Jump to content

ralphyde

Members
  • Posts

    72
  • Joined

  • Last visited

Everything posted by ralphyde

  1. In my previous topic (gateway-laptop-with-ssd-not-find-vista-sp2-wont-start-pxe-e76 ) , I was unable to restart my Gateway 32bit Vista laptop, except by using the Gateway Recovery management Partition. and doing a "Recovery with automatic data backup." This recovery worked flawlessly, and recovered Vista to its 2008 level, including 60 associated programs and Windows updates, and built an associated 23 gig BACKUP file which was stored in the top level of the Local Disk (C:) directory. It included a top level directory folder named: 14-08-23 12:39 AM, beneath which were folders, the same folder names that Vista initially builds in its structure including; Documents, Google, Graphics, Intel, Perflogs, Program files, System Volume Information, Users, and Windows, along with additional folders that had existed in the previous version on my computer, such as AmiPro, Downloads, Quicken98, and other programs and folders of mine, built since the previous recovery when I'd replaced a failing hard drive with a Crucial SSD. However, after recovering to this stage, I did not know the proper way to continue the recovery, how to get this backup structure back into the Local Disk (C:) structure in place of the one the recovery had built. I thought the first priority would be to continue applying updates to the system using Windows Update. But I ran into a problem with Windows Update, so went ahead and used the standalone installs of SP1 and then SP2, but Windows Update is still not working. And I still have not put the backed up directory structure back in place, and I don't even know how to do that. So I'm not sure what to do next, and am requesting any assistance as to the proper way to recover from this situation. I will make an offline backup of that BACKUP directory, before I do anything. And if I have to go back and start over, I am willing to do that, too, in the case that I have done things in the wrong order. I am 76 years old and struggling to get this recovery right, so I would appreciate any help anyone could give me as to the proper method of doing this recovery to get me back to where I was before the startup problem. Thank you very much, Ralphyde
  2. Successful startup, but two new problems to deal with. I have also downloaded and installed SP-1 and SP-2 Windows Update has not been working since startup. It was an old version, 7.0, so I thought a newer version might get around the problem, so I installed the 7.4 agent, since the latest 7.6 wasn't available for downloading and installing. But with 7.4 agent, I'm still having problems, says it isn't started, though I have put in the recommended settings. The other problem or question is: How to use the BACKUP file from the rebuild run to replace the new (old - 2008) system that was restored. The Recovery from the recovery partition (with saving data) built a folder called BACKUP with folders under the Local Disk (C:) directory entry It has the same directory structure as the newly built one all the way down through WINDOWS, with all the previous contents. What I need to know is whether I can just replace the newly built structure with the Backup structure, that would put the computer back the way it was before the problem and would be the ideal solution if it could be done. Thanks for any assistance with either of the two problems Ralphyde
  3. Well, I bit the bullet today, and ran the Windows restore (with saving data option) program from my recovery partition. It ran flawlessly an installed the 2008 version of Windows Vista, along with 60 associated programs and Windows update. I turned on wi-fi and tried to run Windows Update, to get some of the early updates, with setting of - Let me decide which ones to download and install. I hoped to create smaller more manageable batches to install. But that old version of Windows Update wouldn't give me anything. I then installed and ran my copy of Malwarebytes Pro to shield the system while on wi-fi, and ran a scan, finding no problems. Now I need to find out how to bring my Windows Vista up to SP2 level. Can someone please tell me how? Can I skip the individual fixes and go right to Sp1, and then straight to SP2? And will that give me an updated Windows Update as; well? I appreciate any knowledge about this. Thanks. ralphyde
  4. I have a Gateway P-6301 Laptop computer that had a failing hard drive in 2013, which I successfully replaced with a Crucial SSD, then recovered the factory Windows Vista from the recovery partition, then applied all the updates to bring it up to SP-2, and reinstalled my programs, including some that will only run on 32 bit machines (like AmiPro). It has been running flawlessly since then, as I keep it healthy with Malwarebytes Pro and System Mechanic. So it had no malware on it, and was running fine through August 20. But when I tried to start it on August 21, it got only to the black screen with the cursor in the middle, and stayed that way forever. instead of bringing up the Windows icon and password dialog. Pressing the start button would shut it down after about 50 seconds. Starting it with PF8 would bring up the repair choices, but Windows would not come up in Safe mode either, nor would command prompt, or directory services. The Repair Computer option, would allow me to access the Gateway System Recovery Options screen showing the following choices: startup repair, system restore, Windows complete PC restore,Windows Memory diagnostic tool, command prompt, and recovery manager. Startup repair ran through several tests all of which came back with code 0x0, then "boot status indicates that the OS booted successfully". and "Startup Repair could not detect a problem." System Restore didn't do anything. The Memory diagnostic tool ran successfully. When I try to startup with PF12, it shows whats happening quickly, and the Error PXE-E76 flashes by "Bad or missing multicast discovery address" Then PXE-M0F "Exiting PXE-ROM" I tried changing the start device order in the BIOS to no avail. It seems like the link to the part of the strartup routine that puts up the Windows icon and the signon dialog is lost. If all else fails, it appears that I'll have to bite the bullet and do a recovery from the recovery partition, saving data but putting Vista back to 2008 status, then have to update to SP2 again. I'm hoping there's something easier than that long process.. I would appreciate any assistance with this problem. Thanks ralphyde
  5. Amaziingly, I've gotten on today normally, after several more crashes. This time (it always comes up to the signon screen, giving me a choice of Ralph (admin) or Guest (no signon)), but if I choose Ralph, it goes into a Welcome loop, then crashes. This time, I got on as Guest, and that desktop came up, allowiing me to get onto Chrome, as well as this forum, and even Windows Explorer, on which I copied some of my vital files to a 16G flash drive. Most were already threre. The system runs smoothly and nice as long as I don't try to sign on, which is where there is an unwriteable sector, I think. Hopefully, now, I have most of what I'll need to migrate to my new Windows 7 laptop, when it arrives. Though I'm not sure about my Windows Mail.
  6. Yes, Ron warned me that other symptoms were indicating a failing hard drive, but I was still able to get on and work normally for hours at a time over a period of weeks. But now it seems the end has come. I have already ordered a Windows 7 laptop to replace it, but hoped to keep it going for a few more days, perhaps. And I'm hoping that my Malwarebytes Secure Backups will be restorable to my new Toshiba Windows 7 laptop. But today, an attempted normal startup got to the signon screen, I signed on, then it went to the 'welcome' screen for about 30 minutes, before crashing with the following message: STOP: c000021a {Fatal System Error} The Windows subsystem system process terminated unexpectedly with a status of 0xc0000005 (0x75879529 0x00bef3f4). The system has been shut down. collecting data for crash dump. . . ... contact your system admin or technical support group for further assistance. So that's where I stand now. Using F8 on startup, I am able to get to the repair screen, but don't know if any options would help. Have tried to get up in safe mode, but no go. Any suggestions?
  7. My Vista laptoop Has been having troubles, but I have been able to get on up til now. Today I was able to get to the Windows signon, then sighnon, but then the computer went into an endless 'welcome' loop. Eventually forced shutdown. Have tried to get on in Safe Mode. Same thing Finally I got the following Windows error message: The instruction at 0x00bf1e8e referenced memory at 0x000001fe. The memory could not be written. Click OK to terminate program. Anyone got any ideas as to how to get past this? Thanks
  8. Startup problem on Vista laptop

  9. Thanks for all the reference material. I am currently using Malwarebytes Pro, as well as Secure Backup. And I am a subscriber to Windows Secrets, though I can't keep up with it. Last night I decided to see if I could run a Malwarebytes full scan, just to see if my computer could do it without freezing up. And first, I scheduled a CHKDSK /f. I started around 9:45. When I went to bed after 11, Malwarebytes Pro showed one issue found. But when I checked at 2:30 AM, the screen was black, and nothing I could do would revive it, so I closed it. In the morning, I restarted (chose normal startup), but couldn't find any output from the full scan. The event log showed that at 2:06, there were a gupdate, 2 system restore point creations, another gupdate, and a VSS at 2:09. (I don't know what these mean). I haven't found any output from the Malwarebytes run, and nothing shows in its history tab. The output from the CHKDSK run shows the same index rebuilding involving taskmgr and wmplayer, which I don't understand. Here is the output from that run: Log Name: ApplicationSource: Microsoft-Windows-WininitDate: 10/21/2013 9:46:58 PMEvent ID: 1001Task Category: NoneLevel: InformationKeywords: ClassicUser: N/AComputer: RALPH-PCDescription: Checking file system on C:The type of the file system is NTFS. A disk check has been scheduled.Windows will now check the disk. 318912 file records processed. 1516 large file records processed. 0 bad file records processed. 0 EA records processed. 68 reparse records processed. Unable to locate the file name attribute of index entry wmplayer.exeof index $I30 with parent 0xcb in file 0x3688f.Deleting index entry wmplayer.exe in index $I30 of file 203.Unable to locate the file name attribute of index entry inetpp.dllof index $I30 with parent 0x5b3 in file 0x30fc9.Deleting index entry inetpp.dll in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskeng.exeof index $I30 with parent 0x5b3 in file 0x36e5b.Deleting index entry taskeng.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskmgr.exeof index $I30 with parent 0x5b3 in file 0x200cc.Deleting index entry taskmgr.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry wer.dllof index $I30 with parent 0x5b3 in file 0x30de1.Deleting index entry wer.dll in index $I30 of file 1459. 386080 index entries processed. CHKDSK is recovering lost files.Recovering orphaned file taskmgr.exe (131276) into directory file 1459.Recovering orphaned file wer.dll (200161) into directory file 1459.Recovering orphaned file inetpp.dll (200649) into directory file 1459.Recovering orphaned file wmplayer.exe (223375) into directory file 203. 5 unindexed files processed. Recovering orphaned file taskeng.exe (224859) into directory file 1459. 318912 security descriptors processed. Cleaning up 9 unused index entries from index $SII of file 0x9.Cleaning up 9 unused index entries from index $SDH of file 0x9.Cleaning up 9 unused security descriptors. 33585 data files processed. CHKDSK is verifying Usn Journal... 34528776 USN bytes processed. Usn Journal verification completed.Correcting errors in the Volume Bitmap.Windows has made corrections to the file system. 145773809 KB total disk space. 70644432 KB in 260267 files. 145660 KB in 33586 indexes. 60 KB in bad sectors. 437309 KB in use by the system. 65536 KB occupied by the log file. 74546348 KB available on disk. 4096 bytes in each allocation unit. 36443452 total allocation units on disk. 18636587 allocation units available on disk. Internal Info:c0 dd 04 00 e9 7b 04 00 05 b9 07 00 00 00 00 00 .....{..........32 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00 2|..D...........42 00 00 00 e2 73 ef 76 58 84 40 00 58 7c 40 00 B....s.vX.@.X|@. Windows has finished checking your disk.Please wait while your computer restarts. Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-10-22T04:46:58.000Z" /> <EventRecordID>143591</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>RALPH-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C:The type of the file system is NTFS. A disk check has been scheduled.Windows will now check the disk. 318912 file records processed. 1516 large file records processed. 0 bad file records processed. 0 EA records processed. 68 reparse records processed. Unable to locate the file name attribute of index entry wmplayer.exeof index $I30 with parent 0xcb in file 0x3688f.Deleting index entry wmplayer.exe in index $I30 of file 203.Unable to locate the file name attribute of index entry inetpp.dllof index $I30 with parent 0x5b3 in file 0x30fc9.Deleting index entry inetpp.dll in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskeng.exeof index $I30 with parent 0x5b3 in file 0x36e5b.Deleting index entry taskeng.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskmgr.exeof index $I30 with parent 0x5b3 in file 0x200cc.Deleting index entry taskmgr.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry wer.dllof index $I30 with parent 0x5b3 in file 0x30de1.Deleting index entry wer.dll in index $I30 of file 1459. 386080 index entries processed. CHKDSK is recovering lost files.Recovering orphaned file taskmgr.exe (131276) into directory file 1459.Recovering orphaned file wer.dll (200161) into directory file 1459.Recovering orphaned file inetpp.dll (200649) into directory file 1459.Recovering orphaned file wmplayer.exe (223375) into directory file 203. 5 unindexed files processed. Recovering orphaned file taskeng.exe (224859) into directory file 1459. 318912 security descriptors processed. Cleaning up 9 unused index entries from index $SII of file 0x9.Cleaning up 9 unused index entries from index $SDH of file 0x9.Cleaning up 9 unused security descriptors. 33585 data files processed. CHKDSK is verifying Usn Journal... 34528776 USN bytes processed. Usn Journal verification completed.Correcting errors in the Volume Bitmap.Windows has made corrections to the file system. 145773809 KB total disk space. 70644432 KB in 260267 files. 145660 KB in 33586 indexes. 60 KB in bad sectors. 437309 KB in use by the system. 65536 KB occupied by the log file. 74546348 KB available on disk. 4096 bytes in each allocation unit. 36443452 total allocation units on disk. 18636587 allocation units available on disk. Internal Info:c0 dd 04 00 e9 7b 04 00 05 b9 07 00 00 00 00 00 .....{..........32 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00 2|..D...........42 00 00 00 e2 73 ef 76 58 84 40 00 58 7c 40 00 B....s.vX.@.X|@. Windows has finished checking your disk.Please wait while your computer restarts.</Data> </EventData></Event> And I still don't understand why we weren't able to read the minidumps by zipping.them. Were settings changed somehow? My system seems to be running better, but not without anomalies. I have suspected all along that stealthy changeswere made my some malware, which have affected my system. What about wmplayer? and taskmgr? Still not sure what to do next.
  10. I will try to run a Malwarebytes Pro full scan tonight. I hadn't been able to do that recently because my computer would bog down and freeze up. We'll see if that problem has been put behind us. My computer has been up and running all day, including the ESET scan on IE, and several programs including Facebook on Chrome including this one. So we'll see.
  11. Yes, I read your warning about possibly failing hard drive, but have had no other indication of that, and since Windows was able to fix it, I feel hopeful that it won't cause any more trouble. Is there some source I could read about that? My computer has been much more stable for the past few days since I uninstalled my recently purchased (February, 2013) HP PHotosmart printer. The tech gave me newer installation software which I have not used yet, will wait until other issues are solved. I shold also probably uninstall my old Canon printer before I do that. And I have purchased MalwareBytes Secure Backup to save my important data. I will probably be getting a newer laptop before too long, anyway.
  12. I looked up these threats in the files listed to see when they were downloaded. The first one was a little cat application that I'd had on various computers, dated 11-19-2001 The second was Registry Booster from Uniblue dated 2-04-2010 The third was a Google Earth setup from 3-11-2013. I think I was looking for an earlier version. The fourth was Speedupmypc from Uniblue, whom I trusted, on 2-06-2013. Malwarebytes full scans never indicated that any of them were threats, nor did MSE..
  13. ESET finished. Here is the output as a txt file: C:\download\Felix2.exe Win32/Joke.ScreenMate applicationC:\Users\Ralph\Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster applicationC:\Users\Ralph\Downloads\google earth setup.exe a variant of Win32/Soft32Downloader.D applicationC:\Users\Ralph\Downloads\speedupmypc.exe multiple threats Since I ran ESET with 'Remove found threats' unticked, as instructed, how do I go about removing them now?
  14. Okay, This afternoon, I started ESET online scan again. It breezed right past the repaired (by CHKDSK /R) bad clusters in file 6939 of C: boot\bootstat.dat, which had hung up ESET on two previous attempts to run it. As of now, after 4 hours of scanning and about 50% of the way through, it has found 4 infected files so far: These are: 1. Win32/Joke.Screenmate application 2. a variant of Win32/Registry Booster application 3. a variant of Win32/Soft32 Downloader D application 4. multiple threats So, I will let it continue running into the night and finish this time, if it will. These infected files were not found by Malwarebytes Pro or MSE, but I have not been able to do a full scan with either of these programs since August 30 (I believe). I have done Flash scans with Malwarebytes Pro, and quick scans with MSE. But I don't know how recent these infections are. If I get a report I will print it.
  15. Okay, I scheduled another run of CHKDSK /R for last night when I went to bed, around 10 PM. When I checked on it later, it had completed stage 4, verifying file data. The bad clusters which had been found in boot/bootstat.dat in the previous run, had indeed been fixed. (I still want to rerun ESET to make sure it gets past that area). But later still, it had hung up in stage 5, making no further progress all night. This time it only completed 71% of the free space clusters, as opposed to 79% the previous afternoon. Here is what remained on the screen this morning (hand written and typed here): Deleting index entry taskmgr.exe in index $I30 of file 1459. Deleting index entry wer.dll in index $I30 of file 1459. 386164 index entries processed. Index verification completed. CHKDSK is recovering lost files. Recovering orphaned file taskmgr.exe (131276) into directory file 1459. Recovering orphaned file wer.dll (200161) into directory file 1459. Recovering orphaned file inetpp.dll (200649) into directory file 1459. Recovering orphaned file wmplayer.exe (223375) into directory file 203. 5 unindexed files processed. Recovering orphaned file taskeng.exe (224859) into directory file 1459. CHKDSK is verifying security descriptors (stage 3 of 5). . . 318912 security descriptors processed. Security descriptor verification completed. 33627 data files processed. CHKDSK is verifying usn journal. . . 33855032 USN bytes processed. usn journal verification completed. CHKDSK is verifying file data (stage 4 of 5). . . 318896 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5). . . 71 percent complete. (12047345 of 18627258 free clusters processed) Now I am interested in rerunning ESET, as it only scanned a small portion of the disk before hanging up in boot/bootstat.dat (which has now had bad clusters replaced). Thanks for your advice about failing hard drive, but I'd like to investigate further. But I think I will schedule another CHKDSK /R first. PS - the system came up much quicker this morning after first forcing a shutdown hasn't shown signs of freezing up yet, but it's still too soon to say.
  16. Okay, today has been strange. First I tried to find Command Prompt, but couldn't find it your way, because I never did find Accessorries. I eventally found it by searching for Command prompt at the bottom of the Start page. Then I started it as Administrator, and scheduled it to start after a restart. It restarted fine and launced into the Chkdsk /R, But it eventually hung up in step 5. But first: it found 0 bad sectors but it found and fixed the usual indexes, including indexes for wmplayer.exe and taskmgr.exe, and about 3 others, then restoring the orphan records which it had removed from the indexes. In stage 4, it verified file data.(stage 4 of 5): "Windows replaced bad clusters in file 6939 of name \boot\bootstat.dat." Interstingly, this is the same spot where both ESET runs had hung up, in previous runs. At about 2 PM I left to play tennis, leaving the chkdsk running. When I returned at about 4:30, Chkdsk had added the following lines: "318896 files processed (no more bad clusters found, however) File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 79% percent complete. (13981389 of 18627858 free clusters processed)" I was surprised that it hadn't finished, and I waited another 3 hours, and the last line stayed the same. Since neither the memory or disk lights were blinking, I finally concluded that it was hung up and not going any farther, and since it was just verifying free space, I forced it to shut down. Nothing had gotten into the event log from that CHKDSK run, only when I canceled it. So I will schedule another CHKDSK /R run tonight. I'll be interested to see if those bad clusters in boot/bootstat.dat have indeed been fixed, and if an ESET run will be able to get past that spot without hanging up, and if it will complete stage 5 this time. Hopefully, I'll get a complete report this time.
  17. I seem to be stuck here: "Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" I do this, typing it into the search field at the bottom of the START page, but I can't find it on "the menu." (what menu?) It's probably something obvious that I'm just not understanding. If I could find it, I could continue with the instructions. But I'm stuck here. Sorry.
  18. Minitoolbox run: MiniToolBox by Farbar Version: 13-07-2013Ran by Ralph (administrator) on 18-10-2013 at 19:20:01Running from "C:\Users\Ralph\Desktop\Deskwork"Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)Boot Mode: Normal*************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled.No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset.========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe GBE Family Controller = Local Area Connection (Connected)Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)The following helper DLL cannot be loaded: WLANCFG.DLL.The following helper DLL cannot be loaded: WCNNETSH.DLL. # ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4 resetset global icmpredirects=enabledadd address name="Local Area Connection" address=192.168.0.1 popd# End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Ralph-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : PK5001Z Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : PK5001Z Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter Physical Address. . . . . . . . . : 00-C0-A8-FB-77-F4 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::31f5:5074:ea88:613%9(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.141(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Friday, October 18, 2013 6:32:26 PM Lease Expires . . . . . . . . . . : Saturday, October 19, 2013 6:32:25 PM Default Gateway . . . . . . . . . : fe80::b077:bc11:2fb0:cc22%9 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 218153128 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-B6-5C-14-00-E0-B8-DB-4A-21 DNS Servers . . . . . . . . . . . : 192.168.0.1 64.91.3.46 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 00-E0-B8-DB-4A-21 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::b077:bc11:2fb0:cc22%8(Preferred) Autoconfiguration IPv4 Address. . : 169.254.204.34(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 IPv4 Address. . . . . . . . . . . : 192.168.0.1(Duplicate) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 201384120 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-B6-5C-14-00-E0-B8-DB-4A-21 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2 fec0:0:0:ffff::2%2 fec0:0:0:ffff::3%2 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E2CD68E9-F64B-46CA-AF60-CF8CB6FA1F9C} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 13: Connection-specific DNS Suffix . : PK5001Z Description . . . . . . . . . . . : isatap.PK5001Z Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.141%15(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.0.1 64.91.3.46 NetBIOS over Tcpip. . . . . . . . : DisabledServer: PK5001Z.PK5001ZAddress: 192.168.0.1 Name: google.comAddresses: 2607:f8b0:400a:802::1001 173.194.33.97 173.194.33.98 173.194.33.99 173.194.33.100 173.194.33.101 173.194.33.102 173.194.33.103 173.194.33.104 173.194.33.105 173.194.33.110 173.194.33.96 Pinging google.com [173.194.33.98] with 32 bytes of data: Reply from 173.194.33.98: bytes=32 time=23ms TTL=58 Reply from 173.194.33.98: bytes=32 time=24ms TTL=58 Ping statistics for 173.194.33.98: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 23ms, Maximum = 24ms, Average = 23ms Server: PK5001Z.PK5001ZAddress: 192.168.0.1 Name: yahoo.comAddresses: 98.138.253.109 98.139.183.24 206.190.36.45 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=27ms TTL=55 Reply from 206.190.36.45: bytes=32 time=28ms TTL=55 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 27ms, Maximum = 28ms, Average = 27ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=17ms TTL=128 Reply from 127.0.0.1: bytes=32 time=4ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 4ms, Maximum = 17ms, Average = 10ms ===========================================================================Interface List 9 ...00 c0 a8 fb 77 f4 ...... Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter 8 ...00 e0 b8 db 4a 21 ...... Realtek PCIe GBE Family Controller 1 ........................... Software Loopback Interface 1 16 ...00 00 00 00 00 00 00 e0 6TO4 Adapter 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 14 ...00 00 00 00 00 00 00 e0 isatap.{E2CD68E9-F64B-46CA-AF60-CF8CB6FA1F9C} 15 ...00 00 00 00 00 00 00 e0 isatap.PK5001Z=========================================================================== IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.141 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 169.254.204.34 276 169.254.204.34 255.255.255.255 On-link 169.254.204.34 276 169.254.255.255 255.255.255.255 On-link 169.254.204.34 276 192.168.0.0 255.255.255.0 On-link 192.168.0.141 281 192.168.0.141 255.255.255.255 On-link 192.168.0.141 281 192.168.0.255 255.255.255.255 On-link 192.168.0.141 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 169.254.204.34 276 224.0.0.0 240.0.0.0 On-link 192.168.0.141 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 169.254.204.34 276 255.255.255.255 255.255.255.255 On-link 192.168.0.141 281===========================================================================Persistent Routes: None IPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 9 281 ::/0 fe80::b077:bc11:2fb0:cc22 1 306 ::1/128 On-link 8 276 fe80::/64 On-link 9 281 fe80::/64 On-link 15 286 fe80::5efe:192.168.0.141/128 On-link 9 281 fe80::31f5:5074:ea88:613/128 On-link 8 276 fe80::b077:bc11:2fb0:cc22/128 On-link 1 306 ff00::/8 On-link 8 276 ff00::/8 On-link 9 281 ff00::/8 On-link===========================================================================Persistent Routes: None========================= Winsock entries ===================================== Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors:==================Error: (10/18/2013 05:52:15 PM) (Source: Application Error) (User: )Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,process id 0x14bc, application start time 0xsvchost.exe_BFE0. Error: (10/18/2013 05:47:14 PM) (Source: Application Error) (User: )Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,process id 0xbe0, application start time 0xsvchost.exe_BFE0. Error: (10/18/2013 05:47:08 PM) (Source: Application Error) (User: )Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,process id 0x6e4, application start time 0xsvchost.exe_BFE0. Error: (10/18/2013 05:44:53 PM) (Source: Application Error) (User: )Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x00028232,process id 0x6a0, application start time 0xsvchost.exe_BFE0. Error: (10/16/2013 00:26:35 PM) (Source: Windows Search Service) (User: )Description: The entry <C:\USERS\RALPH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AJPCDIPECMMHMHFCHEGPAFLPJKMCEIIP\1.0.0.0_0> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (10/16/2013 00:26:17 PM) (Source: Windows Search Service) (User: )Description: The entry <C:\USERS\RALPH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AJPCDIPECMMHMHFCHEGPAFLPJKMCEIIP\1.0.0.0_0> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (10/16/2013 11:32:44 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)Description: HRESULT:0x8004FF80Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80. Error: (10/16/2013 11:17:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (10/15/2013 11:21:48 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/15/2013 05:55:17 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f4b934b4-48a2-41b7-a311-37902ec5516c} System errors:=============Error: (10/18/2013 06:45:40 PM) (Source: ipnathlp) (User: )Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (10/18/2013 06:33:33 PM) (Source: ipnathlp) (User: )Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. Error: (10/18/2013 06:32:12 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 6:12:17 PM on 10/18/2013 was unexpected. Error: (10/18/2013 05:44:52 PM) (Source: Ntfs) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume \Device\HarddiskVolume2. Error: (10/18/2013 05:44:50 PM) (Source: iaStor) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/18/2013 05:43:35 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (10/18/2013 05:43:30 PM) (Source: iaStor) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/18/2013 05:42:30 PM) (Source: iaStor) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/18/2013 05:44:31 PM) (Source: ipnathlp) (User: )Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (10/18/2013 04:50:17 PM) (Source: ipnathlp) (User: )Description: The ICS_IPV6 failed to configure IPv6 stack. Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2013-10-17 09:57:22.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:57:21.831 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:57:20.892 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:57:20.048 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:53:02.397 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:53:01.567 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:53:00.747 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:52:59.676 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:52:58.725 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-17 09:52:57.962 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958)Activation Assistant for the 2007 Microsoft Office suitesActivation Assistant for the 2007 Microsoft Office suites (Version: 1.0)Adobe AIR (Version: 3.8.0.1430)Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)Adobe Flash Player 11 Plugin (Version: 11.9.900.117)Adobe Reader X (10.1.8) (Version: 10.1.8)Adobe Shockwave Player 11.6 (Version: 11.6.1.629)Advertising Center (Version: 0.0.0.1)AFPL Ghostscript 7.03AFPL Ghostscript FontsAgere Systems HDA ModemAmazon KindleAmazon MP3 Downloader 1.0.15 (Version: 1.0.15)Amazon MP3 Uploader (Version: 1.0.8)Apple Application Support (Version: 2.3)Apple Software Update (Version: 2.1.3.127)ArcSoft Panorama Maker 4ArcSoft PhotoStudio 5.5CAM UnZip 4.42Canon CanoScan LiDE 100 User RegistrationCanon G.726 WMP-Decoder (Version: 1.1.0.4)Canon Inkjet Printer Driver Add-On ModuleCanon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)Canon MP Navigator EX 2.0Canon PIXMA iP3000Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)Canon Utilities CameraWindow (Version: 7.1.0.2)Canon Utilities CameraWindow DC (Version: 7.1.0.7)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)Canon Utilities Easy-PhotoPrintCanon Utilities MyCamera (Version: 6.4.0.5)Canon Utilities MyCamera DC (Version: 7.0.1.8)Canon Utilities RemoteCapture DC (Version: 3.0.1.8)Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)Canon Utilities Solution MenuCanon Utilities ZoomBrowser EX (Version: 6.1.1.21)Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)CanoScan LiDE 100 Scanner DriverCCleaner (Version: 4.04)CDBurnerXP (Version: 4.3.7.2423)D3DX10 (Version: 15.4.2368.0902)Defraggler (Version: 2.15)DolbyFiles (Version: 0.1)EasyCleaner (Version: 2.0.6.380)Elevated Installer (Version: 2.2.21)ERUNT 1.1jESET Online Scanner v3Family Tree MakerFile Uploader (Version: 1.2.0)Filzip 3.06 (Version: 3.0.6)Garmin Communicator Plugin (Version: 4.0.3)Garmin Express (Version: 2.2.21)Garmin Express Tray (Version: 2.2.21)Garmin Update Service (Version: 2.2.21)Garmin USB Drivers (Version: 2.3.0.0)Gateway Connect (Version: 1.1.0)Gateway Recovery Center Installer (Version: 1.01.031)Google Chrome (Version: 30.0.1599.101)Google Earth (Version: 6.2.2.6613)Google Update Helper (Version: 1.3.21.165)GSview 4.1HP FWUpdateEDO2 (Version: 1.2.0.0)HP Photosmart 6520 series Help (Version: 28.0.0)HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)HPDiagnosticAlert (Version: 1.00.0000)IDT Audio (Version: 5.10.5303.0)ImagXpress (Version: 7.0.74.0)IMM4 VCM Codec 1.0.0.10Inkjet Printer/Scanner Extended Survey ProgramIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManagerIrfanView (remove only) (Version: 4.36)Junk Mail filter update (Version: 15.4.3502.0922)Keyspan USB Serial Adapter (Version: 3.7s)LabelPrint (Version: 2.0.1826)Logitech Legacy USB Camera Driver PackageLogitech QuickCam (Version: 11.90.1263)Logitech QuickCam Driver PackageMagnifier (Version: 2.4)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Malwarebytes Secure Backup (Version: 5.9.1.4720)Menu Templates - Starter Kit (Version: 9.4.2.0)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Fix it Center (Version: 1.0.0100)Microsoft Money Essentials (Version: 16)Microsoft Money Shared Libraries (Version: 16.0.0.705)Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)Microsoft Security Client (Version: 4.3.0219.0)Microsoft Security Essentials (Version: 4.3.219.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Works (Version: 08.05.0818)Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)Move Media PlayerMovie Templates - Starter Kit (Version: 9.4.2.0)MSVCRT (Version: 15.4.2862.0708)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)Nero 9 EssentialsNero BurnRights (Version: 3.4.11.100)Nero BurnRights Help (Version: 3.4.4.100)Nero ControlCenter (Version: 9.0.0.1)Nero CoverDesigner (Version: 4.4.9.100)Nero CoverDesigner Help (Version: 4.4.9.100)Nero DiscSpeed (Version: 5.4.11.100)Nero DiscSpeed Help (Version: 5.4.4.100)Nero DriveSpeed (Version: 4.4.11.100)Nero DriveSpeed Help (Version: 4.4.4.100)Nero Express Help (Version: 9.6.2.101)Nero InfoTool (Version: 6.4.11.100)Nero InfoTool Help (Version: 6.4.4.100)Nero Installer (Version: 4.4.9.0)Nero Online Upgrade (Version: 1.3.0.0)Nero ShowTime (Version: 5.4.0.100)Nero ShowTime (Version: 5.4.13.100)Nero StartSmart (Version: 9.4.12.100)Nero StartSmart Help (Version: 9.4.12.100)Nero Vision (Version: 6.4.12.100)Nero Vision Help (Version: 6.4.8.100)NeroExpress (Version: 9.4.17.100)neroxml (Version: 1.0.0)Nikon Message Center (Version: 0.92.000)Nikon Transfer (Version: 1.4.0)Notepad++ (Version: 5.7)OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)Omron Health Management Software (Version: 1.21.0001)PA095 / PA075 USB2.0 DOCKPart 2 of 2PDF reDirect (remove only) (Version: v2.2.8)Picasa 3 (Version: 3.9)Picasa Uploader (Version: 0.6)Power2Go 5.0Quicken Deluxe 98Quicken WillMaker Plus 2013 (Version: 1.0.0.0)QuickTime (Version: 7.74.80.86)Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)Realtek USB 2.0 Card Reader (Version: )REALTEK USB Wireless LAN Driver (Version: 1.00.0000)Secunia PSI (2.0.0.3001)Segoe UI (Version: 15.4.2271.0615)Singlesnet (Version: 0.9.2901.0)Skype Click to Call (Version: 6.13.13771)Skype™ 6.6 (Version: 6.6.106)Spare Backup (Version: 3.2)swMSM (Version: 12.0.0.1)Synaptics Pointing Device Driver (Version: 9.1.17.0)TaxACT 2010TaxACT 2011 - 1040 EditionTaxACT 2011 OregonTaxACT 2012 - 1040 EditionTaxACT 2012 OregonTomTom HOME (Version: 2.9.6)TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)TreeSizeUniblue DriverScanner 2009 (Version: 2.0.0.1)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)WebCopierWhoCrashed 4.01Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)Windows Live Communications Platform (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3555.0308)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Installer (Version: 15.4.3502.0922)Windows Live Mail (Version: 15.4.3502.0922)Windows Live Messenger (Version: 15.4.3538.0513)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Movie Maker (Version: 15.4.3502.0922)Windows Live Photo Common (Version: 15.4.3502.0922)Windows Live Photo Gallery (Version: 15.4.3502.0922)Windows Live PIMT Platform (Version: 15.4.3508.1109)Windows Live SOXE (Version: 15.4.3502.0922)Windows Live SOXE Definitions (Version: 15.4.3502.0922)Windows Live Sync (Version: 14.0.8089.726)Windows Live UX Platform (Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)Windows Live Writer (Version: 15.4.3502.0922)Windows Live Writer Resources (Version: 15.4.3502.0922)Windows Media Player Firefox Plugin (Version: 1.0.0.8)Yahoo! Messenger ========================= Devices: ================================ Name: USB Device(VID_1f3a_PID_efe8)Description: USB Device(VID_1f3a_PID_efe8)Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: USB DevicesService: usbUDiscProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 57%Total physical RAM: 2037.69 MBAvailable physical RAM: 870.39 MBTotal Pagefile: 4984.93 MBAvailable Pagefile: 3418.1 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1947.45 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:139.02 GB) (Free:71.36 GB) NTFS2 Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:4.46 GB) NTFS ========================= Users: ======================================== User accounts for \\RALPH-PC Administrator Guest Ralph ========================= Minidump Files ================================== C:\Windows\Minidump\Mini013113-01.dmpC:\Windows\Minidump\Mini013113-02.dmpC:\Windows\Minidump\Mini020413-01.dmpC:\Windows\Minidump\Mini020513-01.dmpC:\Windows\Minidump\Mini020813-01.dmpC:\Windows\Minidump\Mini021213-01.dmpC:\Windows\Minidump\Mini022213-01.dmpC:\Windows\Minidump\Mini041213-01.dmpC:\Windows\Minidump\Mini071113-01.dmpC:\Windows\Minidump\Mini071213-01.dmpC:\Windows\Minidump\Mini071413-01.dmpC:\Windows\Minidump\Mini071713-01.dmpC:\Windows\Minidump\Mini072913-01.dmpC:\Windows\Minidump\Mini080113-01.dmpC:\Windows\Minidump\Mini080413-01.dmpC:\Windows\Minidump\Mini080613-01.dmpC:\Windows\Minidump\Mini081813-01.dmpC:\Windows\Minidump\Mini082913-01.dmpC:\Windows\Minidump\Mini083113-01.dmpC:\Windows\Minidump\Mini090513-01.dmpC:\Windows\Minidump\Mini091413-01.dmpC:\Windows\Minidump\Mini091713-01.dmpC:\Windows\Minidump\Mini091913-01.dmpC:\Windows\Minidump\Mini092013-01.dmpC:\Windows\Minidump\Mini092013-02.dmpC:\Windows\Minidump\Mini092013-03.dmpC:\Windows\Minidump\Mini092113-01.dmpC:\Windows\Minidump\Mini092413-01.dmpC:\Windows\Minidump\Mini092613-01.dmpC:\Windows\Minidump\Mini092713-01.dmpC:\Windows\Minidump\Mini100313-01.dmpC:\Windows\Minidump\Mini100613-01.dmpC:\Windows\Minidump\Mini101113-01.dmpC:\Windows\Minidump\Mini101113-02.dmpC:\Windows\Minidump\Mini101113-03.dmpC:\Windows\Minidump\Mini101213-01.dmp========================= Restore Points ================================== **** End of log ****
  19. I may have spoken too soon. When I hit Post to post the previous message, my system froze, and it took about 15 minutes for it to free itself up so that I could get back on here and type this message. Also, my MSE icon in the systems trey has turned red, with an exclamation symbol on it. I don't know if one of the fixes made by FRST has somehow crippled it. I will investigate after I post this message.
  20. Okay, I reran FRST in the Fix mode with the custom listfile.txt that you provided. The fixlog.txt created by that run is pasted here: Then I did a manual reboot, and the system came up smoothly and quickly. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013Ran by Ralph at 2013-10-18 12:57:06 Run:1Running from C:\Users\Ralph\DesktopBoot Mode: Normal ============================================== Content of fixlist:*****************DeleteJunctionsInDirectory: C:\Program Files\Windows DefenderDeleteJunctionsInDirectory: C:\Program Files\Microsoft Security ClientHKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2008-01-19] ()HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.gateway.c...ys=PTB&M=P-6301SearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {18CCE993-B9CC-4922-881F-F5EE68634486} URL = http://windowssecret...cof=FORID:11&q={searchTerms}BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No FileBHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No FileBHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cabDPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cabDPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cabDPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cabC:\ProgramData\PKP_DLdu.DATC:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.jobC:\Users\Ralph\AppData\Local\temp\Quarantine.exeC:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dllTask: {1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {2FA3FE75-88E8-47DF-98C1-E645EC950EFB} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exeTask: {32B77094-D224-4F3E-A9F8-728D40CB4126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)Task: {486B0270-4E58-4485-92A6-47D89531603C} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09] (Google)Task: {4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)Task: {B57F7104-ED4A-4F13-923C-70788EDC08DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)Task: {DB490431-69F5-4E1F-9D03-C57377D9FBFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => c:\users\ralph\appdata\local\google\chrome\application\chrome.exe ***************** "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started."C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => Value deleted successfully.HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18CCE993-B9CC-4922-881F-F5EE68634486} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{18CCE993-B9CC-4922-881F-F5EE68634486} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54B22D32-7CA4-4CC1-8B88-BBAFBA652252} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{54B22D32-7CA4-4CC1-8B88-BBAFBA652252} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key deleted successfully.HKCR\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key deleted successfully.HKCR\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} => Key deleted successfully.HKCR\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.C:\ProgramData\PKP_DLdu.DAT => Moved successfully.C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => Moved successfully."C:\Users\Ralph\AppData\Local\temp\Quarantine.exe" => File/Directory not found."C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll" => File/Directory not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} => Key deleted successfully.C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FA3FE75-88E8-47DF-98C1-E645EC950EFB} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA3FE75-88E8-47DF-98C1-E645EC950EFB} => Key deleted successfully.C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_JAN2013_TB_rmv => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32B77094-D224-4F3E-A9F8-728D40CB4126} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32B77094-D224-4F3E-A9F8-728D40CB4126} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF} => Key deleted successfully.C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{486B0270-4E58-4485-92A6-47D89531603C} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486B0270-4E58-4485-92A6-47D89531603C} => Key deleted successfully.C:\Windows\System32\Tasks\Google Software Updater => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Software Updater => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57F7104-ED4A-4F13-923C-70788EDC08DA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57F7104-ED4A-4F13-923C-70788EDC08DA} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB490431-69F5-4E1F-9D03-C57377D9FBFA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB490431-69F5-4E1F-9D03-C57377D9FBFA} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => Key deleted successfully.C:\Windows\Tasks\Google Software Updater.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => Moved successfully.C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job not found. The system needs a manual reboot. ==== End of Fixlog ==== Did a manual reboot, and the system came up smoothly and more quickly than recently.
  21. I did read the Chkdsk issue you posted. But it was way over my head in terms of giving me any useful knowledge. When I run Chkdsk, the fixes are made, and they are different every time, except that wmplayer and taskmgr are involved every time (along with random others which happen to reside in the same index records). To me, it seems like something is screwing with wmplayer and/or taskmgr, but I have no idea what. Sorry about the other mixup. Since I had just run that program a couple of days ago, I thought that was what you were looking for, and I didn't recognize the FRST program name in Step 6. So now I will go back to Step 6 and run FRST using the Fix option with the fixlist.txt file that you attached. ======================================================================================== While I appreciate the help you are giving me very much, part of my problem is that I don't always understand the reasons for the tasks you are asking me to perform, and I don't get any feedback as to what the results have told you. I was a professional trouble-shooter for many years as the database administrator at a mainframe installation, so I had a lot of experience running diagnostics, following clues, and making fixes, but I retired 18 years ago, and don't have the PC knowledge to figure this situation out on my own. I need someone like you who knows what they're doing, but I would like to understand better the reasons for the steps we're taking, and what they are telling you, as to what the problems might be. So, continued thanks for your assistance.
  22. I already ran Farber Recovery Scan Tool back on October 15 per your instructions Step 07. I'll repost the outputs here: Here's the output from FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013Ran by Ralph (administrator) on RALPH-PC on 15-10-2013 12:54:59Running from C:\Users\Ralph\Desktop\DeskworkMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Agere Systems) C:\Windows\system32\agrsmsvc.exe(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Secunia) C:\Program Files\Secunia\PSI\sua.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [sOSUAUI] - C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55192 2013-08-15] (Malwarebytes Secure Backup)HKLM\...\Run: [sMessaging] - C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [64408 2013-08-15] (Malwarebytes Secure Backup)HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Guest\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeHKU\Guest\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)HKU\Guest\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exeHKU\Guest\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\HOMERunner.exe [ 2008-05-06] (TomTom)HKU\Guest\...\Run: [sandboxieControl] - "C:\Program Files\Sandboxie\SbieCtrl.exe"HKU\Guest\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [ 2012-03-08] (Microsoft Corporation)HKU\Guest\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2009-01-08] (Yahoo! Inc.)HKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2008-01-19] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6301SearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {18CCE993-B9CC-4922-881F-F5EE68634486} URL = http://windowssecrets.com/search/?q={searchTerms}&advSAN=1SearchScopes: HKCU - {54B22D32-7CA4-4CC1-8B88-BBAFBA652252} URL = http://windowssecrets.com/search/?q={searchTerms}&advWS=1SearchScopes: HKCU - {E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} URL = http://windowssecrets.com/sitesearch/?cx=017937947691920082874%3A_ilcm6kdy_y&cof=FORID%3A11&q={searchTerms}BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No FileBHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No FileBHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 64.91.3.46 Chrome: =======CHR Extension: (Google Docs) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1CHR Extension: (Google Drive) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1CHR Extension: (Screenshot) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk\0.2.4_0CHR Extension: (YouTube) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1CHR Extension: (Webpage Screenshot Bar) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0CHR Extension: (Google Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1CHR Extension: (Search by Image (by Google)) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0CHR Extension: (Photo Zoom for Facebook) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0CHR Extension: (PDFescape Free PDF Editor) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0CHR Extension: (TinEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.3_0CHR Extension: (RevEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf\1.4.2_0CHR Extension: (Skype Click to Call) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_1CHR Extension: (Explain and Send Screenshots) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin\6.7.6_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1CHR Extension: (Hover Zoom) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0CHR Extension: (Gmail) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ========================== Services (Whitelisted) ================= S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)S2 gupdate1c90e025ce8c3d3; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-02-05] (Google Inc.)S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)R2 NitroReaderDriverReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [196912 2011-01-28] (Nitro PDF Software)R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [39832 2013-08-15] (Malwarebytes Secure Backup)R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-22] (AVG Technologies)R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-02] (Intel Corporation)R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation )U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-10-13] ()S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp.sys [23296 2004-05-05] (Magic Control Technology Corp.)S3 USA19H; C:\Windows\System32\DRIVERS\USA19H2k.sys [704000 2007-10-30] (Keyspan)S3 USA19H2KP; C:\Windows\System32\DRIVERS\USA19H2kp.SYS [24192 2007-05-29] (Keyspan)S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2012-08-27] (Scott)U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]S3 catchme; \??\C:\Users\Ralph\AppData\Local\Temp\catchme.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S1 MpKslbfa56867; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F98F3FE3-F826-4ADA-B044-C0F0486CA9C4}\MpKslbfa56867.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.0112013-10-14 11:04 - 2013-10-14 11:23 - 00000000 ____D C:\AdwCleaner2013-10-14 11:00 - 2013-10-14 11:01 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe2013-10-13 20:03 - 2013-10-13 20:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-10-13 19:58 - 2013-10-13 20:52 - 00000000 ____D C:\Users\Ralph\Desktop\mbar2013-10-13 19:49 - 2013-10-13 19:50 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f22013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt2013-10-13 15:54 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe2013-10-13 15:54 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe2013-10-13 15:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-10-13 15:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-10-13 15:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-10-13 15:54 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe2013-10-13 15:54 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe2013-10-13 15:54 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe2013-10-13 15:46 - 2013-10-13 16:14 - 00000000 ____D C:\Qoobox2013-10-13 15:30 - 2013-10-13 15:27 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe2013-10-13 15:26 - 2013-10-13 15:27 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys2013-10-13 11:32 - 2013-10-13 16:13 - 00000000 ____D C:\Windows\ERDNT2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT2013-10-13 11:19 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe2013-10-13 11:16 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer ) C:\Users\Ralph\Desktop\erunt-setup.exe2013-10-13 11:14 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer ) C:\Users\Ralph\Downloads\erunt-setup.exe2013-10-13 11:09 - 2013-10-14 16:15 - 00000041 _____ C:\Windows\Filzip.ini2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp2013-10-12 10:04 - 2013-10-12 10:05 - 00000000 ____D C:\d37cb711f4669170007b7c062013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp2013-10-11 13:17 - 2013-10-11 13:18 - 00000000 ____D C:\c0064fe9fba931b6ef2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca4702013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a9928657992013-10-11 10:50 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-10-11 10:50 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-10-11 10:50 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-10-11 10:50 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-10-11 10:50 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-10-11 10:50 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-10-11 10:50 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-10-11 10:50 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-10-11 10:50 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-10-11 10:50 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-10-11 10:50 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-10-11 10:50 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-10-11 10:50 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-10-11 10:50 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-10-11 10:50 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-10-11 10:50 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP2013-10-10 12:51 - 2013-10-10 13:00 - 00000000 ____D C:\Program Files\Filzip2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel ) C:\Users\Ralph\Downloads\fz306.exe2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce42013-10-09 21:38 - 2013-08-29 00:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-10-09 21:38 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2013-10-09 21:38 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2013-10-09 21:38 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2013-10-09 21:38 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2013-10-09 21:38 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2013-10-09 21:38 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2013-10-09 21:38 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2013-10-09 21:38 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2013-10-09 21:38 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2013-10-09 21:38 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2013-10-09 21:38 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2013-10-09 21:38 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-09 21:37 - 2013-07-12 02:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys2013-10-09 21:37 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2013-10-09 21:37 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2013-10-09 21:37 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2013-10-09 21:37 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2013-10-09 21:37 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys2013-10-09 21:37 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2013-10-09 21:37 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2013-10-09 21:33 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2013-10-09 21:33 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2013-10-09 21:32 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2013-10-09 21:32 - 2013-07-02 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys2013-10-09 21:32 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys2013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.0102013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.0092013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp2013-10-03 11:44 - 2013-10-03 11:45 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp2013-10-02 16:23 - 2013-10-02 16:26 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe2013-09-24 10:59 - 2013-10-15 12:52 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.0082013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.0072013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp2013-09-16 09:58 - 2013-09-16 10:00 - 15380128 _____ (Malwarebytes Corporation ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe ==================== One Month Modified Files and Folders ======= 2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST2013-10-15 12:53 - 2013-02-05 15:20 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-15 12:52 - 2013-09-24 10:59 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe2013-10-15 12:48 - 2013-08-01 09:10 - 00000466 _____ C:\Windows\Tasks\Online Backup Update Notifier.job2013-10-15 12:45 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-10-15 12:42 - 2008-05-09 12:19 - 01371181 _____ C:\Windows\WindowsUpdate.log2013-10-15 12:39 - 2010-11-20 19:02 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics2013-10-15 12:37 - 2013-02-05 15:20 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-10-15 12:37 - 2013-01-30 11:44 - 00174002 _____ C:\Windows\PFRO.log2013-10-15 12:37 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-10-15 12:26 - 2009-10-02 13:14 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job2013-10-15 12:15 - 2013-02-14 02:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-15 10:15 - 2009-03-25 20:05 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job2013-10-14 23:57 - 2006-11-02 06:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-10-14 20:23 - 2013-02-27 23:56 - 00000000 ____D C:\ProgramData\HP2013-10-14 20:23 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\twain_322013-10-14 20:17 - 2013-01-28 12:26 - 00000000 ____D C:\Users\Ralph\AppData\Local\LogMeIn Rescue Applet2013-10-14 16:15 - 2013-10-13 11:09 - 00000041 _____ C:\Windows\Filzip.ini2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.0112013-10-14 11:23 - 2013-10-14 11:04 - 00000000 ____D C:\AdwCleaner2013-10-14 11:01 - 2013-10-14 11:00 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe2013-10-13 20:52 - 2013-10-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-13 20:52 - 2013-10-13 19:58 - 00000000 ____D C:\Users\Ralph\Desktop\mbar2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-10-13 19:50 - 2013-10-13 19:49 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe2013-10-13 18:36 - 2008-05-09 12:34 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-13 17:52 - 2008-08-25 13:50 - 00073408 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2013-10-13 17:51 - 2009-05-22 16:45 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype2013-10-13 17:49 - 2008-08-25 13:49 - 00000909 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-10-13 17:11 - 2006-11-02 03:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f22013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt2013-10-13 16:14 - 2013-10-13 15:46 - 00000000 ____D C:\Qoobox2013-10-13 16:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Users\Public2013-10-13 16:13 - 2013-10-13 11:32 - 00000000 ____D C:\Windows\ERDNT2013-10-13 16:11 - 2006-11-02 03:23 - 00000215 _____ C:\Windows\system.ini2013-10-13 15:27 - 2013-10-13 15:30 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe2013-10-13 15:27 - 2013-10-13 15:26 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT2013-10-13 11:18 - 2013-10-13 11:19 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe2013-10-13 11:15 - 2013-10-13 11:16 - 00791393 _____ (Lars Hederer ) C:\Users\Ralph\Desktop\erunt-setup.exe2013-10-13 11:15 - 2013-10-13 11:14 - 00791393 _____ (Lars Hederer ) C:\Users\Ralph\Downloads\erunt-setup.exe2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp2013-10-12 22:39 - 2013-01-31 01:02 - 194652536 _____ C:\Windows\MEMORY.DMP2013-10-12 22:39 - 2011-11-24 09:32 - 00000000 ____D C:\Windows\Minidump2013-10-12 10:06 - 2013-07-14 12:21 - 00000000 ____D C:\Windows\system32\MRT2013-10-12 10:05 - 2013-10-12 10:04 - 00000000 ____D C:\d37cb711f4669170007b7c062013-10-12 10:05 - 2006-11-02 03:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp2013-10-11 13:18 - 2013-10-11 13:17 - 00000000 ____D C:\c0064fe9fba931b6ef2013-10-11 13:06 - 2006-11-02 05:47 - 00301032 _____ C:\Windows\system32\FNTCACHE.DAT2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca4702013-10-11 11:19 - 2008-09-11 13:49 - 00027412 _____ C:\Windows\system32\lvcoinst.log2013-10-11 11:18 - 2008-09-11 13:28 - 00000000 ____D C:\Program Files\Common Files\LogiShrd2013-10-11 11:14 - 2009-06-12 10:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a9928657992013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP2013-10-10 13:14 - 2008-07-31 14:52 - 00000000 ____D C:\Users\Ralph2013-10-10 13:00 - 2013-10-10 12:51 - 00000000 ____D C:\Program Files\Filzip2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel ) C:\Users\Ralph\Downloads\fz306.exe2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce42013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml2013-10-09 14:26 - 2009-10-02 13:14 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job2013-10-09 12:46 - 2013-01-31 11:15 - 00000000 ____D C:\Program Files\WhoCrashed2013-10-09 12:17 - 2012-09-20 08:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2013-10-09 12:17 - 2011-07-05 12:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.0102013-10-08 13:04 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\System2013-10-08 10:42 - 2008-09-03 10:51 - 00006648 _____ C:\Users\Ralph\AppData\Local\d3d9caps.dat2013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.0092013-10-07 11:57 - 2011-03-17 15:16 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Nitro PDF2013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp2013-10-05 11:10 - 2013-02-05 15:23 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-10-03 15:36 - 2008-08-07 12:00 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Skype2013-10-03 11:45 - 2013-10-03 11:44 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp2013-10-02 16:26 - 2013-10-02 16:23 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx2013-10-01 22:06 - 2013-08-01 09:46 - 00000506 _____ C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job2013-10-01 19:45 - 2013-08-01 09:08 - 00001880 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk2013-09-29 19:12 - 2010-10-26 13:01 - 00000000 ____D C:\Users\Ralph\Documents\My Kindle Content2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp2013-09-27 12:04 - 2009-02-01 21:28 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT2013-09-27 10:18 - 2009-10-01 13:15 - 00000000 ___RD C:\Program Files\Skype2013-09-26 17:25 - 2012-06-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.0082013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.0072013-09-22 03:29 - 2013-10-11 10:50 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-09-22 03:22 - 2013-10-11 10:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-09-22 03:22 - 2013-10-11 10:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-09-22 03:14 - 2013-10-11 10:50 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-09-22 03:13 - 2013-10-11 10:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-09-22 03:13 - 2013-10-11 10:50 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-09-22 03:12 - 2013-10-11 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-09-22 03:09 - 2013-10-11 10:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-09-22 03:08 - 2013-10-11 10:50 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-09-22 03:07 - 2013-10-11 10:50 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-09-22 03:06 - 2013-10-11 10:50 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-09-22 03:05 - 2013-10-11 10:50 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-09-22 03:03 - 2013-10-11 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-09-22 03:03 - 2013-10-11 10:50 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-09-22 03:03 - 2013-10-11 10:50 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-09-22 02:59 - 2013-10-11 10:50 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp2013-09-18 15:50 - 2008-08-01 17:00 - 00000000 ____D C:\AmiPro2013-09-17 20:24 - 2013-08-01 09:08 - 00000000 ____D C:\Program Files\Malwarebytes Secure Backup2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp2013-09-16 10:04 - 2009-10-07 18:45 - 00000000 ____D C:\Windows\Downloaded Installations2013-09-16 10:00 - 2013-09-16 09:58 - 15380128 _____ (Malwarebytes Corporation ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe Files to move or delete:====================C:\ProgramData\PKP_DLdu.DATC:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job Some content of TEMP:====================C:\Users\Ralph\AppData\Local\temp\Quarantine.exeC:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-15 12:45 ==================== End Of Log ============================ And here's the Additions.txt from the 15th Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013Ran by Ralph at 2013-10-15 12:58:25Running from C:\Users\Ralph\Desktop\DeskworkBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958)Activation Assistant for the 2007 Microsoft Office suitesActivation Assistant for the 2007 Microsoft Office suites (Version: 1.0)Adobe AIR (Version: 3.8.0.1430)Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)Adobe Flash Player 11 Plugin (Version: 11.9.900.117)Adobe Reader X (10.1.8) (Version: 10.1.8)Adobe Shockwave Player 11.6 (Version: 11.6.1.629)Advertising Center (Version: 0.0.0.1)AFPL Ghostscript 7.03AFPL Ghostscript FontsAgere Systems HDA ModemAmazon KindleAmazon MP3 Downloader 1.0.15 (Version: 1.0.15)Amazon MP3 Uploader (Version: 1.0.8)Apple Application Support (Version: 2.3)Apple Software Update (Version: 2.1.3.127)ArcSoft Panorama Maker 4ArcSoft PhotoStudio 5.5CAM UnZip 4.42Canon CanoScan LiDE 100 User RegistrationCanon G.726 WMP-Decoder (Version: 1.1.0.4)Canon Inkjet Printer Driver Add-On ModuleCanon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)Canon MP Navigator EX 2.0Canon PIXMA iP3000Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)Canon Utilities CameraWindow (Version: 7.1.0.2)Canon Utilities CameraWindow DC (Version: 7.1.0.7)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)Canon Utilities Easy-PhotoPrintCanon Utilities MyCamera (Version: 6.4.0.5)Canon Utilities MyCamera DC (Version: 7.0.1.8)Canon Utilities RemoteCapture DC (Version: 3.0.1.8)Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)Canon Utilities Solution MenuCanon Utilities ZoomBrowser EX (Version: 6.1.1.21)Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)CanoScan LiDE 100 Scanner DriverCCleaner (Version: 4.04)CDBurnerXP (Version: 4.3.7.2423)D3DX10 (Version: 15.4.2368.0902)Defraggler (Version: 2.15)DolbyFiles (Version: 0.1)EasyCleaner (Version: 2.0.6.380)Elevated Installer (Version: 2.2.21)ERUNT 1.1jESET Online Scanner v3Family Tree MakerFile Uploader (Version: 1.2.0)Filzip 3.06 (Version: 3.0.6)Garmin Communicator Plugin (Version: 4.0.3)Garmin Express (Version: 2.2.21)Garmin Express Tray (Version: 2.2.21)Garmin Update Service (Version: 2.2.21)Garmin USB Drivers (Version: 2.3.0.0)Gateway Connect (Version: 1.1.0)Gateway Recovery Center Installer (Version: 1.01.031)Google Chrome (Version: 30.0.1599.69)Google Earth (Version: 6.2.2.6613)GSview 4.1HP FWUpdateEDO2 (Version: 1.2.0.0)HP Photosmart 6520 series Help (Version: 28.0.0)HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)HPDiagnosticAlert (Version: 1.00.0000)IDT Audio (Version: 5.10.5303.0)ImagXpress (Version: 7.0.74.0)IMM4 VCM Codec 1.0.0.10Inkjet Printer/Scanner Extended Survey ProgramIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManagerIrfanView (remove only) (Version: 4.36)Java 7 Update 25 (Version: 7.0.250)JavaFX 2.1.1 (Version: 2.1.1)Junk Mail filter update (Version: 15.4.3502.0922)Keyspan USB Serial Adapter (Version: 3.7s)LabelPrint (Version: 2.0.1826)Logitech Legacy USB Camera Driver PackageLogitech QuickCam (Version: 11.90.1263)Logitech QuickCam Driver PackageMagnifier (Version: 2.4)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Malwarebytes Secure Backup (Version: 5.9.1.4720)Menu Templates - Starter Kit (Version: 9.4.2.0)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Fix it Center (Version: 1.0.0100)Microsoft Money Essentials (Version: 16)Microsoft Money Shared Libraries (Version: 16.0.0.705)Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)Microsoft Security Client (Version: 4.3.0215.0)Microsoft Security Essentials (Version: 4.3.215.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Works (Version: 08.05.0818)Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)Move Media PlayerMovie Templates - Starter Kit (Version: 9.4.2.0)MSVCRT (Version: 15.4.2862.0708)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)Nero 9 EssentialsNero BurnRights (Version: 3.4.11.100)Nero BurnRights Help (Version: 3.4.4.100)Nero ControlCenter (Version: 9.0.0.1)Nero CoverDesigner (Version: 4.4.9.100)Nero CoverDesigner Help (Version: 4.4.9.100)Nero DiscSpeed (Version: 5.4.11.100)Nero DiscSpeed Help (Version: 5.4.4.100)Nero DriveSpeed (Version: 4.4.11.100)Nero DriveSpeed Help (Version: 4.4.4.100)Nero Express Help (Version: 9.6.2.101)Nero InfoTool (Version: 6.4.11.100)Nero InfoTool Help (Version: 6.4.4.100)Nero Installer (Version: 4.4.9.0)Nero Online Upgrade (Version: 1.3.0.0)Nero ShowTime (Version: 5.4.0.100)Nero ShowTime (Version: 5.4.13.100)Nero StartSmart (Version: 9.4.12.100)Nero StartSmart Help (Version: 9.4.12.100)Nero Vision (Version: 6.4.12.100)Nero Vision Help (Version: 6.4.8.100)NeroExpress (Version: 9.4.17.100)neroxml (Version: 1.0.0)Nikon Message Center (Version: 0.92.000)Nikon Transfer (Version: 1.4.0)Nitro PDF Reader (Version: 1.4.0.11)Notepad++ (Version: 5.7)OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)Omron Health Management Software (Version: 1.21.0001)PA095 / PA075 USB2.0 DOCKPart 2 of 2PDF reDirect (remove only) (Version: v2.2.8)Picasa 3 (Version: 3.9)Picasa Uploader (Version: 0.6)Power2Go 5.0Quicken Deluxe 98Quicken WillMaker Plus 2013 (Version: 1.0.0.0)QuickTime (Version: 7.74.80.86)Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)Realtek USB 2.0 Card Reader (Version: )REALTEK USB Wireless LAN Driver (Version: 1.00.0000)Secunia PSI (2.0.0.3001)Segoe UI (Version: 15.4.2271.0615)Singlesnet (Version: 0.9.2901.0)Skype Click to Call (Version: 6.12.13601)Skype™ 6.6 (Version: 6.6.106)Spare Backup (Version: 3.2)swMSM (Version: 12.0.0.1)Synaptics Pointing Device Driver (Version: 9.1.17.0)TaxACT 2010TaxACT 2011 - 1040 EditionTaxACT 2011 OregonTaxACT 2012 - 1040 EditionTaxACT 2012 OregonTomTom HOME (Version: 2.9.6)TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)TreeSizeUniblue DriverScanner 2009 (Version: 2.0.0.1)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)WebCopierWhoCrashed 4.01Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)Windows Live Communications Platform (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3555.0308)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Installer (Version: 15.4.3502.0922)Windows Live Mail (Version: 15.4.3502.0922)Windows Live Messenger (Version: 15.4.3538.0513)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Movie Maker (Version: 15.4.3502.0922)Windows Live Photo Common (Version: 15.4.3502.0922)Windows Live Photo Gallery (Version: 15.4.3502.0922)Windows Live PIMT Platform (Version: 15.4.3508.1109)Windows Live SOXE (Version: 15.4.3502.0922)Windows Live SOXE Definitions (Version: 15.4.3502.0922)Windows Live Sync (Version: 14.0.8089.726)Windows Live UX Platform (Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)Windows Live Writer (Version: 15.4.3502.0922)Windows Live Writer Resources (Version: 15.4.3502.0922)Windows Media Player Firefox Plugin (Version: 1.0.0.8)Yahoo! Messenger ==================== Restore Points ========================= ==================== Hosts content: ========================== 2006-11-02 03:23 - 2013-10-13 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {2FA3FE75-88E8-47DF-98C1-E645EC950EFB} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exeTask: {32B77094-D224-4F3E-A9F8-728D40CB4126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)Task: {486B0270-4E58-4485-92A6-47D89531603C} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09] (Google)Task: {4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)Task: {7FDC9C7F-9363-48C7-9752-037CDE5E2496} - System32\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [2013-08-15] (Malwarebytes Secure Backup)Task: {81503994-5FEE-4A4B-9C05-3570613B7B80} - System32\Tasks\Online Backup Update Notifier => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe [2013-08-15] (Malwarebytes Secure Backup)Task: {9731D136-1A55-4F17-868D-6EC853C83902} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {B57F7104-ED4A-4F13-923C-70788EDC08DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)Task: {BE97025E-02DA-4C65-8871-BF0BB8B77502} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)Task: {C662C99A-7146-4713-80EB-A1758CEFE53C} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {DB490431-69F5-4E1F-9D03-C57377D9FBFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()Task: {F9DA845F-DFE8-4849-98FB-AD2F6317DF5C} - System32\Tasks\{2AF0F2B9-1A00-46C8-8428-30E7C4215F9A} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)Task: {F9F8FA80-A9CB-46F2-B7C9-ECC579CF5798} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exeTask: C:\Windows\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exeTask: C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => c:\users\ralph\appdata\local\google\chrome\application\chrome.exe ==================== Loaded Modules (whitelisted) ============= 2007-05-18 21:59 - 2007-05-18 21:59 - 00356928 _____ () C:\Program Files\Spare Backup\sqlite3.dll2009-11-03 17:14 - 2009-11-03 17:14 - 00054272 _____ () C:\Program Files\Notepad++\NppShell_01.dll2013-10-10 12:51 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll2013-08-15 16:40 - 2013-08-15 16:40 - 00023448 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.SharedEverywhere.dll2013-08-15 16:40 - 2013-08-15 16:40 - 00030104 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.Contracts.CentralManagement.dll2013-10-05 11:10 - 2013-10-02 23:03 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll2013-10-05 11:10 - 2013-10-02 23:03 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll2013-10-05 11:09 - 2013-10-02 23:02 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: USB Device(VID_1f3a_PID_efe8)Description: USB Device(VID_1f3a_PID_efe8)Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: USB DevicesService: usbUDiscProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )Description: The application cannot be initialized. Context: Windows Application Details:The content index metadata cannot be read. (0xc0041801) Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:The content index metadata cannot be read. (0xc0041801) Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:Element not found. (0x80070490) Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:The content index metadata cannot be read. (0xc0041801) Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details:0x%08x (0xc0041800 - The content index cannot be read. ) Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index. Details:The content index metadata cannot be read. (0xc0041801) Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot open the Jet property store. Details:The content index cannot be read. (0xc0041800) Error: (10/14/2013 08:20:47 PM) (Source: ESENT) (User: )Description: Windows (3396) Windows: Database recovery/restore failed with unexpected error -543. Error: (10/14/2013 08:20:34 PM) (Source: ESENT) (User: )Description: Windows (3396) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb requires logfiles 14820-14823 in order to recover successfully. Recovery could only locate logfiles up to 14819. Error: (10/14/2013 06:42:49 PM) (Source: EventSystem) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c System errors:=============Error: (10/15/2013 00:39:36 PM) (Source: ipnathlp) (User: )Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. Error: (10/15/2013 00:37:36 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 12:34:54 PM on 10/15/2013 was unexpected. Error: (10/15/2013 00:16:48 PM) (Source: ipnathlp) (User: )Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (10/15/2013 00:14:41 PM) (Source: ipnathlp) (User: )Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. Error: (10/15/2013 00:09:33 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 11:59:33 AM on 10/15/2013 was unexpected. Error: (10/15/2013 00:09:01 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened. Error: (10/15/2013 00:08:57 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened. Error: (10/15/2013 00:08:54 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (10/15/2013 00:07:24 PM) (Source: iaStor) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (10/15/2013 11:54:06 AM) (Source: ipnathlp) (User: )Description: The ICS_IPV6 failed to configure IPv6 stack. Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2013-10-15 12:57:31.845 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-15 12:57:31.104 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-15 12:57:30.356 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-15 12:57:29.565 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-15 12:57:28.820 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-15 12:57:28.044 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-15 12:57:27.279 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-15 12:57:26.488 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-13 20:18:55.202 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-13 20:18:54.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 66%Total physical RAM: 2037.69 MBAvailable physical RAM: 691.52 MBTotal Pagefile: 4978.93 MBAvailable Pagefile: 3396.64 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1901.34 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:139.02 GB) (Free:71.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:4.46 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 02FF13A2)Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks
  23. Step 6: I have fixlist.txt downloaded and stored on my desktop, but where do i find FRST ? It's not linked, and I don't know how to comply with this step. Sorry for my inablity to figure this out.. ?????
  24. Step 5: Ran Results: Windows Search Troubleshooter Publisher details Issues found Windows Search does not show any results Fixed Reset Windows Search Succeeded Issues checked Windows Search is crashing or failing Checked Windows Search does not start and gives an error message Checked Issues found Detection details 6 Windows Search does not show any results Fixed Windows Search does not show any results. Additioanlly, an event ID 7040 is logged in the Windows event log, or Windows Search service is not running. Issues checked Detection details 6 Windows Search is crashing or failing Checked Windows Search crashes or fails after it has started. Additionally, an event ID 7042, 100, or 1000 is logged in the Windows event log, or the Windows Search service is not running. 6 Windows Search does not start and gives an error message Checked Windows Search does not show any search results and there is an error message on startup. An Event ID 1006 or 3024 is logged in the Windows event log, or Windows Search service is not running. Detection details Publisher details
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.