656 : DhcpNameServer = 58.71.136.10 58.71.132.10 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" mRun-x64: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" mRun-x64: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" mRun-x64: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" mRun-x64: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe mRun-x64: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\John Lee\AppData\Roaming\Mozilla\Firefox\Profiles\i891ve7r.default\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe [2012-1-13 151552] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-1-13 90112] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-2-18 294912] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?] R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-13 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-13 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-05-29 16:22:05 388096 ----a-r- C:\Users\John Lee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-29 16:22:05 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-05-29 16:18:07 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04002E24-3DD8-40EF-987D-6FCEFEB6F58B}\mpengine.dll 2012-05-28 14:27:37 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-28 01:21:35 -------- d-----w- C:\Users\John Lee\AppData\Local\NFS Underground 2 2012-05-26 11:37:45 -------- d-----w- C:\Program Files (x86)\Steam 2012-05-26 11:12:57 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-26 11:12:57 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-26 11:10:54 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-05-10 13:46:40 -------- d-----w- C:\Users\John Lee\AppData\Local\fontconfig 2012-05-10 13:46:39 -------- d-----w- C:\Users\John Lee\AppData\Local\gegl-0.2 2012-05-10 13:46:39 -------- d-----w- C:\Users\John Lee\.gimp-2.8 2012-05-10 13:45:33 -------- d-----w- C:\Program Files\GIMP 2 2012-05-10 13:27:28 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-10 13:27:27 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-10 13:27:26 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-10 13:27:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-10 13:27:25 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-10 13:27:24 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-10 13:26:34 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 13:26:14 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 13:26:12 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 13:26:12 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-10 13:26:12 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-10 13:26:12 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-10 13:26:12 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-04 09:26:24 -------- d-----w- C:\Program Files (x86)\Free Audio Editor 2012-05-04 07:40:50 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-05-04 07:40:43 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-05-03 09:21:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-05-03 09:21:15 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-03 09:21:15 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-05-01 15:37:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client . ==================== Find3M ==================== . 2012-05-06 03:08:26 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 03:08:26 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 03:08:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll 2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll 2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll 2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-04-05 14:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-04-05 14:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-04-05 14:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-04-05 14:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-04-05 14:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-04-05 14:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-04-05 14:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-04-04 07:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-20 12:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-20 12:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-03-15 19:58:29 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-03-09 06:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-03-09 06:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll . ============= FINISH: 0:48:01.71 =============== The attatch.txt is attatched. Thank you. Help is very appreciated. |
30-May-2012, 11:09 AM
#2 | ||||||
| Hi Harry_Gary12, my name is Mark and I will be helping you. I'm not seeing anything of significance in your logs, only that your event logs are indicating a problem with your hard drive. This coupled with the system automatically running a disk check at boot up would suggest your hard drive might be failing. Are you experiencing any performance issues when the PC is up and running? Please follow this to post the log from the disk check. Follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk. Windows 7 Disk Check log Once the log is in view then click on Copy in the right hand pane and select "Copy details as text". You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done. |
30-May-2012, 10:57 PM
#3 | ||||||
| Hi Mark1956, Firstly, I would like to thank you for helping me out and I really appreciate it! There are no performance issues when my PC is up and running. Couple months back, my motherboard and psu were replaced, due to a mulfunctioning psu or excessive surge, it might have damaged my hard drive. Here is the chkdsk log, Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 212992 file records processed. File verification completed. 442 large file records processed. 0 bad file records processed. 0 EA records processed. 41 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 270704 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 212992 file SDs/SIDs processed. Cleaning up 18 unused index entries from index $SII of file 0x9. Cleaning up 18 unused index entries from index $SDH of file 0x9. Cleaning up 18 unused security descriptors. Security descriptor verification completed. 28857 data files processed. CHKDSK is verifying Usn Journal... 35016464 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 212976 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 87754065 free clusters processed. Free space verification is complete. Windows has checked the file system and found no problems. 498243583 KB total disk space. 146801616 KB in 174368 files. 95840 KB in 28858 indexes. 12 KB in bad sectors. 329855 KB in use by the system. 65536 KB occupied by the log file. 351016260 KB available on disk. 4096 bytes in each allocation unit. 124560895 total allocation units on disk. 87754065 allocation units available on disk. Internal Info: 00 40 03 00 e6 19 03 00 2d e6 05 00 00 00 00 00 .@......-....... 48 03 00 00 29 00 00 00 00 00 00 00 00 00 00 00 H...)........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. =============================================================== Again, thank you. |
31-May-2012, 03:12 AM
#4 | ||||||
| You're welcome. In this part of the log the entry in bold indicates that your hard drive is failing. 498243583 KB total disk space. 146801616 KB in 174368 files. 95840 KB in 28858 indexes. 12 KB in bad sectors. 329855 KB in use by the system. 65536 KB occupied by the log file. 351016260 KB available on disk. Bad sectors are sections of the drive that are unusable due to physical wear on the drives surface. Once this problem starts to appear it is only going to get worse as the drive further degrades. I would highly recommend that you back up any important data and replace the drive as soon as possible. The disk check routine moves data from bad sectors and marks the bad sectors so they are no longer used. On the other hand, if the bad sectors were caused by a power surge then the drive could continue to run normally until it finally wears out. Unfortunately it is impossible to determine if the bad sectors have been caused by normal wear or damage from a power surge. If the drive has had many years service then the chances are that it is wearing out. If it is still relatively new then you should be able to continue using it for some time to come. The only risk with a failing drive is data loss, so as long as you keep regular back ups of all your important data you have nothing to loose by continuing to use it. Only time will tell if the drive is actually wearing out. |
31-May-2012, 04:11 AM
#5 | ||||||
| Hi, My hard drive is a year old. It is also partioned into 2 segments, C drive and D drive. May I ask if there will be a need for me to replace the hard drive? In your opinion, will it last for another 5 years? Thank you. |
31-May-2012, 05:21 AM
#6 | ||||||
| Unless the hard drive has undergone excessive use during it's first year then it should last a few more. If you are lucky, the bad sectors will not continue to increase and may have only been caused by a power surge. It really is a case of wait and see what happens, if the check disc routine starts to run again at boot up that will be a clear indication that the drive is on its way out. If it doesn't, you should be fine for the normal life of the drive. As I said before, as long as you keep regular back ups (which you should always do) you have little to loose. Predicting how long a hard drive will last is virtually impossible as it is dependent on several factors. System up time, running temperature, amount of read and write cycles, etc. As a hard drive is an electrical mechanical device it will wear out in time, some may last 2 years some may go on for 8 to 10 years. Most new drives, at the lower end of the price range should do about five years with average use, obviously if the drive is constantly under heavy load that period will be a lot shorter. As the manufacturers have competed so heavily with prices the quality has reduced so the cheaper drives don't do so well as they used to. At the end of the day it is your call. |
31-May-2012, 05:40 AM
#7 | ||||||
| I will monitor my check disc routine from now on seriously. If my boot up still leads to check disk routine, I will change to a new hard drive. Thank you very much Mark1956 for all the help!  |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
