[Proper recovery method for Gateway Vista with automatic data backup?]

In my previous topic (gateway-laptop-with-ssd-not-find-vista-sp2-wont-start-pxe-e76 ) , I was unable to restart my Gateway 32bit Vista laptop, except by using the Gateway Recovery management Partition. and doing a "Recovery with automatic data backup."

 

This recovery worked flawlessly, and recovered Vista to its 2008 level, including 60 associated programs and Windows updates, and built an associated 23 gig BACKUP file which was stored in the top level of the Local Disk (C:) directory.

 

It included a top level directory folder named: 14-08-23 12:39 AM, beneath which were folders, the same folder names that Vista initially builds in its structure including;  Documents, Google, Graphics, Intel, Perflogs, Program files, System Volume Information, Users, and Windows, along with additional folders that had existed in the previous version on my computer, such as AmiPro, Downloads, Quicken98, and other programs and folders of mine, built since the previous recovery when I'd replaced a failing hard drive with a Crucial SSD.

 

However, after recovering to this stage, I did not know the proper way to continue the recovery, how to get this backup structure back into the Local Disk (C:) structure in place of the one the recovery had built.

 

I thought the first priority would be to continue applying updates to the system using Windows Update.  But I ran into a problem with Windows Update, so went ahead and used the standalone installs of SP1 and then SP2, but Windows Update is still not working.

 

And I still have not put the backed up directory structure back in place, and I don't even know how to do that.  So I'm not sure what to do next, and am requesting any assistance as to the proper way to recover from this situation.

 

I will make an offline backup of that BACKUP directory, before I do anything.  And if I have to go back and start over, I am willing to do that, too, in the case that I have done things in the wrong order.

 

I am 76 years old and struggling to get this recovery right, so I would appreciate any help anyone could give me as to the proper method of doing this recovery to get me back to where I was before the startup problem.

 

Thank you very much,

Ralphyde

 

 

 

 

[Gateway laptop with SSD not find Vista sp2 wont start PXE-E76]

Successful startup, but two new problems to deal with.  I have also downloaded and installed SP-1  and SP-2 

 

Windows Update has not been working since startup.  It was an old version, 7.0, so I thought a newer version might get around the problem, so I installed the 7.4 agent, since the latest 7.6 wasn't available for downloading and installing.  But with 7.4 agent, I'm still having problems, says it isn't started, though I have put in the recommended settings.

 

The other problem or question is: How to use the BACKUP file from the rebuild run to replace the new (old - 2008) system that was restored.

 

The Recovery from the recovery partition (with saving data) built a folder called BACKUP with folders under the Local Disk (C:) directory entry 

It has the same directory structure as the newly built one all the way down through WINDOWS, with all the previous contents.

 

What I need to know is whether I can just replace the newly built structure with the Backup structure, that would put the computer back the way it was before the problem and would be the ideal solution if it could be done.

 

Thanks for any assistance with either of the two problems

Ralphyde

[Gateway laptop with SSD not find Vista sp2 wont start PXE-E76]

Well, I bit the bullet today, and ran the Windows restore (with saving data option) program from my recovery partition.  It ran flawlessly an installed the 2008 version of Windows Vista, along with 60 associated programs and Windows update.

 

I turned on wi-fi and tried to run Windows Update, to get some of the early updates, with setting of - Let me decide which ones to download and install. I hoped to create smaller more manageable batches to install.  But that old version of Windows Update wouldn't give me anything.

 

I then installed and ran my copy of Malwarebytes Pro to shield the system while on wi-fi, and ran a scan, finding no problems.

 

Now I need to find out how to bring my Windows Vista up to SP2 level.

Can someone please tell me how?  Can I skip the individual fixes and go right to Sp1, and then straight to SP2? And will that give me an updated Windows Update as; well?  I appreciate any knowledge about this.  Thanks.

 

ralphyde

[Gateway laptop with SSD not find Vista sp2 wont start PXE-E76]

I have a Gateway P-6301 Laptop computer that had a failing hard drive in 2013, which I successfully replaced with a Crucial SSD, then recovered the factory Windows Vista from the recovery partition, then applied all the updates to bring it up to SP-2, and reinstalled my programs, including some that will only run on 32 bit machines (like AmiPro).

 

It has been running flawlessly since then, as I keep it healthy with Malwarebytes Pro and System Mechanic. So it had no malware on it, and was running fine through August 20.  

 

But when I tried to start it on August 21, it got only to the black screen with the cursor in the middle, and stayed that way forever. instead of bringing up the Windows icon and password dialog.  Pressing the start button would shut it down after about 50 seconds.

 

Starting it with PF8 would bring up the repair choices, but Windows would not come up in Safe mode either, nor would command prompt, or directory services.

 

The Repair Computer option, would allow me to access the Gateway System Recovery Options screen showing the following choices: startup repair, system restore, Windows complete PC restore,Windows Memory diagnostic tool, command prompt, and recovery manager.

 

Startup repair ran through several tests all of which came back with code 0x0, then "boot status indicates that the OS booted successfully". and "Startup Repair could not detect a problem."

 

System Restore didn't do anything.

 

The Memory diagnostic tool ran successfully.

 

When I try to startup with PF12, it shows whats happening quickly, and the Error PXE-E76 flashes by "Bad or missing multicast discovery address" Then PXE-M0F "Exiting PXE-ROM"

I tried changing the start device order in the BIOS to no avail.

 

It seems like the link to the part of the strartup routine that puts up the Windows icon and the signon dialog is lost.

 

If all else fails, it appears that I'll have to bite the bullet and do a recovery from the recovery partition, saving data but putting Vista back to 2008 status, then have to update to SP2 again.  I'm hoping there's something easier than that long process..

 

I would appreciate any assistance with this problem.

Thanks 

ralphyde

 

[Cant start my Vista laptop - long welcome loop.]

Amaziingly, I've gotten on today normally, after several more crashes.  This time (it always comes up to the signon screen, giving me a choice of Ralph (admin) or Guest (no signon)), but if I choose Ralph, it goes into a Welcome loop, then crashes.

 

This time, I got on as Guest, and that desktop came up, allowiing me to get onto Chrome, as well as this forum, and even Windows Explorer, on which I copied some of my vital files to a 16G flash drive.  Most were already threre.  The system runs smoothly and nice as long as I don't try to sign on, which is where there is an unwriteable sector, I think.

 

Hopefully, now, I have most of what I'll need to migrate to my new Windows 7 laptop, when it arrives.

 

Though I'm not sure about my Windows Mail.

[Cant start my Vista laptop - long welcome loop.]

Yes, Ron warned me that other symptoms were indicating a failing hard drive, but I was still able to get on and work normally for hours at a time over a period of weeks.  But now it seems the end has come.

 

I have already ordered a Windows 7 laptop to replace it, but hoped to keep it going for a few more days, perhaps.  And I'm hoping that my Malwarebytes Secure Backups will be restorable to my new Toshiba Windows 7 laptop.

 

But today, an attempted normal startup got to the signon screen, I signed on, then it went to the 'welcome' screen for about 30 minutes, before crashing with the following message:

 

STOP: c000021a {Fatal System Error}

The Windows subsystem system process terminated unexpectedly with a status of 

0xc0000005 (0x75879529 0x00bef3f4).

The system has been shut down.

collecting data for crash dump. . .

...

contact your system admin or technical support group for further assistance.

 

So that's where I stand now.

Using F8 on startup, I am able to get to the repair screen, but don't know if any options would help.

Have tried to get  up in safe mode, but no go.

 

Any suggestions?

[Cant start my Vista laptop - long welcome loop.]

My Vista laptoop Has been having troubles, but I have been able to get on up til now.

 

Today I was able to get to the Windows signon, then sighnon, but then the computer went into an endless 'welcome' loop.  Eventually forced shutdown.

 

Have tried to get on in Safe Mode.  Same thing

 

Finally I got the following Windows error message:

 

The instruction at 0x00bf1e8e referenced memory at 0x000001fe.  The memory could not be written.  Click OK to terminate program.

 

Anyone got any ideas as to how to get past this?

 

Thanks

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Thanks for all the reference material.  I am currently using Malwarebytes Pro, as well as Secure Backup. 

And I am a subscriber to Windows Secrets, though I can't keep up with it.

 

Last night I decided to see if I could run a Malwarebytes full scan, just to see if my computer could do it

without freezing up.  And first, I scheduled a CHKDSK /f.

 

I started around 9:45.  When I went to bed after 11, Malwarebytes Pro showed one issue found.

But when I checked at 2:30 AM, the screen was black, and nothing I could do would revive it, so I closed it.

 

In the morning, I restarted (chose normal startup), but couldn't find any output from the full scan.  The event log

showed that at 2:06, there were a gupdate, 2 system restore point creations, another gupdate, and a VSS at 2:09.

(I don't know what these mean).  I haven't found any output from the Malwarebytes run, and nothing shows in its

history tab.

 

The output from the CHKDSK run shows the same index rebuilding involving taskmgr and wmplayer, which I don't

understand.  Here is the output from that run:

 

Log Name:      Application

Source:        Microsoft-Windows-Wininit

Date:          10/21/2013 9:46:58 PM

Event ID:      1001

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      RALPH-PC

Description:

 

 

Checking file system on C:

The type of the file system is NTFS.

 

 

A disk check has been scheduled.

Windows will now check the disk.                         

  318912 file records processed.                                  

 

  1516 large file records processed.                            

 

  0 bad file records processed.                              

 

  0 EA records processed.                                    

 

  68 reparse records processed.                               

 

Unable to locate the file name attribute of index entry wmplayer.exe

of index $I30 with parent 0xcb in file 0x3688f.

Deleting index entry wmplayer.exe in index $I30 of file 203.

Unable to locate the file name attribute of index entry inetpp.dll

of index $I30 with parent 0x5b3 in file 0x30fc9.

Deleting index entry inetpp.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskeng.exe

of index $I30 with parent 0x5b3 in file 0x36e5b.

Deleting index entry taskeng.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskmgr.exe

of index $I30 with parent 0x5b3 in file 0x200cc.

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry wer.dll

of index $I30 with parent 0x5b3 in file 0x30de1.

Deleting index entry wer.dll in index $I30 of file 1459.

  386080 index entries processed.                                 

 

CHKDSK is recovering lost files.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

  5 unindexed files processed.                               

 

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

  318912 security descriptors processed.                          

 

Cleaning up 9 unused index entries from index $SII of file 0x9.

Cleaning up 9 unused index entries from index $SDH of file 0x9.

Cleaning up 9 unused security descriptors.

  33585 data files processed.                                    

 

CHKDSK is verifying Usn Journal...

  34528776 USN bytes processed.                                     

 

Usn Journal verification completed.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 145773809 KB total disk space.

  70644432 KB in 260267 files.

    145660 KB in 33586 indexes.

        60 KB in bad sectors.

    437309 KB in use by the system.

     65536 KB occupied by the log file.

  74546348 KB available on disk.

 

      4096 bytes in each allocation unit.

  36443452 total allocation units on disk.

  18636587 allocation units available on disk.

 

Internal Info:

c0 dd 04 00 e9 7b 04 00 05 b9 07 00 00 00 00 00  .....{..........

32 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  2|..D...........

42 00 00 00 e2 73 ef 76 58 84 40 00 58 7c 40 00  B....s.vX.@.X|@.

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

    <EventID Qualifiers="16384">1001</EventID>

    <Version>0</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2013-10-22T04:46:58.000Z" />

    <EventRecordID>143591</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>Application</Channel>

    <Computer>RALPH-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

 

 

A disk check has been scheduled.

Windows will now check the disk.                         

  318912 file records processed.                                  

 

  1516 large file records processed.                            

 

  0 bad file records processed.                              

 

  0 EA records processed.                                    

 

  68 reparse records processed.                               

 

Unable to locate the file name attribute of index entry wmplayer.exe

of index $I30 with parent 0xcb in file 0x3688f.

Deleting index entry wmplayer.exe in index $I30 of file 203.

Unable to locate the file name attribute of index entry inetpp.dll

of index $I30 with parent 0x5b3 in file 0x30fc9.

Deleting index entry inetpp.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskeng.exe

of index $I30 with parent 0x5b3 in file 0x36e5b.

Deleting index entry taskeng.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskmgr.exe

of index $I30 with parent 0x5b3 in file 0x200cc.

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry wer.dll

of index $I30 with parent 0x5b3 in file 0x30de1.

Deleting index entry wer.dll in index $I30 of file 1459.

  386080 index entries processed.                                 

 

CHKDSK is recovering lost files.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

  5 unindexed files processed.                               

 

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

  318912 security descriptors processed.                          

 

Cleaning up 9 unused index entries from index $SII of file 0x9.

Cleaning up 9 unused index entries from index $SDH of file 0x9.

Cleaning up 9 unused security descriptors.

  33585 data files processed.                                    

 

CHKDSK is verifying Usn Journal...

  34528776 USN bytes processed.                                     

 

Usn Journal verification completed.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 145773809 KB total disk space.

  70644432 KB in 260267 files.

    145660 KB in 33586 indexes.

        60 KB in bad sectors.

    437309 KB in use by the system.

     65536 KB occupied by the log file.

  74546348 KB available on disk.

 

      4096 bytes in each allocation unit.

  36443452 total allocation units on disk.

  18636587 allocation units available on disk.

 

Internal Info:

c0 dd 04 00 e9 7b 04 00 05 b9 07 00 00 00 00 00  .....{..........

32 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  2|..D...........

42 00 00 00 e2 73 ef 76 58 84 40 00 58 7c 40 00  B....s.vX.@.X|@.

 

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

  </EventData>

</Event>

 

 

And I still don't understand why we weren't able to read the minidumps by zipping.them.  Were settings changed somehow?

 

My system seems to be running better, but not without anomalies.  I have suspected all along that stealthy changes

were made my some malware, which have affected my system.  What about wmplayer? and taskmgr?  

Still not sure what  to do next.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

I will try to run a Malwarebytes Pro full scan tonight.  I hadn't been able to do that recently because my 

computer would bog down and freeze up.  We'll see if that problem has been put behind us.  My computer has 

been up and running all day, including the ESET scan on IE, and several programs including Facebook

on Chrome including this one.

So we'll see.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Yes, I read your warning about possibly failing hard drive, but have had no other indication of that, and since

Windows was able to fix it, I feel hopeful that it won't cause any more trouble.

 

Is there some source I could read about that?  My computer has been much more stable for the 

past few days since I uninstalled my recently purchased (February, 2013) HP PHotosmart printer.  The tech gave me

newer installation software which I have not used yet, will wait until other issues are solved.  I shold also probably

uninstall my old Canon printer before I do that.

 

And I have purchased MalwareBytes Secure Backup to save my important data.  I will probably be getting a newer 

laptop before too long, anyway.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

I looked up these threats in the files listed to see when they were downloaded.

 

The first one was a little cat application that I'd had on various computers, dated 11-19-2001

 

The second was Registry Booster from Uniblue dated 2-04-2010

 

The third was a Google Earth setup from 3-11-2013.  I think I was looking for an earlier version.

 

The fourth was Speedupmypc from Uniblue, whom I trusted, on 2-06-2013.

 

Malwarebytes full scans never indicated that any of them were threats, nor did MSE..

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

ESET finished.  Here is the output as a txt file:

 

C:\download\Felix2.exe Win32/Joke.ScreenMate application

C:\Users\Ralph\Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application

C:\Users\Ralph\Downloads\google earth setup.exe a variant of Win32/Soft32Downloader.D application

C:\Users\Ralph\Downloads\speedupmypc.exe multiple threats

 

Since I ran ESET with 'Remove found threats' unticked, as instructed, how do I go about removing them now?

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Okay, This afternoon, I started ESET online scan again.  It breezed right past the repaired (by CHKDSK /R) 

bad clusters in file 6939 of C: boot\bootstat.dat, which had hung up ESET on two previous attempts to run it.

As of now, after 4 hours of scanning and about 50% of the way through, it has found

4 infected files so far:

 

These are:

 

1.  Win32/Joke.Screenmate application

2.  a variant of Win32/Registry Booster application

3.  a variant of Win32/Soft32 Downloader D application

4.  multiple threats

 

So, I will let it continue running into the night and finish this time, if it will.

These infected files were not found by Malwarebytes Pro or MSE, but I have not

been able to do a full scan with either of these programs since August 30 (I believe).

I have done Flash scans with Malwarebytes Pro, and quick scans with MSE.

But I don't know how recent these infections are.  If I get a report I will print it.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Okay, I scheduled another run of CHKDSK /R for last night when I went to bed, around 10 PM.

When I checked on it later, it had completed stage 4, verifying file data.  The bad clusters which had been found

in boot/bootstat.dat in the previous run, had indeed been fixed.  (I still want to rerun ESET to make sure it gets past

that area).

 

But later still, it had hung up in stage 5, making no further progress all night.  This time it only completed 71% of the 

free space clusters, as opposed to 79% the previous afternoon.

 

Here is what remained on the screen this morning (hand written and typed here):

 

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Deleting index entry wer.dll in index $I30 of file 1459.

    386164 index entries processed.

Index verification completed.

CHKDSK is recovering lost files.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

    5 unindexed files processed.

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

CHKDSK is verifying security descriptors (stage 3 of 5). . .

    318912 security descriptors processed.

Security descriptor verification completed.

    33627 data files processed.

CHKDSK is verifying usn journal. . .

    33855032 USN bytes processed.

usn journal verification completed.

CHKDSK is verifying file data (stage 4 of 5). . .

    318896 files processed.

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5). . .

71 percent complete. (12047345 of 18627258 free clusters processed)

 

Now I am interested in rerunning ESET, as it only scanned a small portion of the disk 

before hanging up in boot/bootstat.dat  (which has now had bad clusters replaced).

 

Thanks for your advice about failing hard drive, but I'd like to investigate further.

 

But I think I will schedule another CHKDSK /R first.

 

PS - the system came up much quicker this morning after first forcing a shutdown

hasn't shown signs of freezing up yet, but it's still too soon to say.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Okay, today has been strange.  First I tried to find Command Prompt, but couldn't find it your way, because I never did find Accessorries.

I eventally found it by searching for Command prompt at the bottom of the Start page.

Then I started it as Administrator, and scheduled it to start after a restart.

 

It restarted fine and launced into the Chkdsk /R,  But it eventually hung up in step 5.  But first:

it found 0 bad sectors

but it found and fixed the usual indexes, including indexes for wmplayer.exe and taskmgr.exe, and about 3 others, 

then restoring the orphan records which it had removed from the indexes.

 

In stage 4, it verified file data.(stage 4 of 5):

"Windows replaced bad clusters in file 6939

of name \boot\bootstat.dat."

 

Interstingly, this is the same spot where both ESET runs had hung up, in previous runs.

 

At about 2 PM I left to play tennis, leaving the chkdsk running.

 

When I returned at about 4:30, Chkdsk had added the following lines:

 

"318896 files processed (no more bad clusters found, however)

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

79% percent complete.  (13981389 of 18627858 free clusters processed)"

 

I was surprised that it hadn't finished, and I waited another 3 hours, and the last line stayed the same.

Since neither the memory or disk lights were blinking, I finally concluded that it was hung up and not

going any farther,  and since it was just verifying free space, I forced it to shut down.

 

Nothing had gotten into the event log from that CHKDSK run, only when I canceled it.

 

So I will schedule another CHKDSK /R run tonight. 

 

I'll be interested to see if those bad clusters in boot/bootstat.dat have indeed been fixed,

and if an ESET run will be able to get past that spot without hanging up,

and if it will complete stage 5 this time.

 

Hopefully, I'll get a complete report this time.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

I seem to be stuck here: "Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator"

I do this, typing it into the search field at the bottom of the START page, but I can't find it on "the menu." (what menu?)  It's probably something obvious that I'm just not understanding.  If I could find it, I could continue with the instructions.  But I'm stuck here.  Sorry.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

To start, here's the Minidump you asked for:

Mini101213-01.txt

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Minitoolbox run:

 

MiniToolBox by Farbar  Version: 13-07-2013

Ran by Ralph (administrator) on 18-10-2013 at 19:20:01

Running from "C:\Users\Ralph\Desktop\Deskwork"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)

The following helper DLL cannot be loaded: WLANCFG.DLL.

The following helper DLL cannot be loaded: WCNNETSH.DLL.

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

add address name="Local Area Connection" address=192.168.0.1

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Ralph-PC

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Broadcast

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : PK5001Z

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . : PK5001Z

   Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

   Physical Address. . . . . . . . . : 00-C0-A8-FB-77-F4

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::31f5:5074:ea88:613%9(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.0.141(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Friday, October 18, 2013 6:32:26 PM

   Lease Expires . . . . . . . . . . : Saturday, October 19, 2013 6:32:25 PM

   Default Gateway . . . . . . . . . : fe80::b077:bc11:2fb0:cc22%9

                                       192.168.0.1

   DHCP Server . . . . . . . . . . . : 192.168.0.1

   DHCPv6 IAID . . . . . . . . . . . : 218153128

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-B6-5C-14-00-E0-B8-DB-4A-21

   DNS Servers . . . . . . . . . . . : 192.168.0.1

                                       64.91.3.46

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

   Physical Address. . . . . . . . . : 00-E0-B8-DB-4A-21

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::b077:bc11:2fb0:cc22%8(Preferred) 

   Autoconfiguration IPv4 Address. . : 169.254.204.34(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.0.0

   IPv4 Address. . . . . . . . . . . : 192.168.0.1(Duplicate) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 

   DHCPv6 IAID . . . . . . . . . . . : 201384120

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-B6-5C-14-00-E0-B8-DB-4A-21

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

                                       fec0:0:0:ffff::2%2

                                       fec0:0:0:ffff::3%2

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 6:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : 6TO4 Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 9:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 02-00-54-55-4E-01

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 12:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : isatap.{E2CD68E9-F64B-46CA-AF60-CF8CB6FA1F9C}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 13:

 

   Connection-specific DNS Suffix  . : PK5001Z

   Description . . . . . . . . . . . : isatap.PK5001Z

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.141%15(Preferred) 

   Default Gateway . . . . . . . . . : 

   DNS Servers . . . . . . . . . . . : 192.168.0.1

                                       64.91.3.46

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  PK5001Z.PK5001Z

Address:  192.168.0.1

 

Name:    google.com

Addresses:  2607:f8b0:400a:802::1001

 173.194.33.97

 173.194.33.98

 173.194.33.99

 173.194.33.100

 173.194.33.101

 173.194.33.102

 173.194.33.103

 173.194.33.104

 173.194.33.105

 173.194.33.110

 173.194.33.96

 

 

 

Pinging google.com [173.194.33.98] with 32 bytes of data:

 

Reply from 173.194.33.98: bytes=32 time=23ms TTL=58

 

Reply from 173.194.33.98: bytes=32 time=24ms TTL=58

 

 

 

Ping statistics for 173.194.33.98:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 23ms, Maximum = 24ms, Average = 23ms

 

Server:  PK5001Z.PK5001Z

Address:  192.168.0.1

 

Name:    yahoo.com

Addresses:  98.138.253.109

 98.139.183.24

 206.190.36.45

 

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

Reply from 206.190.36.45: bytes=32 time=27ms TTL=55

 

Reply from 206.190.36.45: bytes=32 time=28ms TTL=55

 

 

 

Ping statistics for 206.190.36.45:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 27ms, Maximum = 28ms, Average = 27ms

 

 

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time=17ms TTL=128

 

Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

 

 

 

Ping statistics for 127.0.0.1:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 4ms, Maximum = 17ms, Average = 10ms

 

===========================================================================

Interface List

  9 ...00 c0 a8 fb 77 f4 ...... Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

  8 ...00 e0 b8 db 4a 21 ...... Realtek PCIe GBE Family Controller

  1 ........................... Software Loopback Interface 1

 16 ...00 00 00 00 00 00 00 e0  6TO4 Adapter

 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface

 14 ...00 00 00 00 00 00 00 e0  isatap.{E2CD68E9-F64B-46CA-AF60-CF8CB6FA1F9C}

 15 ...00 00 00 00 00 00 00 e0  isatap.PK5001Z

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.141     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      169.254.0.0      255.255.0.0         On-link    169.254.204.34    276

   169.254.204.34  255.255.255.255         On-link    169.254.204.34    276

  169.254.255.255  255.255.255.255         On-link    169.254.204.34    276

      192.168.0.0    255.255.255.0         On-link     192.168.0.141    281

    192.168.0.141  255.255.255.255         On-link     192.168.0.141    281

    192.168.0.255  255.255.255.255         On-link     192.168.0.141    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link    169.254.204.34    276

        224.0.0.0        240.0.0.0         On-link     192.168.0.141    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link    169.254.204.34    276

  255.255.255.255  255.255.255.255         On-link     192.168.0.141    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  9    281 ::/0                     fe80::b077:bc11:2fb0:cc22

  1    306 ::1/128                  On-link

  8    276 fe80::/64                On-link

  9    281 fe80::/64                On-link

 15    286 fe80::5efe:192.168.0.141/128

                                    On-link

  9    281 fe80::31f5:5074:ea88:613/128

                                    On-link

  8    276 fe80::b077:bc11:2fb0:cc22/128

                                    On-link

  1    306 ff00::/8                 On-link

  8    276 ff00::/8                 On-link

  9    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (10/18/2013 05:52:15 PM) (Source: Application Error) (User: )

Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,

process id 0x14bc, application start time 0xsvchost.exe_BFE0.

 

Error: (10/18/2013 05:47:14 PM) (Source: Application Error) (User: )

Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,

process id 0xbe0, application start time 0xsvchost.exe_BFE0.

 

Error: (10/18/2013 05:47:08 PM) (Source: Application Error) (User: )

Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,

process id 0x6e4, application start time 0xsvchost.exe_BFE0.

 

Error: (10/18/2013 05:44:53 PM) (Source: Application Error) (User: )

Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x00028232,

process id 0x6a0, application start time 0xsvchost.exe_BFE0.

 

Error: (10/16/2013 00:26:35 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\RALPH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AJPCDIPECMMHMHFCHEGPAFLPJKMCEIIP\1.0.0.0_0> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/16/2013 00:26:17 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\RALPH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AJPCDIPECMMHMHFCHEGPAFLPJKMCEIIP\1.0.0.0_0> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (10/16/2013 11:32:44 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)

Description: HRESULT:0x8004FF80

Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.

 

Error: (10/16/2013 11:17:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped.  Verify that you have sufficient privileges to stop system services.

 

Error: (10/15/2013 11:21:48 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (10/15/2013 05:55:17 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {f4b934b4-48a2-41b7-a311-37902ec5516c}

 

 

System errors:

=============

Error: (10/18/2013 06:45:40 PM) (Source: ipnathlp) (User: )

Description: The ICS_IPV6 failed to configure IPv6 stack.

 

Error: (10/18/2013 06:33:33 PM) (Source: ipnathlp) (User: )

Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

 

Error: (10/18/2013 06:32:12 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 6:12:17 PM on 10/18/2013 was unexpected.

 

Error: (10/18/2013 05:44:52 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

 

Error: (10/18/2013 05:44:50 PM) (Source: iaStor) (User: )

Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

 

Error: (10/18/2013 05:43:35 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

 

Error: (10/18/2013 05:43:30 PM) (Source: iaStor) (User: )

Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

 

Error: (10/18/2013 05:42:30 PM) (Source: iaStor) (User: )

Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

 

Error: (10/18/2013 05:44:31 PM) (Source: ipnathlp) (User: )

Description: The ICS_IPV6 failed to configure IPv6 stack.

 

Error: (10/18/2013 04:50:17 PM) (Source: ipnathlp) (User: )

Description: The ICS_IPV6 failed to configure IPv6 stack.

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2013-10-17 09:57:22.629

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:57:21.831

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:57:20.892

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:57:20.048

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:53:02.397

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:53:01.567

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:53:00.747

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:52:59.676

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:52:58.725

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-17 09:52:57.962

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

 

=========================== Installed Programs ============================

 

 Update for Microsoft Office 2007 (KB2508958)

Activation Assistant for the 2007 Microsoft Office suites

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)

Adobe AIR (Version: 3.8.0.1430)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (Version: 11.9.900.117)

Adobe Reader X (10.1.8) (Version: 10.1.8)

Adobe Shockwave Player 11.6 (Version: 11.6.1.629)

Advertising Center (Version: 0.0.0.1)

AFPL Ghostscript 7.03

AFPL Ghostscript Fonts

Agere Systems HDA Modem

Amazon Kindle

Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)

Amazon MP3 Uploader (Version: 1.0.8)

Apple Application Support (Version: 2.3)

Apple Software Update (Version: 2.1.3.127)

ArcSoft Panorama Maker 4

ArcSoft PhotoStudio 5.5

CAM UnZip 4.42

Canon CanoScan LiDE 100 User Registration

Canon G.726 WMP-Decoder (Version: 1.1.0.4)

Canon Inkjet Printer Driver Add-On Module

Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)

Canon MP Navigator EX 2.0

Canon PIXMA iP3000

Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)

Canon Utilities CameraWindow (Version: 7.1.0.2)

Canon Utilities CameraWindow DC (Version: 7.1.0.7)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)

Canon Utilities Easy-PhotoPrint

Canon Utilities MyCamera (Version: 6.4.0.5)

Canon Utilities MyCamera DC (Version: 7.0.1.8)

Canon Utilities RemoteCapture DC (Version: 3.0.1.8)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)

Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)

CanoScan LiDE 100 Scanner Driver

CCleaner (Version: 4.04)

CDBurnerXP (Version: 4.3.7.2423)

D3DX10 (Version: 15.4.2368.0902)

Defraggler (Version: 2.15)

DolbyFiles (Version: 0.1)

EasyCleaner (Version: 2.0.6.380)

Elevated Installer (Version: 2.2.21)

ERUNT 1.1j

ESET Online Scanner v3

Family Tree Maker

File Uploader (Version: 1.2.0)

Filzip 3.06 (Version: 3.0.6)

Garmin Communicator Plugin (Version: 4.0.3)

Garmin Express (Version: 2.2.21)

Garmin Express Tray (Version: 2.2.21)

Garmin Update Service (Version: 2.2.21)

Garmin USB Drivers (Version: 2.3.0.0)

Gateway Connect (Version: 1.1.0)

Gateway Recovery Center Installer (Version: 1.01.031)

Google Chrome (Version: 30.0.1599.101)

Google Earth (Version: 6.2.2.6613)

Google Update Helper (Version: 1.3.21.165)

GSview 4.1

HP FWUpdateEDO2 (Version: 1.2.0.0)

HP Photosmart 6520 series Help (Version: 28.0.0)

HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)

HPDiagnosticAlert (Version: 1.00.0000)

IDT Audio (Version: 5.10.5303.0)

ImagXpress (Version: 7.0.74.0)

IMM4 VCM Codec 1.0.0.10

Inkjet Printer/Scanner Extended Survey Program

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IrfanView (remove only) (Version: 4.36)

Junk Mail filter update (Version: 15.4.3502.0922)

Keyspan USB Serial Adapter (Version: 3.7s)

LabelPrint (Version: 2.0.1826)

Logitech Legacy USB Camera Driver Package

Logitech QuickCam (Version: 11.90.1263)

Logitech QuickCam Driver Package

Magnifier (Version: 2.4)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Malwarebytes Secure Backup (Version: 5.9.1.4720)

Menu Templates - Starter Kit (Version: 9.4.2.0)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Fix it Center (Version: 1.0.0100)

Microsoft Money Essentials (Version: 16)

Microsoft Money Shared Libraries (Version: 16.0.0.705)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)

Microsoft Security Client (Version: 4.3.0219.0)

Microsoft Security Essentials (Version: 4.3.219.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Works (Version: 08.05.0818)

Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)

Move Media Player

Movie Templates - Starter Kit (Version: 9.4.2.0)

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Nero 9 Essentials

Nero BurnRights (Version: 3.4.11.100)

Nero BurnRights Help (Version: 3.4.4.100)

Nero ControlCenter (Version: 9.0.0.1)

Nero CoverDesigner (Version: 4.4.9.100)

Nero CoverDesigner Help (Version: 4.4.9.100)

Nero DiscSpeed (Version: 5.4.11.100)

Nero DiscSpeed Help (Version: 5.4.4.100)

Nero DriveSpeed (Version: 4.4.11.100)

Nero DriveSpeed Help (Version: 4.4.4.100)

Nero Express Help (Version: 9.6.2.101)

Nero InfoTool (Version: 6.4.11.100)

Nero InfoTool Help (Version: 6.4.4.100)

Nero Installer (Version: 4.4.9.0)

Nero Online Upgrade (Version: 1.3.0.0)

Nero ShowTime (Version: 5.4.0.100)

Nero ShowTime (Version: 5.4.13.100)

Nero StartSmart (Version: 9.4.12.100)

Nero StartSmart Help (Version: 9.4.12.100)

Nero Vision (Version: 6.4.12.100)

Nero Vision Help (Version: 6.4.8.100)

NeroExpress (Version: 9.4.17.100)

neroxml (Version: 1.0.0)

Nikon Message Center (Version: 0.92.000)

Nikon Transfer (Version: 1.4.0)

Notepad++ (Version: 5.7)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

Omron Health Management Software (Version: 1.21.0001)

PA095 / PA075 USB2.0 DOCK

Part 2 of 2

PDF reDirect (remove only) (Version: v2.2.8)

Picasa 3 (Version: 3.9)

Picasa Uploader (Version: 0.6)

Power2Go 5.0

Quicken Deluxe 98

Quicken WillMaker Plus 2013 (Version: 1.0.0.0)

QuickTime (Version: 7.74.80.86)

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)

Realtek USB 2.0 Card Reader (Version: )

REALTEK USB Wireless LAN Driver (Version: 1.00.0000)

Secunia PSI (2.0.0.3001)

Segoe UI (Version: 15.4.2271.0615)

Singlesnet (Version: 0.9.2901.0)

Skype Click to Call (Version: 6.13.13771)

Skype™ 6.6 (Version: 6.6.106)

Spare Backup (Version: 3.2)

swMSM (Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 9.1.17.0)

TaxACT 2010

TaxACT 2011 - 1040 Edition

TaxACT 2011 Oregon

TaxACT 2012 - 1040 Edition

TaxACT 2012 Oregon

TomTom HOME (Version: 2.9.6)

TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)

TreeSize

Uniblue DriverScanner 2009 (Version: 2.0.0.1)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WebCopier

WhoCrashed 4.01

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

Yahoo! Messenger

 

========================= Devices: ================================

 

Name: USB Device(VID_1f3a_PID_efe8)

Description: USB Device(VID_1f3a_PID_efe8)

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: USB Devices

Service: usbUDisc

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 57%

Total physical RAM: 2037.69 MB

Available physical RAM: 870.39 MB

Total Pagefile: 4984.93 MB

Available Pagefile: 3418.1 MB

Total Virtual: 2047.88 MB

Available Virtual: 1947.45 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:139.02 GB) (Free:71.36 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:4.46 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\RALPH-PC

 

Administrator            Guest                    Ralph                    

 

========================= Minidump Files ==================================

 

C:\Windows\Minidump\Mini013113-01.dmp

C:\Windows\Minidump\Mini013113-02.dmp

C:\Windows\Minidump\Mini020413-01.dmp

C:\Windows\Minidump\Mini020513-01.dmp

C:\Windows\Minidump\Mini020813-01.dmp

C:\Windows\Minidump\Mini021213-01.dmp

C:\Windows\Minidump\Mini022213-01.dmp

C:\Windows\Minidump\Mini041213-01.dmp

C:\Windows\Minidump\Mini071113-01.dmp

C:\Windows\Minidump\Mini071213-01.dmp

C:\Windows\Minidump\Mini071413-01.dmp

C:\Windows\Minidump\Mini071713-01.dmp

C:\Windows\Minidump\Mini072913-01.dmp

C:\Windows\Minidump\Mini080113-01.dmp

C:\Windows\Minidump\Mini080413-01.dmp

C:\Windows\Minidump\Mini080613-01.dmp

C:\Windows\Minidump\Mini081813-01.dmp

C:\Windows\Minidump\Mini082913-01.dmp

C:\Windows\Minidump\Mini083113-01.dmp

C:\Windows\Minidump\Mini090513-01.dmp

C:\Windows\Minidump\Mini091413-01.dmp

C:\Windows\Minidump\Mini091713-01.dmp

C:\Windows\Minidump\Mini091913-01.dmp

C:\Windows\Minidump\Mini092013-01.dmp

C:\Windows\Minidump\Mini092013-02.dmp

C:\Windows\Minidump\Mini092013-03.dmp

C:\Windows\Minidump\Mini092113-01.dmp

C:\Windows\Minidump\Mini092413-01.dmp

C:\Windows\Minidump\Mini092613-01.dmp

C:\Windows\Minidump\Mini092713-01.dmp

C:\Windows\Minidump\Mini100313-01.dmp

C:\Windows\Minidump\Mini100613-01.dmp

C:\Windows\Minidump\Mini101113-01.dmp

C:\Windows\Minidump\Mini101113-02.dmp

C:\Windows\Minidump\Mini101113-03.dmp

C:\Windows\Minidump\Mini101213-01.dmp

========================= Restore Points ==================================

 

 

**** End of log ****

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

I may have spoken too soon.  When I hit Post to post the previous message, my system froze, and it took 

about 15 minutes for it to free itself up so that I could get back on here and type this message.

 

Also, my MSE icon in the systems trey has turned red, with an exclamation symbol on it.  I don't know if 

one of the fixes made by FRST has somehow crippled it.  I will investigate after I post this message.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Okay, I reran FRST in the Fix mode with the custom listfile.txt that you provided.

 

The fixlog.txt  created by that run is pasted here:

 

Then I did a manual reboot, and the system came up smoothly and quickly.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013

Ran by Ralph at 2013-10-18 12:57:06 Run:1

Running from C:\Users\Ralph\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

DeleteJunctionsInDirectory: C:\Program Files\Windows Defender

DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

HKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2008-01-19] ()

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.gateway.c...ys=PTB&M=P-6301

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {18CCE993-B9CC-4922-881F-F5EE68634486} URL = http://windowssecret...cof=FORID:11&q={searchTerms}

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File

BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

C:\ProgramData\PKP_DLdu.DAT

C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job

C:\Users\Ralph\AppData\Local\temp\Quarantine.exe

C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll

Task: {1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2FA3FE75-88E8-47DF-98C1-E645EC950EFB} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

Task: {32B77094-D224-4F3E-A9F8-728D40CB4126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {486B0270-4E58-4485-92A6-47D89531603C} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09] (Google)

Task: {4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)

Task: {B57F7104-ED4A-4F13-923C-70788EDC08DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)

Task: {DB490431-69F5-4E1F-9D03-C57377D9FBFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => c:\users\ralph\appdata\local\google\chrome\application\chrome.exe

 

 

*****************

 

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => Value deleted successfully.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18CCE993-B9CC-4922-881F-F5EE68634486} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{18CCE993-B9CC-4922-881F-F5EE68634486} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54B22D32-7CA4-4CC1-8B88-BBAFBA652252} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{54B22D32-7CA4-4CC1-8B88-BBAFBA652252} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.

HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.

HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.

HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.

HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.

HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.

HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key deleted successfully.

HKCR\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key deleted successfully.

HKCR\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} => Key deleted successfully.

HKCR\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.

HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.

HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.

C:\ProgramData\PKP_DLdu.DAT => Moved successfully.

C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => Moved successfully.

"C:\Users\Ralph\AppData\Local\temp\Quarantine.exe" => File/Directory not found.

"C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} => Key deleted successfully.

C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FA3FE75-88E8-47DF-98C1-E645EC950EFB} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA3FE75-88E8-47DF-98C1-E645EC950EFB} => Key deleted successfully.

C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_JAN2013_TB_rmv => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32B77094-D224-4F3E-A9F8-728D40CB4126} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32B77094-D224-4F3E-A9F8-728D40CB4126} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.

C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF} => Key deleted successfully.

C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{486B0270-4E58-4485-92A6-47D89531603C} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486B0270-4E58-4485-92A6-47D89531603C} => Key deleted successfully.

C:\Windows\System32\Tasks\Google Software Updater => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Software Updater => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57F7104-ED4A-4F13-923C-70788EDC08DA} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57F7104-ED4A-4F13-923C-70788EDC08DA} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB490431-69F5-4E1F-9D03-C57377D9FBFA} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB490431-69F5-4E1F-9D03-C57377D9FBFA} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => Key deleted successfully.

C:\Windows\Tasks\Google Software Updater.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => Moved successfully.

C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job not found.

 

 

The system needs a manual reboot. 

 

==== End of Fixlog ====

 

Did a manual reboot, and the system came up smoothly and more quickly than recently.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

I did read the Chkdsk issue you posted.  But it was way over my head in terms of giving me any useful knowledge.

 

When I run Chkdsk, the fixes are made, and they are different every time, except that wmplayer and taskmgr are 

involved every time (along with random others which happen to reside in the same index records).

 

To me, it seems like something is screwing with wmplayer and/or taskmgr, but I have no idea what.

 

Sorry about the other mixup.  Since I had just run that program a couple of days ago, I thought that was what you

were looking for, and I didn't recognize the FRST program name in Step 6.

 

So now I will go back to Step 6 and run FRST using the Fix option with the fixlist.txt file that you attached.

 

========================================================================================

 

While I appreciate the help you are giving me very much, part of my problem is that I don't always understand 

the reasons for the tasks you are asking me to perform, and I don't get any feedback as to what the results 

have told you.

 

I was a professional trouble-shooter for many years as the database administrator at a mainframe installation, 

so I had a lot of experience running diagnostics, following clues, and making fixes, but I retired 18 years ago,

and don't have the PC knowledge to figure this situation out on my own.  I need someone like you who knows 

what they're doing, but I would like to understand better the reasons for the steps we're taking, and what they 

are telling you, as to what the problems might be.

 

So, continued thanks for your assistance.

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

I already ran Farber Recovery Scan Tool back on October 15 per your instructions Step 07.

 

I'll repost the outputs here:

 

Here's the output from FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013

Ran by Ralph (administrator) on RALPH-PC on 15-10-2013 12:54:59

Running from C:\Users\Ralph\Desktop\Deskwork

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Agere Systems) C:\Windows\system32\agrsmsvc.exe

(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe

(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [sOSUAUI] - C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55192 2013-08-15] (Malwarebytes Secure Backup)

HKLM\...\Run: [sMessaging] - C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [64408 2013-08-15] (Malwarebytes Secure Backup)

HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)

HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Guest\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)

HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKU\Guest\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)

HKU\Guest\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe

HKU\Guest\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\HOMERunner.exe [ 2008-05-06] (TomTom)

HKU\Guest\...\Run: [sandboxieControl] - "C:\Program Files\Sandboxie\SbieCtrl.exe"

HKU\Guest\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [ 2012-03-08] (Microsoft Corporation)

HKU\Guest\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2009-01-08] (Yahoo! Inc.)

HKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2008-01-19] ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6301

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {18CCE993-B9CC-4922-881F-F5EE68634486} URL = http://windowssecrets.com/search/?q={searchTerms}&advSAN=1

SearchScopes: HKCU - {54B22D32-7CA4-4CC1-8B88-BBAFBA652252} URL = http://windowssecrets.com/search/?q={searchTerms}&advWS=1

SearchScopes: HKCU - {E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} URL = http://windowssecrets.com/sitesearch/?cx=017937947691920082874%3A_ilcm6kdy_y&cof=FORID%3A11&q={searchTerms}

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File

BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 64.91.3.46

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1

CHR Extension: (Google Drive) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1

CHR Extension: (Screenshot) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk\0.2.4_0

CHR Extension: (YouTube) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Webpage Screenshot Bar) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0

CHR Extension: (Google Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (Search by Image (by Google)) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0

CHR Extension: (Photo Zoom for Facebook) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0

CHR Extension: (PDFescape Free PDF Editor) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0

CHR Extension: (TinEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.3_0

CHR Extension: (RevEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf\1.4.2_0

CHR Extension: (Skype Click to Call) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_1

CHR Extension: (Explain and Send Screenshots) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin\6.7.6_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1

CHR Extension: (Hover Zoom) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0

CHR Extension: (Gmail) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

 

========================== Services (Whitelisted) =================

 

S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)

S2 gupdate1c90e025ce8c3d3; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-02-05] (Google Inc.)

S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)

R2 NitroReaderDriverReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [196912 2011-01-28] (Nitro PDF Software)

R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [39832 2013-08-15] (Malwarebytes Secure Backup)

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)

S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-22] (AVG Technologies)

R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)

R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)

S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)

S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-02] (Intel Corporation)

R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()

S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)

S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)

R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )

U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-10-13] ()

S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp.sys [23296 2004-05-05] (Magic Control Technology Corp.)

S3 USA19H; C:\Windows\System32\DRIVERS\USA19H2k.sys [704000 2007-10-30] (Keyspan)

S3 USA19H2KP; C:\Windows\System32\DRIVERS\USA19H2kp.SYS [24192 2007-05-29] (Keyspan)

S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2012-08-27] (Scott)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\Users\Ralph\AppData\Local\Temp\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S1 MpKslbfa56867; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F98F3FE3-F826-4ADA-B044-C0F0486CA9C4}\MpKslbfa56867.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST

2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe

2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.011

2013-10-14 11:04 - 2013-10-14 11:23 - 00000000 ____D C:\AdwCleaner

2013-10-14 11:00 - 2013-10-14 11:01 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe

2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT

2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe

2013-10-13 20:03 - 2013-10-13 20:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-13 19:58 - 2013-10-13 20:52 - 00000000 ____D C:\Users\Ralph\Desktop\mbar

2013-10-13 19:49 - 2013-10-13 19:50 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe

2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f2

2013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt

2013-10-13 15:54 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-13 15:54 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-13 15:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-13 15:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-13 15:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-13 15:54 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-13 15:54 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-13 15:54 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-13 15:46 - 2013-10-13 16:14 - 00000000 ____D C:\Qoobox

2013-10-13 15:30 - 2013-10-13 15:27 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe

2013-10-13 15:26 - 2013-10-13 15:27 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe

2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys

2013-10-13 11:32 - 2013-10-13 16:13 - 00000000 ____D C:\Windows\ERDNT

2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk

2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT

2013-10-13 11:19 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe

2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe

2013-10-13 11:16 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Desktop\erunt-setup.exe

2013-10-13 11:14 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Downloads\erunt-setup.exe

2013-10-13 11:09 - 2013-10-14 16:15 - 00000041 _____ C:\Windows\Filzip.ini

2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe

2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp

2013-10-12 10:04 - 2013-10-12 10:05 - 00000000 ____D C:\d37cb711f4669170007b7c06

2013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp

2013-10-11 13:17 - 2013-10-11 13:18 - 00000000 ____D C:\c0064fe9fba931b6ef

2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp

2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca470

2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a992865799

2013-10-11 10:50 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-11 10:50 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-11 10:50 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-11 10:50 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-10-11 10:50 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-11 10:50 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-11 10:50 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-11 10:50 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-11 10:50 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-10-11 10:50 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-11 10:50 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-10-11 10:50 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-11 10:50 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-11 10:50 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-11 10:50 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-11 10:50 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp

2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP

2013-10-10 12:51 - 2013-10-10 13:00 - 00000000 ____D C:\Program Files\Filzip

2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk

2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk

2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel                                               ) C:\Users\Ralph\Downloads\fz306.exe

2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce4

2013-10-09 21:38 - 2013-08-29 00:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 21:38 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-10-09 21:38 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-10-09 21:38 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-10-09 21:38 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-10-09 21:38 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-10-09 21:38 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-10-09 21:38 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-10-09 21:38 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-10-09 21:38 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-10-09 21:38 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 21:38 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-10-09 21:38 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 21:37 - 2013-07-12 02:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-09 21:37 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 21:37 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 21:37 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 21:37 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-09 21:37 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 21:37 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 21:37 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-09 21:33 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 21:33 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 21:32 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 21:32 - 2013-07-02 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-09 21:32 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml

2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe

2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.010

2013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.009

2013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp

2013-10-03 11:44 - 2013-10-03 11:45 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp

2013-10-02 16:23 - 2013-10-02 16:26 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv

2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv

2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx

2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url

2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp

2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp

2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET

2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe

2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt

2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt

2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe

2013-09-24 10:59 - 2013-10-15 12:52 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork

2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com

2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp

2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.008

2013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.007

2013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp

2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp

2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp

2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp

2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp

2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp

2013-09-16 09:58 - 2013-09-16 10:00 - 15380128 _____ (Malwarebytes Corporation                                     ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe

 

==================== One Month Modified Files and Folders =======

 

2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST

2013-10-15 12:53 - 2013-02-05 15:20 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-15 12:52 - 2013-09-24 10:59 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork

2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe

2013-10-15 12:48 - 2013-08-01 09:10 - 00000466 _____ C:\Windows\Tasks\Online Backup Update Notifier.job

2013-10-15 12:45 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-15 12:42 - 2008-05-09 12:19 - 01371181 _____ C:\Windows\WindowsUpdate.log

2013-10-15 12:39 - 2010-11-20 19:02 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics

2013-10-15 12:37 - 2013-02-05 15:20 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-15 12:37 - 2013-01-30 11:44 - 00174002 _____ C:\Windows\PFRO.log

2013-10-15 12:37 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-15 12:26 - 2009-10-02 13:14 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job

2013-10-15 12:15 - 2013-02-14 02:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-15 10:15 - 2009-03-25 20:05 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job

2013-10-14 23:57 - 2006-11-02 06:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-14 20:23 - 2013-02-27 23:56 - 00000000 ____D C:\ProgramData\HP

2013-10-14 20:23 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\twain_32

2013-10-14 20:17 - 2013-01-28 12:26 - 00000000 ____D C:\Users\Ralph\AppData\Local\LogMeIn Rescue Applet

2013-10-14 16:15 - 2013-10-13 11:09 - 00000041 _____ C:\Windows\Filzip.ini

2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.011

2013-10-14 11:23 - 2013-10-14 11:04 - 00000000 ____D C:\AdwCleaner

2013-10-14 11:01 - 2013-10-14 11:00 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe

2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT

2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe

2013-10-13 20:52 - 2013-10-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-13 20:52 - 2013-10-13 19:58 - 00000000 ____D C:\Users\Ralph\Desktop\mbar

2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-13 19:50 - 2013-10-13 19:49 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe

2013-10-13 18:36 - 2008-05-09 12:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-13 17:52 - 2008-08-25 13:50 - 00073408 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-13 17:51 - 2009-05-22 16:45 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype

2013-10-13 17:49 - 2008-08-25 13:49 - 00000909 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-13 17:11 - 2006-11-02 03:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f2

2013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt

2013-10-13 16:14 - 2013-10-13 15:46 - 00000000 ____D C:\Qoobox

2013-10-13 16:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Users\Public

2013-10-13 16:13 - 2013-10-13 11:32 - 00000000 ____D C:\Windows\ERDNT

2013-10-13 16:11 - 2006-11-02 03:23 - 00000215 _____ C:\Windows\system.ini

2013-10-13 15:27 - 2013-10-13 15:30 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe

2013-10-13 15:27 - 2013-10-13 15:26 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe

2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys

2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk

2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT

2013-10-13 11:18 - 2013-10-13 11:19 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe

2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe

2013-10-13 11:15 - 2013-10-13 11:16 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Desktop\erunt-setup.exe

2013-10-13 11:15 - 2013-10-13 11:14 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Downloads\erunt-setup.exe

2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe

2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp

2013-10-12 22:39 - 2013-01-31 01:02 - 194652536 _____ C:\Windows\MEMORY.DMP

2013-10-12 22:39 - 2011-11-24 09:32 - 00000000 ____D C:\Windows\Minidump

2013-10-12 10:06 - 2013-07-14 12:21 - 00000000 ____D C:\Windows\system32\MRT

2013-10-12 10:05 - 2013-10-12 10:04 - 00000000 ____D C:\d37cb711f4669170007b7c06

2013-10-12 10:05 - 2006-11-02 03:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp

2013-10-11 13:18 - 2013-10-11 13:17 - 00000000 ____D C:\c0064fe9fba931b6ef

2013-10-11 13:06 - 2006-11-02 05:47 - 00301032 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp

2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca470

2013-10-11 11:19 - 2008-09-11 13:49 - 00027412 _____ C:\Windows\system32\lvcoinst.log

2013-10-11 11:18 - 2008-09-11 13:28 - 00000000 ____D C:\Program Files\Common Files\LogiShrd

2013-10-11 11:14 - 2009-06-12 10:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a992865799

2013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp

2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP

2013-10-10 13:14 - 2008-07-31 14:52 - 00000000 ____D C:\Users\Ralph

2013-10-10 13:00 - 2013-10-10 12:51 - 00000000 ____D C:\Program Files\Filzip

2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk

2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk

2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel                                               ) C:\Users\Ralph\Downloads\fz306.exe

2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce4

2013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml

2013-10-09 14:26 - 2009-10-02 13:14 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job

2013-10-09 12:46 - 2013-01-31 11:15 - 00000000 ____D C:\Program Files\WhoCrashed

2013-10-09 12:17 - 2012-09-20 08:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-09 12:17 - 2011-07-05 12:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe

2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.010

2013-10-08 13:04 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\System

2013-10-08 10:42 - 2008-09-03 10:51 - 00006648 _____ C:\Users\Ralph\AppData\Local\d3d9caps.dat

2013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.009

2013-10-07 11:57 - 2011-03-17 15:16 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Nitro PDF

2013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp

2013-10-05 11:10 - 2013-02-05 15:23 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-10-03 15:36 - 2008-08-07 12:00 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Skype

2013-10-03 11:45 - 2013-10-03 11:44 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp

2013-10-02 16:26 - 2013-10-02 16:23 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv

2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv

2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx

2013-10-01 22:06 - 2013-08-01 09:46 - 00000506 _____ C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job

2013-10-01 19:45 - 2013-08-01 09:08 - 00001880 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk

2013-09-29 19:12 - 2010-10-26 13:01 - 00000000 ____D C:\Users\Ralph\Documents\My Kindle Content

2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url

2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp

2013-09-27 12:04 - 2009-02-01 21:28 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT

2013-09-27 10:18 - 2009-10-01 13:15 - 00000000 ___RD C:\Program Files\Skype

2013-09-26 17:25 - 2012-06-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp

2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET

2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe

2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt

2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt

2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe

2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com

2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp

2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.008

2013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.007

2013-09-22 03:29 - 2013-10-11 10:50 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-22 03:22 - 2013-10-11 10:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-22 03:22 - 2013-10-11 10:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-22 03:14 - 2013-10-11 10:50 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-22 03:13 - 2013-10-11 10:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-22 03:13 - 2013-10-11 10:50 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-22 03:12 - 2013-10-11 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-22 03:09 - 2013-10-11 10:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-22 03:08 - 2013-10-11 10:50 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-22 03:07 - 2013-10-11 10:50 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-22 03:06 - 2013-10-11 10:50 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-09-22 03:05 - 2013-10-11 10:50 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-22 03:03 - 2013-10-11 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-22 03:03 - 2013-10-11 10:50 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-22 03:03 - 2013-10-11 10:50 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-22 02:59 - 2013-10-11 10:50 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp

2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp

2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp

2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp

2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp

2013-09-18 15:50 - 2008-08-01 17:00 - 00000000 ____D C:\AmiPro

2013-09-17 20:24 - 2013-08-01 09:08 - 00000000 ____D C:\Program Files\Malwarebytes Secure Backup

2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp

2013-09-16 10:04 - 2009-10-07 18:45 - 00000000 ____D C:\Windows\Downloaded Installations

2013-09-16 10:00 - 2013-09-16 09:58 - 15380128 _____ (Malwarebytes Corporation                                     ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe

 

Files to move or delete:

====================

C:\ProgramData\PKP_DLdu.DAT

C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job

 

 

Some content of TEMP:

====================

C:\Users\Ralph\AppData\Local\temp\Quarantine.exe

C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-10-15 12:45

 

==================== End Of Log ============================

 

And here's the Additions.txt from the 15th

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013

Ran by Ralph at 2013-10-15 12:58:25

Running from C:\Users\Ralph\Desktop\Deskwork

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958)

Activation Assistant for the 2007 Microsoft Office suites

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)

Adobe AIR (Version: 3.8.0.1430)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (Version: 11.9.900.117)

Adobe Reader X (10.1.8) (Version: 10.1.8)

Adobe Shockwave Player 11.6 (Version: 11.6.1.629)

Advertising Center (Version: 0.0.0.1)

AFPL Ghostscript 7.03

AFPL Ghostscript Fonts

Agere Systems HDA Modem

Amazon Kindle

Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)

Amazon MP3 Uploader (Version: 1.0.8)

Apple Application Support (Version: 2.3)

Apple Software Update (Version: 2.1.3.127)

ArcSoft Panorama Maker 4

ArcSoft PhotoStudio 5.5

CAM UnZip 4.42

Canon CanoScan LiDE 100 User Registration

Canon G.726 WMP-Decoder (Version: 1.1.0.4)

Canon Inkjet Printer Driver Add-On Module

Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)

Canon MP Navigator EX 2.0

Canon PIXMA iP3000

Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)

Canon Utilities CameraWindow (Version: 7.1.0.2)

Canon Utilities CameraWindow DC (Version: 7.1.0.7)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)

Canon Utilities Easy-PhotoPrint

Canon Utilities MyCamera (Version: 6.4.0.5)

Canon Utilities MyCamera DC (Version: 7.0.1.8)

Canon Utilities RemoteCapture DC (Version: 3.0.1.8)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)

Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)

CanoScan LiDE 100 Scanner Driver

CCleaner (Version: 4.04)

CDBurnerXP (Version: 4.3.7.2423)

D3DX10 (Version: 15.4.2368.0902)

Defraggler (Version: 2.15)

DolbyFiles (Version: 0.1)

EasyCleaner (Version: 2.0.6.380)

Elevated Installer (Version: 2.2.21)

ERUNT 1.1j

ESET Online Scanner v3

Family Tree Maker

File Uploader (Version: 1.2.0)

Filzip 3.06 (Version: 3.0.6)

Garmin Communicator Plugin (Version: 4.0.3)

Garmin Express (Version: 2.2.21)

Garmin Express Tray (Version: 2.2.21)

Garmin Update Service (Version: 2.2.21)

Garmin USB Drivers (Version: 2.3.0.0)

Gateway Connect (Version: 1.1.0)

Gateway Recovery Center Installer (Version: 1.01.031)

Google Chrome (Version: 30.0.1599.69)

Google Earth (Version: 6.2.2.6613)

GSview 4.1

HP FWUpdateEDO2 (Version: 1.2.0.0)

HP Photosmart 6520 series Help (Version: 28.0.0)

HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)

HPDiagnosticAlert (Version: 1.00.0000)

IDT Audio (Version: 5.10.5303.0)

ImagXpress (Version: 7.0.74.0)

IMM4 VCM Codec 1.0.0.10

Inkjet Printer/Scanner Extended Survey Program

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IrfanView (remove only) (Version: 4.36)

Java 7 Update 25 (Version: 7.0.250)

JavaFX 2.1.1 (Version: 2.1.1)

Junk Mail filter update (Version: 15.4.3502.0922)

Keyspan USB Serial Adapter (Version: 3.7s)

LabelPrint (Version: 2.0.1826)

Logitech Legacy USB Camera Driver Package

Logitech QuickCam (Version: 11.90.1263)

Logitech QuickCam Driver Package

Magnifier (Version: 2.4)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Malwarebytes Secure Backup (Version: 5.9.1.4720)

Menu Templates - Starter Kit (Version: 9.4.2.0)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Fix it Center (Version: 1.0.0100)

Microsoft Money Essentials (Version: 16)

Microsoft Money Shared Libraries (Version: 16.0.0.705)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)

Microsoft Security Client (Version: 4.3.0215.0)

Microsoft Security Essentials (Version: 4.3.215.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Works (Version: 08.05.0818)

Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)

Move Media Player

Movie Templates - Starter Kit (Version: 9.4.2.0)

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Nero 9 Essentials

Nero BurnRights (Version: 3.4.11.100)

Nero BurnRights Help (Version: 3.4.4.100)

Nero ControlCenter (Version: 9.0.0.1)

Nero CoverDesigner (Version: 4.4.9.100)

Nero CoverDesigner Help (Version: 4.4.9.100)

Nero DiscSpeed (Version: 5.4.11.100)

Nero DiscSpeed Help (Version: 5.4.4.100)

Nero DriveSpeed (Version: 4.4.11.100)

Nero DriveSpeed Help (Version: 4.4.4.100)

Nero Express Help (Version: 9.6.2.101)

Nero InfoTool (Version: 6.4.11.100)

Nero InfoTool Help (Version: 6.4.4.100)

Nero Installer (Version: 4.4.9.0)

Nero Online Upgrade (Version: 1.3.0.0)

Nero ShowTime (Version: 5.4.0.100)

Nero ShowTime (Version: 5.4.13.100)

Nero StartSmart (Version: 9.4.12.100)

Nero StartSmart Help (Version: 9.4.12.100)

Nero Vision (Version: 6.4.12.100)

Nero Vision Help (Version: 6.4.8.100)

NeroExpress (Version: 9.4.17.100)

neroxml (Version: 1.0.0)

Nikon Message Center (Version: 0.92.000)

Nikon Transfer (Version: 1.4.0)

Nitro PDF Reader (Version: 1.4.0.11)

Notepad++ (Version: 5.7)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

Omron Health Management Software (Version: 1.21.0001)

PA095 / PA075 USB2.0 DOCK

Part 2 of 2

PDF reDirect (remove only) (Version: v2.2.8)

Picasa 3 (Version: 3.9)

Picasa Uploader (Version: 0.6)

Power2Go 5.0

Quicken Deluxe 98

Quicken WillMaker Plus 2013 (Version: 1.0.0.0)

QuickTime (Version: 7.74.80.86)

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)

Realtek USB 2.0 Card Reader (Version: )

REALTEK USB Wireless LAN Driver (Version: 1.00.0000)

Secunia PSI (2.0.0.3001)

Segoe UI (Version: 15.4.2271.0615)

Singlesnet (Version: 0.9.2901.0)

Skype Click to Call (Version: 6.12.13601)

Skype™ 6.6 (Version: 6.6.106)

Spare Backup (Version: 3.2)

swMSM (Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 9.1.17.0)

TaxACT 2010

TaxACT 2011 - 1040 Edition

TaxACT 2011 Oregon

TaxACT 2012 - 1040 Edition

TaxACT 2012 Oregon

TomTom HOME (Version: 2.9.6)

TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)

TreeSize

Uniblue DriverScanner 2009 (Version: 2.0.0.1)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WebCopier

WhoCrashed 4.01

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

Yahoo! Messenger

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2006-11-02 03:23 - 2013-10-13 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2FA3FE75-88E8-47DF-98C1-E645EC950EFB} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

Task: {32B77094-D224-4F3E-A9F8-728D40CB4126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {486B0270-4E58-4485-92A6-47D89531603C} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09] (Google)

Task: {4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)

Task: {7FDC9C7F-9363-48C7-9752-037CDE5E2496} - System32\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [2013-08-15] (Malwarebytes Secure Backup)

Task: {81503994-5FEE-4A4B-9C05-3570613B7B80} - System32\Tasks\Online Backup Update Notifier => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe [2013-08-15] (Malwarebytes Secure Backup)

Task: {9731D136-1A55-4F17-868D-6EC853C83902} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: {B57F7104-ED4A-4F13-923C-70788EDC08DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)

Task: {BE97025E-02DA-4C65-8871-BF0BB8B77502} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {C662C99A-7146-4713-80EB-A1758CEFE53C} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {DB490431-69F5-4E1F-9D03-C57377D9FBFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {F9DA845F-DFE8-4849-98FB-AD2F6317DF5C} - System32\Tasks\{2AF0F2B9-1A00-46C8-8428-30E7C4215F9A} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)

Task: {F9F8FA80-A9CB-46F2-B7C9-ECC579CF5798} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe

Task: C:\Windows\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe

Task: C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => c:\users\ralph\appdata\local\google\chrome\application\chrome.exe

 

==================== Loaded Modules (whitelisted) =============

 

2007-05-18 21:59 - 2007-05-18 21:59 - 00356928 _____ () C:\Program Files\Spare Backup\sqlite3.dll

2009-11-03 17:14 - 2009-11-03 17:14 - 00054272 _____ () C:\Program Files\Notepad++\NppShell_01.dll

2013-10-10 12:51 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll

2013-08-15 16:40 - 2013-08-15 16:40 - 00023448 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.SharedEverywhere.dll

2013-08-15 16:40 - 2013-08-15 16:40 - 00030104 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.Contracts.CentralManagement.dll

2013-10-05 11:10 - 2013-10-02 23:03 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll

2013-10-05 11:10 - 2013-10-02 23:03 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll

2013-10-05 11:09 - 2013-10-02 23:02 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

Name: USB Device(VID_1f3a_PID_efe8)

Description: USB Device(VID_1f3a_PID_efe8)

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: USB Devices

Service: usbUDisc

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

 

Context: Windows Application

 

 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

Element not found.   (0x80070490)

 

Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot load the property store information.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

0x%08x (0xc0041800 - The content index cannot be read.  )

 

Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

 

 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot open the Jet property store.

 

 

Details:

The content index cannot be read.   (0xc0041800)

 

Error: (10/14/2013 08:20:47 PM) (Source: ESENT) (User: )

Description: Windows (3396) Windows: Database recovery/restore failed with unexpected error -543.

 

Error: (10/14/2013 08:20:34 PM) (Source: ESENT) (User: )

Description: Windows (3396) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb requires logfiles 14820-14823 in order to recover successfully. Recovery could only locate logfiles up to 14819.

 

Error: (10/14/2013 06:42:49 PM) (Source: EventSystem) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

 

System errors:

=============

Error: (10/15/2013 00:39:36 PM) (Source: ipnathlp) (User: )

Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

 

Error: (10/15/2013 00:37:36 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 12:34:54 PM on 10/15/2013 was unexpected.

 

Error: (10/15/2013 00:16:48 PM) (Source: ipnathlp) (User: )

Description: The ICS_IPV6 failed to configure IPv6 stack.

 

Error: (10/15/2013 00:14:41 PM) (Source: ipnathlp) (User: )

Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

 

Error: (10/15/2013 00:09:33 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 11:59:33 AM on 10/15/2013 was unexpected.

 

Error: (10/15/2013 00:09:01 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

 

Error: (10/15/2013 00:08:57 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

 

Error: (10/15/2013 00:08:54 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

 

Error: (10/15/2013 00:07:24 PM) (Source: iaStor) (User: )

Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

 

Error: (10/15/2013 11:54:06 AM) (Source: ipnathlp) (User: )

Description: The ICS_IPV6 failed to configure IPv6 stack.

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2013-10-15 12:57:31.845

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-15 12:57:31.104

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-15 12:57:30.356

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-15 12:57:29.565

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-15 12:57:28.820

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-15 12:57:28.044

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-15 12:57:27.279

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-15 12:57:26.488

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-13 20:18:55.202

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-13 20:18:54.553

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 66%

Total physical RAM: 2037.69 MB

Available physical RAM: 691.52 MB

Total Pagefile: 4978.93 MB

Available Pagefile: 3396.64 MB

Total Virtual: 2047.88 MB

Available Virtual: 1901.34 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:139.02 GB) (Free:71.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:4.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 02FF13A2)

Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

Thanks

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Step 6:

 

I have fixlist.txt downloaded and stored on my desktop, but where do i find FRST ?

It's not linked, and I don't know how to comply with this step.  

Sorry for my inablity to figure this out..

 

?????

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Step 5:

 

Ran 

 

Results:

 

Windows Search Troubleshooter Publisher details

Issues found

Windows Search does not show any results

Fixed

Reset Windows Search

Succeeded

Issues checked

Windows Search is crashing or failing

Checked

Windows Search does not start and gives an error message

Checked

Issues found Detection details

6

Windows Search does not show any results Fixed

Windows Search does not show any results. Additioanlly, an event ID 7040 is logged in the Windows event log, or Windows Search service is not running.

 

Issues checked Detection details

6

Windows Search is crashing or failing Checked

Windows Search crashes or fails after it has started. Additionally, an event ID 7042, 100, or 1000 is logged in the Windows event log, or the Windows Search service is not running.

 

6

Windows Search does not start and gives an error message Checked

Windows Search does not show any search results and there is an error message on startup. An Event ID 1006 or 3024 is logged in the Windows event log, or Windows Search service is not running.

 

Detection details

Publisher details

[Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)]

Step 4:

 

Here's the output from the Event Log from the latest Chkdsk run on 10/14/2013:

 

Log Name:      Application

Source:        Microsoft-Windows-Wininit

Date:          10/14/2013 8:17:30 PM

Event ID:      1001

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      Ralph-PC

Description:

 

 

Checking file system on C:

The type of the file system is NTFS.

 

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.                         

  318912 file records processed.                                  

 

  1522 large file records processed.                            

 

  0 bad file records processed.                              

 

  0 EA records processed.                                    

 

  68 reparse records processed.                               

 

Unable to locate the file name attribute of index entry wmplayer.exe

of index $I30 with parent 0xcb in file 0x3688f.

Deleting index entry wmplayer.exe in index $I30 of file 203.

Unable to locate the file name attribute of index entry inetpp.dll

of index $I30 with parent 0x5b3 in file 0x30fc9.

Deleting index entry inetpp.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskeng.exe

of index $I30 with parent 0x5b3 in file 0x36e5b.

Deleting index entry taskeng.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskmgr.exe

of index $I30 with parent 0x5b3 in file 0x200cc.

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry wer.dll

of index $I30 with parent 0x5b3 in file 0x30de1.

Deleting index entry wer.dll in index $I30 of file 1459.

  391012 index entries processed.                                 

 

CHKDSK is recovering lost files.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file MSS039CF.log (157781) into directory file 11512.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

  6 unindexed files processed.                               

 

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

  318912 security descriptors processed.                          

 

Cleaning up 197 unused index entries from index $SII of file 0x9.

Cleaning up 197 unused index entries from index $SDH of file 0x9.

Cleaning up 197 unused security descriptors.

  36051 data files processed.                                    

 

CHKDSK is verifying Usn Journal...

  34009176 USN bytes processed.                                     

 

Usn Journal verification completed.

Correcting errors in the master file table's (MFT) BITMAP attribute.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 145773809 KB total disk space.

  70600140 KB in 263367 files.

    145892 KB in 36052 indexes.

        60 KB in bad sectors.

    436765 KB in use by the system.

     65536 KB occupied by the log file.

  74590952 KB available on disk.

 

      4096 bytes in each allocation unit.

  36443452 total allocation units on disk.

  18647738 allocation units available on disk.

 

Internal Info:

c0 dd 04 00 a7 91 04 00 af d8 07 00 00 00 00 00  ................

ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........

48 01 2d 00 48 01 2d 00 02 00 00 02 58 7a 2e 00  H.-.H.-.....Xz..

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

 

Checking file system on C:

The type of the file system is NTFS.

 

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.                         

  318912 file records processed.                                  

 

  1524 large file records processed.                            

 

  0 bad file records processed.                              

 

  0 EA records processed.                                    

 

  68 reparse records processed.                               

 

Unable to locate the file name attribute of index entry wmplayer.exe

of index $I30 with parent 0xcb in file 0x3688f.

Deleting index entry wmplayer.exe in index $I30 of file 203.

Unable to locate the file name attribute of index entry inetpp.dll

of index $I30 with parent 0x5b3 in file 0x30fc9.

Deleting index entry inetpp.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskeng.exe

of index $I30 with parent 0x5b3 in file 0x36e5b.

Deleting index entry taskeng.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskmgr.exe

of index $I30 with parent 0x5b3 in file 0x200cc.

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry wer.dll

of index $I30 with parent 0x5b3 in file 0x30de1.

Deleting index entry wer.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry SECURITY

of index $I30 with parent 0x5c8 in file 0x1a4.

Deleting index entry SECURITY in index $I30 of file 1480.

Unable to locate the file name attribute of index entry MSS.log

of index $I30 with parent 0x2cf8 in file 0x2c56.

Deleting index entry MSS.log in index $I30 of file 11512.

Unable to locate the file name attribute of index entry MSS039E3.log

of index $I30 with parent 0x2cf8 in file 0x10f86.

Deleting index entry MSS039E3.log in index $I30 of file 11512.

Unable to locate the file name attribute of index entry MSS039E4.log

of index $I30 with parent 0x2cf8 in file 0x109e3.

Deleting index entry MSS039E4.log in index $I30 of file 11512.

Index entry MSStmp.log of index $I30 in file 0x2cf8 points to unused file 0x9c6c.

Deleting index entry MSStmp.log in index $I30 of file 11512.

Index entry SystemIndex.Ntfy78.gthr of index $I30 in file 0x3a03 points to unused file 0x9dca.

Deleting index entry SystemIndex.Ntfy78.gthr in index $I30 of file 14851.

Index entry SYSTEM~2.GT~ of index $I30 in file 0x3a03 points to unused file 0x9dca.

Deleting index entry SYSTEM~2.GT~ in index $I30 of file 14851.

The file reference 0x4c000000009715 of index entry tmp.edb of index $I30

with parent 0x8d9e is not the same as 0x49000000009715.

Deleting index entry tmp.edb in index $I30 of file 36254.

  391014 index entries processed.                                 

 

CHKDSK is recovering lost files.

Recovering orphaned file MSS039E5.log (11350) into directory file 11512.

Recovering orphaned file TMP000~2 (38677) into directory file 30146.

Recovering orphaned file TMP00000012E015BD0DB4A6549B (38677) into directory file 30146.

Recovering orphaned file tmp.edb (66676) into directory file 36254.

Recovering orphaned file MSS039E1.log (67333) into directory file 11512.

Recovering orphaned file MSS039DF.log (68067) into directory file 11512.

Recovering orphaned file MSS039E2.log (69321) into directory file 11512.

Recovering orphaned file MSS.log (69510) into directory file 11512.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

  13 unindexed files processed.                               

 

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

  318912 security descriptors processed.                          

 

Cleaning up 8 unused index entries from index $SII of file 0x9.

Cleaning up 8 unused index entries from index $SDH of file 0x9.

Cleaning up 8 unused security descriptors.

  36052 data files processed.                                    

 

CHKDSK is verifying Usn Journal...

The remaining of an USN page at offset 0xa71e9fc78 in file 0x8d70

should be filled with zeros.

The USN Journal entry at offset 0xa71ea0000 and length 0x9c452ba4 crosses

the page boundary.

The USN Journal entry at offset 0xa71ea1000 and length 0xa8b6 crosses

the page boundary.

The USN Journal entry at offset 0xa71ea2000 and length 0x8b01087d crosses

the page boundary.

Repairing Usn Journal file record segment.

  35083048 USN bytes processed.                                     

 

Usn Journal verification completed.

Correcting errors in the master file table's (MFT) BITMAP attribute.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 145773809 KB total disk space.

  70573116 KB in 263098 files.

    145836 KB in 36054 indexes.

        60 KB in bad sectors.

    437793 KB in use by the system.

     65536 KB occupied by the log file.

  74617004 KB available on disk.

 

      4096 bytes in each allocation unit.

  36443452 total allocation units on disk.

  18654251 allocation units available on disk.

 

Internal Info:

c0 dd 04 00 9b 90 04 00 b3 d7 07 00 00 00 00 00  ................

ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........

48 01 2f 00 48 01 2f 00 02 00 00 02 58 7a 30 00  H./.H./.....Xz0.

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

    <EventID Qualifiers="16384">1001</EventID>

    <Version>0</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2013-10-15T03:17:30.000Z" />

    <EventRecordID>141231</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>Application</Channel>

    <Computer>Ralph-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

 

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.                         

  318912 file records processed.                                  

 

  1522 large file records processed.                            

 

  0 bad file records processed.                              

 

  0 EA records processed.                                    

 

  68 reparse records processed.                               

 

Unable to locate the file name attribute of index entry wmplayer.exe

of index $I30 with parent 0xcb in file 0x3688f.

Deleting index entry wmplayer.exe in index $I30 of file 203.

Unable to locate the file name attribute of index entry inetpp.dll

of index $I30 with parent 0x5b3 in file 0x30fc9.

Deleting index entry inetpp.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskeng.exe

of index $I30 with parent 0x5b3 in file 0x36e5b.

Deleting index entry taskeng.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskmgr.exe

of index $I30 with parent 0x5b3 in file 0x200cc.

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry wer.dll

of index $I30 with parent 0x5b3 in file 0x30de1.

Deleting index entry wer.dll in index $I30 of file 1459.

  391012 index entries processed.                                 

 

CHKDSK is recovering lost files.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file MSS039CF.log (157781) into directory file 11512.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

  6 unindexed files processed.                               

 

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

  318912 security descriptors processed.                          

 

Cleaning up 197 unused index entries from index $SII of file 0x9.

Cleaning up 197 unused index entries from index $SDH of file 0x9.

Cleaning up 197 unused security descriptors.

  36051 data files processed.                                    

 

CHKDSK is verifying Usn Journal...

  34009176 USN bytes processed.                                     

 

Usn Journal verification completed.

Correcting errors in the master file table's (MFT) BITMAP attribute.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 145773809 KB total disk space.

  70600140 KB in 263367 files.

    145892 KB in 36052 indexes.

        60 KB in bad sectors.

    436765 KB in use by the system.

     65536 KB occupied by the log file.

  74590952 KB available on disk.

 

      4096 bytes in each allocation unit.

  36443452 total allocation units on disk.

  18647738 allocation units available on disk.

 

Internal Info:

c0 dd 04 00 a7 91 04 00 af d8 07 00 00 00 00 00  ................

ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........

48 01 2d 00 48 01 2d 00 02 00 00 02 58 7a 2e 00  H.-.H.-.....Xz..

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

 

Checking file system on C:

The type of the file system is NTFS.

 

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.                         

  318912 file records processed.                                  

 

  1524 large file records processed.                            

 

  0 bad file records processed.                              

 

  0 EA records processed.                                    

 

  68 reparse records processed.                               

 

Unable to locate the file name attribute of index entry wmplayer.exe

of index $I30 with parent 0xcb in file 0x3688f.

Deleting index entry wmplayer.exe in index $I30 of file 203.

Unable to locate the file name attribute of index entry inetpp.dll

of index $I30 with parent 0x5b3 in file 0x30fc9.

Deleting index entry inetpp.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskeng.exe

of index $I30 with parent 0x5b3 in file 0x36e5b.

Deleting index entry taskeng.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry taskmgr.exe

of index $I30 with parent 0x5b3 in file 0x200cc.

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Unable to locate the file name attribute of index entry wer.dll

of index $I30 with parent 0x5b3 in file 0x30de1.

Deleting index entry wer.dll in index $I30 of file 1459.

Unable to locate the file name attribute of index entry SECURITY

of index $I30 with parent 0x5c8 in file 0x1a4.

Deleting index entry SECURITY in index $I30 of file 1480.

Unable to locate the file name attribute of index entry MSS.log

of index $I30 with parent 0x2cf8 in file 0x2c56.

Deleting index entry MSS.log in index $I30 of file 11512.

Unable to locate the file name attribute of index entry MSS039E3.log

of index $I30 with parent 0x2cf8 in file 0x10f86.

Deleting index entry MSS039E3.log in index $I30 of file 11512.

Unable to locate the file name attribute of index entry MSS039E4.log

of index $I30 with parent 0x2cf8 in file 0x109e3.

Deleting index entry MSS039E4.log in index $I30 of file 11512.

Index entry MSStmp.log of index $I30 in file 0x2cf8 points to unused file 0x9c6c.

Deleting index entry MSStmp.log in index $I30 of file 11512.

Index entry SystemIndex.Ntfy78.gthr of index $I30 in file 0x3a03 points to unused file 0x9dca.

Deleting index entry SystemIndex.Ntfy78.gthr in index $I30 of file 14851.

Index entry SYSTEM~2.GT~ of index $I30 in file 0x3a03 points to unused file 0x9dca.

Deleting index entry SYSTEM~2.GT~ in index $I30 of file 14851.

The file reference 0x4c000000009715 of index entry tmp.edb of index $I30

with parent 0x8d9e is not the same as 0x49000000009715.

Deleting index entry tmp.edb in index $I30 of file 36254.

  391014 index entries processed.                                 

 

CHKDSK is recovering lost files.

Recovering orphaned file MSS039E5.log (11350) into directory file 11512.

Recovering orphaned file TMP000~2 (38677) into directory file 30146.

Recovering orphaned file TMP00000012E015BD0DB4A6549B (38677) into directory file 30146.

Recovering orphaned file tmp.edb (66676) into directory file 36254.

Recovering orphaned file MSS039E1.log (67333) into directory file 11512.

Recovering orphaned file MSS039DF.log (68067) into directory file 11512.

Recovering orphaned file MSS039E2.log (69321) into directory file 11512.

Recovering orphaned file MSS.log (69510) into directory file 11512.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

  13 unindexed files processed.                               

 

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

  318912 security descriptors processed.                          

 

Cleaning up 8 unused index entries from index $SII of file 0x9.

Cleaning up 8 unused index entries from index $SDH of file 0x9.

Cleaning up 8 unused security descriptors.

  36052 data files processed.                                    

 

CHKDSK is verifying Usn Journal...

The remaining of an USN page at offset 0xa71e9fc78 in file 0x8d70

should be filled with zeros.

The USN Journal entry at offset 0xa71ea0000 and length 0x9c452ba4 crosses

the page boundary.

The USN Journal entry at offset 0xa71ea1000 and length 0xa8b6 crosses

the page boundary.

The USN Journal entry at offset 0xa71ea2000 and length 0x8b01087d crosses

the page boundary.

Repairing Usn Journal file record segment.

  35083048 USN bytes processed.                                     

 

Usn Journal verification completed.

Correcting errors in the master file table's (MFT) BITMAP attribute.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 145773809 KB total disk space.

  70573116 KB in 263098 files.

    145836 KB in 36054 indexes.

        60 KB in bad sectors.

    437793 KB in use by the system.

     65536 KB occupied by the log file.

  74617004 KB available on disk.

 

      4096 bytes in each allocation unit.

  36443452 total allocation units on disk.

  18654251 allocation units available on disk.

 

Internal Info:

c0 dd 04 00 9b 90 04 00 b3 d7 07 00 00 00 00 00  ................

ea 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00  .|..D...........

48 01 2f 00 48 01 2f 00 02 00 00 02 58 7a 30 00  H./.H./.....Xz0.

 

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

  </EventData>

</Event>