Jump to content

Multiple Crashes, Freezes, Unable to read Minidumps (settings changed by malware?)


Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Here is an interesting article on a similar issue.  You might want to read this and see if you're able to correct your CHKDSK issue using this method.

chkdsk finds errors but won't correct them despite repeated runs
 

Link to post
Share on other sites

I already ran Farber Recovery Scan Tool back on October 15 per your instructions Step 07.

 

I'll repost the outputs here:

 

Here's the output from FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Ralph (administrator) on RALPH-PC on 15-10-2013 12:54:59
Running from C:\Users\Ralph\Desktop\Deskwork
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [sOSUAUI] - C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55192 2013-08-15] (Malwarebytes Secure Backup)
HKLM\...\Run: [sMessaging] - C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [64408 2013-08-15] (Malwarebytes Secure Backup)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU\Guest\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)
HKU\Guest\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\Guest\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\HOMERunner.exe [ 2008-05-06] (TomTom)
HKU\Guest\...\Run: [sandboxieControl] - "C:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\Guest\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [ 2012-03-08] (Microsoft Corporation)
HKU\Guest\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2009-01-08] (Yahoo! Inc.)
HKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2008-01-19] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {18CCE993-B9CC-4922-881F-F5EE68634486} URL = http://windowssecrets.com/search/?q={searchTerms}&advSAN=1
SearchScopes: HKCU - {54B22D32-7CA4-4CC1-8B88-BBAFBA652252} URL = http://windowssecrets.com/search/?q={searchTerms}&advWS=1
SearchScopes: HKCU - {E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} URL = http://windowssecrets.com/sitesearch/?cx=017937947691920082874%3A_ilcm6kdy_y&cof=FORID%3A11&q={searchTerms}
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 64.91.3.46
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (Screenshot) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk\0.2.4_0
CHR Extension: (YouTube) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0
CHR Extension: (Google Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Search by Image (by Google)) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (PDFescape Free PDF Editor) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.3_0
CHR Extension: (RevEye Reverse Image Search) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf\1.4.2_0
CHR Extension: (Skype Click to Call) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_1
CHR Extension: (Explain and Send Screenshots) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin\6.7.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Hover Zoom) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0
CHR Extension: (Gmail) - C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
========================== Services (Whitelisted) =================
 
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S2 gupdate1c90e025ce8c3d3; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-02-05] (Google Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [196912 2011-01-28] (Nitro PDF Software)
R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [39832 2013-08-15] (Malwarebytes Secure Backup)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-22] (AVG Technologies)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-02] (Intel Corporation)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-10-13] ()
S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp.sys [23296 2004-05-05] (Magic Control Technology Corp.)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19H2k.sys [704000 2007-10-30] (Keyspan)
S3 USA19H2KP; C:\Windows\System32\DRIVERS\USA19H2kp.SYS [24192 2007-05-29] (Keyspan)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2012-08-27] (Scott)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Ralph\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKslbfa56867; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F98F3FE3-F826-4ADA-B044-C0F0486CA9C4}\MpKslbfa56867.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST
2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe
2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.011
2013-10-14 11:04 - 2013-10-14 11:23 - 00000000 ____D C:\AdwCleaner
2013-10-14 11:00 - 2013-10-14 11:01 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe
2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT
2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe
2013-10-13 20:03 - 2013-10-13 20:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-13 19:58 - 2013-10-13 20:52 - 00000000 ____D C:\Users\Ralph\Desktop\mbar
2013-10-13 19:49 - 2013-10-13 19:50 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe
2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f2
2013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt
2013-10-13 15:54 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-13 15:54 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-13 15:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-13 15:54 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-13 15:46 - 2013-10-13 16:14 - 00000000 ____D C:\Qoobox
2013-10-13 15:30 - 2013-10-13 15:27 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe
2013-10-13 15:26 - 2013-10-13 15:27 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe
2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys
2013-10-13 11:32 - 2013-10-13 16:13 - 00000000 ____D C:\Windows\ERDNT
2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk
2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT
2013-10-13 11:19 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe
2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe
2013-10-13 11:16 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Desktop\erunt-setup.exe
2013-10-13 11:14 - 2013-10-13 11:15 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Downloads\erunt-setup.exe
2013-10-13 11:09 - 2013-10-14 16:15 - 00000041 _____ C:\Windows\Filzip.ini
2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe
2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp
2013-10-12 10:04 - 2013-10-12 10:05 - 00000000 ____D C:\d37cb711f4669170007b7c06
2013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp
2013-10-11 13:17 - 2013-10-11 13:18 - 00000000 ____D C:\c0064fe9fba931b6ef
2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp
2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca470
2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a992865799
2013-10-11 10:50 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 10:50 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 10:50 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 10:50 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-11 10:50 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 10:50 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 10:50 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-11 10:50 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 10:50 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-11 10:50 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 10:50 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-11 10:50 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 10:50 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 10:50 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 10:50 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-11 10:50 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp
2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP
2013-10-10 12:51 - 2013-10-10 13:00 - 00000000 ____D C:\Program Files\Filzip
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk
2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel                                               ) C:\Users\Ralph\Downloads\fz306.exe
2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce4
2013-10-09 21:38 - 2013-08-29 00:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 21:38 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 21:38 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 21:38 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 21:38 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 21:38 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 21:38 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 21:38 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 21:38 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 21:38 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 21:38 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 21:38 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 21:38 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 21:37 - 2013-07-12 02:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 21:37 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 21:37 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 21:37 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 21:37 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 21:37 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 21:37 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 21:37 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 21:33 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 21:33 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 21:32 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 21:32 - 2013-07-02 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 21:32 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml
2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe
2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.010
2013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.009
2013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-03 11:44 - 2013-10-03 11:45 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 16:23 - 2013-10-02 16:26 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv
2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv
2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx
2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url
2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET
2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe
2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt
2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt
2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe
2013-09-24 10:59 - 2013-10-15 12:52 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork
2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com
2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.008
2013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.007
2013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp
2013-09-16 09:58 - 2013-09-16 10:00 - 15380128 _____ (Malwarebytes Corporation                                     ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe
 
==================== One Month Modified Files and Folders =======
 
2013-10-15 12:54 - 2013-10-15 12:54 - 00000000 ____D C:\FRST
2013-10-15 12:53 - 2013-02-05 15:20 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 12:52 - 2013-09-24 10:59 - 00000000 ____D C:\Users\Ralph\Desktop\Deskwork
2013-10-15 12:48 - 2013-10-15 12:48 - 01087213 _____ (Farbar) C:\Users\Ralph\Downloads\FRST.exe
2013-10-15 12:48 - 2013-08-01 09:10 - 00000466 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-10-15 12:45 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-15 12:42 - 2008-05-09 12:19 - 01371181 _____ C:\Windows\WindowsUpdate.log
2013-10-15 12:39 - 2010-11-20 19:02 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-15 12:37 - 2013-02-05 15:20 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-15 12:37 - 2013-01-30 11:44 - 00174002 _____ C:\Windows\PFRO.log
2013-10-15 12:37 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 12:37 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 12:26 - 2009-10-02 13:14 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job
2013-10-15 12:15 - 2013-02-14 02:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 10:15 - 2009-03-25 20:05 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-10-14 23:57 - 2006-11-02 06:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-14 20:23 - 2013-02-27 23:56 - 00000000 ____D C:\ProgramData\HP
2013-10-14 20:23 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\twain_32
2013-10-14 20:17 - 2013-01-28 12:26 - 00000000 ____D C:\Users\Ralph\AppData\Local\LogMeIn Rescue Applet
2013-10-14 16:15 - 2013-10-13 11:09 - 00000041 _____ C:\Windows\Filzip.ini
2013-10-14 15:57 - 2013-10-14 15:57 - 00000000 __SHD C:\found.011
2013-10-14 11:23 - 2013-10-14 11:04 - 00000000 ____D C:\AdwCleaner
2013-10-14 11:01 - 2013-10-14 11:00 - 01048960 _____ C:\Users\Ralph\Downloads\AdwCleaner.exe
2013-10-13 22:00 - 2013-10-13 22:00 - 00000000 ____D C:\Windows\ERUNT
2013-10-13 21:50 - 2013-10-13 21:50 - 01032220 _____ (Thisisu) C:\Users\Ralph\Downloads\JRT.exe
2013-10-13 20:52 - 2013-10-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-13 20:52 - 2013-10-13 19:58 - 00000000 ____D C:\Users\Ralph\Desktop\mbar
2013-10-13 20:01 - 2013-10-13 20:01 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-13 19:50 - 2013-10-13 19:49 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ralph\Downloads\mbar-1.07.0.1007.exe
2013-10-13 18:36 - 2008-05-09 12:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 17:52 - 2008-08-25 13:50 - 00073408 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-13 17:51 - 2009-05-22 16:45 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2013-10-13 17:49 - 2008-08-25 13:49 - 00000909 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-13 17:11 - 2006-11-02 03:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 17:00 - 2013-10-13 17:00 - 00000000 ____D C:\32a037ba1f0a3e5ea168f2
2013-10-13 16:14 - 2013-10-13 16:14 - 00015529 _____ C:\ComboFix.txt
2013-10-13 16:14 - 2013-10-13 15:46 - 00000000 ____D C:\Qoobox
2013-10-13 16:14 - 2006-11-02 04:18 - 00000000 ___RD C:\Users\Public
2013-10-13 16:13 - 2013-10-13 11:32 - 00000000 ____D C:\Windows\ERDNT
2013-10-13 16:11 - 2006-11-02 03:23 - 00000215 _____ C:\Windows\system.ini
2013-10-13 15:27 - 2013-10-13 15:30 - 05132614 ____R (Swearware) C:\Users\Ralph\Desktop\ComboFix.exe
2013-10-13 15:27 - 2013-10-13 15:26 - 05132614 _____ (Swearware) C:\Users\Ralph\Downloads\ComboFix.exe
2013-10-13 11:37 - 2013-10-13 11:37 - 00026624 _____ C:\Windows\system32\TrueSight.sys
2013-10-13 11:29 - 2013-10-13 11:29 - 00000693 _____ C:\Users\Ralph\Desktop\NTREGOPT.lnk
2013-10-13 11:29 - 2013-10-13 11:29 - 00000000 ____D C:\Program Files\ERUNT
2013-10-13 11:18 - 2013-10-13 11:19 - 00951296 _____ C:\Users\Ralph\Desktop\RogueKiller.exe
2013-10-13 11:18 - 2013-10-13 11:18 - 00951296 _____ C:\Users\Ralph\Downloads\RogueKiller.exe
2013-10-13 11:15 - 2013-10-13 11:16 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Desktop\erunt-setup.exe
2013-10-13 11:15 - 2013-10-13 11:14 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Ralph\Downloads\erunt-setup.exe
2013-10-13 11:08 - 2013-10-13 11:08 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Ralph\Downloads\rkill.exe
2013-10-12 22:39 - 2013-10-12 22:39 - 00143360 _____ C:\Windows\Minidump\Mini101213-01.dmp
2013-10-12 22:39 - 2013-01-31 01:02 - 194652536 _____ C:\Windows\MEMORY.DMP
2013-10-12 22:39 - 2011-11-24 09:32 - 00000000 ____D C:\Windows\Minidump
2013-10-12 10:06 - 2013-07-14 12:21 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 10:05 - 2013-10-12 10:04 - 00000000 ____D C:\d37cb711f4669170007b7c06
2013-10-12 10:05 - 2006-11-02 03:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-11 13:24 - 2013-10-11 13:24 - 00143360 _____ C:\Windows\Minidump\Mini101113-03.dmp
2013-10-11 13:18 - 2013-10-11 13:17 - 00000000 ____D C:\c0064fe9fba931b6ef
2013-10-11 13:06 - 2006-11-02 05:47 - 00301032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 12:17 - 2013-10-11 12:17 - 00143360 _____ C:\Windows\Minidump\Mini101113-02.dmp
2013-10-11 11:33 - 2013-10-11 11:33 - 00000000 ____D C:\cae8e13b0f4073a46ca470
2013-10-11 11:19 - 2008-09-11 13:49 - 00027412 _____ C:\Windows\system32\lvcoinst.log
2013-10-11 11:18 - 2008-09-11 13:28 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-10-11 11:14 - 2009-06-12 10:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 ____D C:\2f4fe8f68cccaeb0c81653a992865799
2013-10-11 10:27 - 2013-10-11 10:27 - 00143360 _____ C:\Windows\Minidump\Mini101113-01.dmp
2013-10-10 13:14 - 2013-10-10 13:14 - 00000022 _____ C:\Users\Ralph\DumpFiles.ZIP
2013-10-10 13:14 - 2008-07-31 14:52 - 00000000 ____D C:\Users\Ralph
2013-10-10 13:00 - 2013-10-10 12:51 - 00000000 ____D C:\Program Files\Filzip
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Public\Desktop\Filzip.lnk
2013-10-10 12:51 - 2013-10-10 12:51 - 00001546 _____ C:\Users\Guest\Desktop\Filzip.lnk
2013-10-10 12:47 - 2013-10-10 12:47 - 01325557 _____ (Philipp Engel                                               ) C:\Users\Ralph\Downloads\fz306.exe
2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 ____D C:\7072a0582fb67f1ce4
2013-10-09 15:58 - 2013-10-09 15:58 - 00289780 _____ C:\Users\Ralph\Downloads\1261771686-19849-207.118.64.47 (16).kml
2013-10-09 14:26 - 2009-10-02 13:14 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job
2013-10-09 12:46 - 2013-01-31 11:15 - 00000000 ____D C:\Program Files\WhoCrashed
2013-10-09 12:17 - 2012-09-20 08:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 12:17 - 2011-07-05 12:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 11:36 - 2013-10-09 11:36 - 00760937 _____ (Farbar) C:\Users\Ralph\Downloads\MiniToolBox.exe
2013-10-08 16:52 - 2013-10-08 16:52 - 00000000 ____D C:\found.010
2013-10-08 13:04 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-08 10:42 - 2008-09-03 10:51 - 00006648 _____ C:\Users\Ralph\AppData\Local\d3d9caps.dat
2013-10-08 02:51 - 2013-10-08 02:51 - 00000000 ____D C:\found.009
2013-10-07 11:57 - 2011-03-17 15:16 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Nitro PDF
2013-10-06 09:58 - 2013-10-06 09:58 - 00143360 _____ C:\Windows\Minidump\Mini100613-01.dmp
2013-10-05 11:10 - 2013-02-05 15:23 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-03 15:36 - 2008-08-07 12:00 - 00000000 ____D C:\Users\Ralph\AppData\Roaming\Skype
2013-10-03 11:45 - 2013-10-03 11:44 - 00143360 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 16:26 - 2013-10-02 16:23 - 36773799 _____ C:\Users\Ralph\Downloads\charmedsamp.wmv
2013-10-02 16:13 - 2013-10-02 16:13 - 01425123 _____ C:\Users\Ralph\Downloads\18022011 caddie_bruyant1.wmv
2013-10-02 12:40 - 2013-10-02 12:40 - 00118149 _____ C:\Users\Ralph\Downloads\wmpChrome (1).crx
2013-10-01 22:06 - 2013-08-01 09:46 - 00000506 _____ C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job
2013-10-01 19:45 - 2013-08-01 09:08 - 00001880 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-09-29 19:12 - 2010-10-26 13:01 - 00000000 ____D C:\Users\Ralph\Documents\My Kindle Content
2013-09-29 14:25 - 2013-09-29 14:25 - 00000075 _____ C:\Users\Ralph\Desktop\#9842 Alena 24, 170cm, 55kg.url
2013-09-27 21:43 - 2013-09-27 21:43 - 00143360 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-27 12:04 - 2009-02-01 21:28 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2013-09-27 10:18 - 2009-10-01 13:15 - 00000000 ___RD C:\Program Files\Skype
2013-09-26 17:25 - 2012-06-04 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-26 12:43 - 2013-09-26 12:43 - 00143360 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 14:08 - 2013-09-25 14:08 - 00000000 ____D C:\Program Files\ESET
2013-09-25 14:04 - 2013-09-25 14:04 - 02347384 _____ (ESET) C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe
2013-09-24 15:26 - 2013-09-24 15:26 - 00018160 _____ C:\Users\Ralph\Downloads\attach.txt
2013-09-24 13:58 - 2013-09-24 13:58 - 00001084 _____ C:\Users\Ralph\Documents\ark.txt
2013-09-24 12:09 - 2013-09-24 12:09 - 00377856 _____ C:\Users\Ralph\Downloads\6d4nnzwk.exe
2013-09-24 10:47 - 2013-09-24 10:47 - 00688992 _____ (Swearware) C:\Users\Ralph\Downloads\dds (1).com
2013-09-24 10:26 - 2013-09-24 10:26 - 00143360 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 11:13 - 2013-09-23 11:13 - 00000000 ____D C:\found.008
2013-09-23 01:13 - 2013-09-23 01:13 - 00000000 ____D C:\found.007
2013-09-22 03:29 - 2013-10-11 10:50 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 03:22 - 2013-10-11 10:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 03:22 - 2013-10-11 10:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 03:14 - 2013-10-11 10:50 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 03:13 - 2013-10-11 10:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 03:13 - 2013-10-11 10:50 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 03:12 - 2013-10-11 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 03:09 - 2013-10-11 10:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 03:08 - 2013-10-11 10:50 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 03:07 - 2013-10-11 10:50 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 03:06 - 2013-10-11 10:50 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 03:05 - 2013-10-11 10:50 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 03:03 - 2013-10-11 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 03:03 - 2013-10-11 10:50 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 03:03 - 2013-10-11 10:50 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 02:59 - 2013-10-11 10:50 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-21 10:05 - 2013-09-21 10:05 - 00143360 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 21:53 - 2013-09-20 21:53 - 00143360 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 13:27 - 2013-09-20 13:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 10:27 - 2013-09-20 10:27 - 00143360 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 16:56 - 2013-09-19 16:56 - 00143360 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-18 15:50 - 2008-08-01 17:00 - 00000000 ____D C:\AmiPro
2013-09-17 20:24 - 2013-08-01 09:08 - 00000000 ____D C:\Program Files\Malwarebytes Secure Backup
2013-09-17 18:37 - 2013-09-17 18:37 - 00143360 _____ C:\Windows\Minidump\Mini091713-01.dmp
2013-09-16 10:04 - 2009-10-07 18:45 - 00000000 ____D C:\Windows\Downloaded Installations
2013-09-16 10:00 - 2013-09-16 09:58 - 15380128 _____ (Malwarebytes Corporation                                     ) C:\Users\Ralph\Downloads\mbsb-setup-1.2.0.0010.exe
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job
 
 
Some content of TEMP:
====================
C:\Users\Ralph\AppData\Local\temp\Quarantine.exe
C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-15 12:45
 
==================== End Of Log ============================
 
And here's the Additions.txt from the 15th
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Ralph at 2013-10-15 12:58:25
Running from C:\Users\Ralph\Desktop\Deskwork
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advertising Center (Version: 0.0.0.1)
AFPL Ghostscript 7.03
AFPL Ghostscript Fonts
Agere Systems HDA Modem
Amazon Kindle
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon MP3 Uploader (Version: 1.0.8)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 4
ArcSoft PhotoStudio 5.5
CAM UnZip 4.42
Canon CanoScan LiDE 100 User Registration
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon Inkjet Printer Driver Add-On Module
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon MP Navigator EX 2.0
Canon PIXMA iP3000
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Easy-PhotoPrint
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CanoScan LiDE 100 Scanner Driver
CCleaner (Version: 4.04)
CDBurnerXP (Version: 4.3.7.2423)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.15)
DolbyFiles (Version: 0.1)
EasyCleaner (Version: 2.0.6.380)
Elevated Installer (Version: 2.2.21)
ERUNT 1.1j
ESET Online Scanner v3
Family Tree Maker
File Uploader (Version: 1.2.0)
Filzip 3.06 (Version: 3.0.6)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.2.21)
Garmin Express Tray (Version: 2.2.21)
Garmin Update Service (Version: 2.2.21)
Garmin USB Drivers (Version: 2.3.0.0)
Gateway Connect (Version: 1.1.0)
Gateway Recovery Center Installer (Version: 1.01.031)
Google Chrome (Version: 30.0.1599.69)
Google Earth (Version: 6.2.2.6613)
GSview 4.1
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photosmart 6520 series Help (Version: 28.0.0)
HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)
HPDiagnosticAlert (Version: 1.00.0000)
IDT Audio (Version: 5.10.5303.0)
ImagXpress (Version: 7.0.74.0)
IMM4 VCM Codec 1.0.0.10
Inkjet Printer/Scanner Extended Survey Program
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (Version: 7.0.250)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Keyspan USB Serial Adapter (Version: 3.7s)
LabelPrint (Version: 2.0.1826)
Logitech Legacy USB Camera Driver Package
Logitech QuickCam (Version: 11.90.1263)
Logitech QuickCam Driver Package
Magnifier (Version: 2.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Malwarebytes Secure Backup (Version: 5.9.1.4720)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)
Move Media Player
Movie Templates - Starter Kit (Version: 9.4.2.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.11.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.9.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.11.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.11.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.0.100)
Nero ShowTime (Version: 5.4.13.100)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero Vision (Version: 6.4.12.100)
Nero Vision Help (Version: 6.4.8.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.4.0)
Nitro PDF Reader (Version: 1.4.0.11)
Notepad++ (Version: 5.7)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Omron Health Management Software (Version: 1.21.0001)
PA095 / PA075 USB2.0 DOCK
Part 2 of 2
PDF reDirect (remove only) (Version: v2.2.8)
Picasa 3 (Version: 3.9)
Picasa Uploader (Version: 0.6)
Power2Go 5.0
Quicken Deluxe 98
Quicken WillMaker Plus 2013 (Version: 1.0.0.0)
QuickTime (Version: 7.74.80.86)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
REALTEK USB Wireless LAN Driver (Version: 1.00.0000)
Secunia PSI (2.0.0.3001)
Segoe UI (Version: 15.4.2271.0615)
Singlesnet (Version: 0.9.2901.0)
Skype Click to Call (Version: 6.12.13601)
Skype™ 6.6 (Version: 6.6.106)
Spare Backup (Version: 3.2)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 9.1.17.0)
TaxACT 2010
TaxACT 2011 - 1040 Edition
TaxACT 2011 Oregon
TaxACT 2012 - 1040 Edition
TaxACT 2012 Oregon
TomTom HOME (Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
TreeSize
Uniblue DriverScanner 2009 (Version: 2.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebCopier
WhoCrashed 4.01
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Messenger
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2006-11-02 03:23 - 2013-10-13 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FA3FE75-88E8-47DF-98C1-E645EC950EFB} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {32B77094-D224-4F3E-A9F8-728D40CB4126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {486B0270-4E58-4485-92A6-47D89531603C} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09] (Google)
Task: {4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)
Task: {7FDC9C7F-9363-48C7-9752-037CDE5E2496} - System32\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [2013-08-15] (Malwarebytes Secure Backup)
Task: {81503994-5FEE-4A4B-9C05-3570613B7B80} - System32\Tasks\Online Backup Update Notifier => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe [2013-08-15] (Malwarebytes Secure Backup)
Task: {9731D136-1A55-4F17-868D-6EC853C83902} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B57F7104-ED4A-4F13-923C-70788EDC08DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {BE97025E-02DA-4C65-8871-BF0BB8B77502} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {C662C99A-7146-4713-80EB-A1758CEFE53C} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DB490431-69F5-4E1F-9D03-C57377D9FBFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F9DA845F-DFE8-4849-98FB-AD2F6317DF5C} - System32\Tasks\{2AF0F2B9-1A00-46C8-8428-30E7C4215F9A} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {F9F8FA80-A9CB-46F2-B7C9-ECC579CF5798} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Secure Backup - ralphyde@centurytel.net.job => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe
Task: C:\Windows\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe
Task: C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => c:\users\ralph\appdata\local\google\chrome\application\chrome.exe
 
==================== Loaded Modules (whitelisted) =============
 
2007-05-18 21:59 - 2007-05-18 21:59 - 00356928 _____ () C:\Program Files\Spare Backup\sqlite3.dll
2009-11-03 17:14 - 2009-11-03 17:14 - 00054272 _____ () C:\Program Files\Notepad++\NppShell_01.dll
2013-10-10 12:51 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2013-08-15 16:40 - 2013-08-15 16:40 - 00023448 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.SharedEverywhere.dll
2013-08-15 16:40 - 2013-08-15 16:40 - 00030104 _____ () C:\Program Files\Malwarebytes Secure Backup\SOS.Contracts.CentralManagement.dll
2013-10-05 11:10 - 2013-10-02 23:03 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-05 11:10 - 2013-10-02 23:03 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-05 11:09 - 2013-10-02 23:02 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:50 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.   (0x80070490)
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
0x%08x (0xc0041800 - The content index cannot be read.  )
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (10/14/2013 08:20:47 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
The content index cannot be read.   (0xc0041800)
 
Error: (10/14/2013 08:20:47 PM) (Source: ESENT) (User: )
Description: Windows (3396) Windows: Database recovery/restore failed with unexpected error -543.
 
Error: (10/14/2013 08:20:34 PM) (Source: ESENT) (User: )
Description: Windows (3396) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb requires logfiles 14820-14823 in order to recover successfully. Recovery could only locate logfiles up to 14819.
 
Error: (10/14/2013 06:42:49 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (10/15/2013 00:39:36 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (10/15/2013 00:37:36 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:34:54 PM on 10/15/2013 was unexpected.
 
Error: (10/15/2013 00:16:48 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (10/15/2013 00:14:41 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (10/15/2013 00:09:33 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:59:33 AM on 10/15/2013 was unexpected.
 
Error: (10/15/2013 00:09:01 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
 
Error: (10/15/2013 00:08:57 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
 
Error: (10/15/2013 00:08:54 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (10/15/2013 00:07:24 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (10/15/2013 11:54:06 AM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-15 12:57:31.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:31.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:30.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:29.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:28.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:28.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:27.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 12:57:26.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-13 20:18:55.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-13 20:18:54.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 66%
Total physical RAM: 2037.69 MB
Available physical RAM: 691.52 MB
Total Pagefile: 4978.93 MB
Available Pagefile: 3396.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:139.02 GB) (Free:71.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:4.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 02FF13A2)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thanks
Link to post
Share on other sites

I did read the Chkdsk issue you posted.  But it was way over my head in terms of giving me any useful knowledge.

 

When I run Chkdsk, the fixes are made, and they are different every time, except that wmplayer and taskmgr are 

involved every time (along with random others which happen to reside in the same index records).

 

To me, it seems like something is screwing with wmplayer and/or taskmgr, but I have no idea what.

 

Sorry about the other mixup.  Since I had just run that program a couple of days ago, I thought that was what you

were looking for, and I didn't recognize the FRST program name in Step 6.

 

So now I will go back to Step 6 and run FRST using the Fix option with the fixlist.txt file that you attached.

 

========================================================================================

 

While I appreciate the help you are giving me very much, part of my problem is that I don't always understand 

the reasons for the tasks you are asking me to perform, and I don't get any feedback as to what the results 

have told you.

 

I was a professional trouble-shooter for many years as the database administrator at a mainframe installation, 

so I had a lot of experience running diagnostics, following clues, and making fixes, but I retired 18 years ago,

and don't have the PC knowledge to figure this situation out on my own.  I need someone like you who knows 

what they're doing, but I would like to understand better the reasons for the steps we're taking, and what they 

are telling you, as to what the problems might be.

 

So, continued thanks for your assistance.

Link to post
Share on other sites

  • Root Admin

The FRST program scans your system for files that are either known to be bad or new to the system recently.  It shows what files are loading and and then using experience and research we try to determine if said files are good or bad or if they should be loading or not.   Since these operations can change rapidly a log you run right now can potentially look different an hour later and why we ask for a new one just in case.  Don't forget we're not sitting at your terminal so logs are our only insight as to what is going on otherwise we're in the dark too.

 

I really think you should re-read and possibly print out that link for the CHDKDSK issue as it certainly seems to be the same issue you're having and he claims it fixes it.

Link to post
Share on other sites

Okay, I reran FRST in the Fix mode with the custom listfile.txt that you provided.

 

The fixlog.txt  created by that run is pasted here:

 

Then I did a manual reboot, and the system came up smoothly and quickly.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Ralph at 2013-10-18 12:57:06 Run:1
Running from C:\Users\Ralph\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
HKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2008-01-19] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.gateway.c...ys=PTB&M=P-6301
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {18CCE993-B9CC-4922-881F-F5EE68634486} URL = http://windowssecret...cof=FORID:11&q={searchTerms}
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job
C:\Users\Ralph\AppData\Local\temp\Quarantine.exe
C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll
Task: {1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FA3FE75-88E8-47DF-98C1-E645EC950EFB} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {32B77094-D224-4F3E-A9F8-728D40CB4126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {486B0270-4E58-4485-92A6-47D89531603C} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09] (Google)
Task: {4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)
Task: {B57F7104-ED4A-4F13-923C-70788EDC08DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {DB490431-69F5-4E1F-9D03-C57377D9FBFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30] (Google Inc.)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => C:\Users\Ralph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => c:\users\ralph\appdata\local\google\chrome\application\chrome.exe
 
 
*****************
 
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18CCE993-B9CC-4922-881F-F5EE68634486} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{18CCE993-B9CC-4922-881F-F5EE68634486} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54B22D32-7CA4-4CC1-8B88-BBAFBA652252} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{54B22D32-7CA4-4CC1-8B88-BBAFBA652252} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E81BEE72-CE53-4C96-BD0A-A95BD4404BFC} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.
HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.
HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job => Moved successfully.
"C:\Users\Ralph\AppData\Local\temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Ralph\AppData\Local\temp\yx6c2qfn.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F2D1D54-32EB-42A4-8B5F-A3914EABE69A} => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FA3FE75-88E8-47DF-98C1-E645EC950EFB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA3FE75-88E8-47DF-98C1-E645EC950EFB} => Key deleted successfully.
C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_JAN2013_TB_rmv => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32B77094-D224-4F3E-A9F8-728D40CB4126} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32B77094-D224-4F3E-A9F8-728D40CB4126} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{486B0270-4E58-4485-92A6-47D89531603C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486B0270-4E58-4485-92A6-47D89531603C} => Key deleted successfully.
C:\Windows\System32\Tasks\Google Software Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Software Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AAC8F7F-9C8F-4FAC-9964-D08B19B87FB9} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57F7104-ED4A-4F13-923C-70788EDC08DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57F7104-ED4A-4F13-923C-70788EDC08DA} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB490431-69F5-4E1F-9D03-C57377D9FBFA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB490431-69F5-4E1F-9D03-C57377D9FBFA} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA => Key deleted successfully.
C:\Windows\Tasks\Google Software Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181102313-2446731150-1557776212-1000UA.job => Moved successfully.
C:\Windows\Tasks\{B9528C56-634A-4606-A03B-F93C07CBEBA2}.job not found.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====
 
Did a manual reboot, and the system came up smoothly and more quickly than recently.
Link to post
Share on other sites

I may have spoken too soon.  When I hit Post to post the previous message, my system froze, and it took 

about 15 minutes for it to free itself up so that I could get back on here and type this message.

 

Also, my MSE icon in the systems trey has turned red, with an exclamation symbol on it.  I don't know if 

one of the fixes made by FRST has somehow crippled it.  I will investigate after I post this message.

Link to post
Share on other sites

  • Root Admin

Cleaning up the system is certainly going to make changes unfortunately sometimes not always good but unless one is will to backup their data and then reinstall Windows from scratch its the best that can done. 
 
Let me have you run this please.  It is a similar tool that will look at other items on the system and report them back for me.
 
 
Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

Minitoolbox run:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Ralph (administrator) on 18-10-2013 at 19:20:01
Running from "C:\Users\Ralph\Desktop\Deskwork"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)
The following helper DLL cannot be loaded: WLANCFG.DLL.
The following helper DLL cannot be loaded: WCNNETSH.DLL.
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.0.1
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Ralph-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : PK5001Z
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : PK5001Z
   Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 00-C0-A8-FB-77-F4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::31f5:5074:ea88:613%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.141(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, October 18, 2013 6:32:26 PM
   Lease Expires . . . . . . . . . . : Saturday, October 19, 2013 6:32:25 PM
   Default Gateway . . . . . . . . . : fe80::b077:bc11:2fb0:cc22%9
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 218153128
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-B6-5C-14-00-E0-B8-DB-4A-21
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       64.91.3.46
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-E0-B8-DB-4A-21
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b077:bc11:2fb0:cc22%8(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.204.34(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   IPv4 Address. . . . . . . . . . . : 192.168.0.1(Duplicate) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 201384120
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-B6-5C-14-00-E0-B8-DB-4A-21
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
                                       fec0:0:0:ffff::2%2
                                       fec0:0:0:ffff::3%2
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{E2CD68E9-F64B-46CA-AF60-CF8CB6FA1F9C}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Connection-specific DNS Suffix  . : PK5001Z
   Description . . . . . . . . . . . : isatap.PK5001Z
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.141%15(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       64.91.3.46
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  PK5001Z.PK5001Z
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:400a:802::1001
 173.194.33.97
 173.194.33.98
 173.194.33.99
 173.194.33.100
 173.194.33.101
 173.194.33.102
 173.194.33.103
 173.194.33.104
 173.194.33.105
 173.194.33.110
 173.194.33.96
 
 
 
Pinging google.com [173.194.33.98] with 32 bytes of data:
 
Reply from 173.194.33.98: bytes=32 time=23ms TTL=58
 
Reply from 173.194.33.98: bytes=32 time=24ms TTL=58
 
 
 
Ping statistics for 173.194.33.98:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
 
Server:  PK5001Z.PK5001Z
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
Reply from 206.190.36.45: bytes=32 time=27ms TTL=55
 
Reply from 206.190.36.45: bytes=32 time=28ms TTL=55
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 27ms, Maximum = 28ms, Average = 27ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time=17ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 4ms, Maximum = 17ms, Average = 10ms
 
===========================================================================
Interface List
  9 ...00 c0 a8 fb 77 f4 ...... Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
  8 ...00 e0 b8 db 4a 21 ...... Realtek PCIe GBE Family Controller
  1 ........................... Software Loopback Interface 1
 16 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 14 ...00 00 00 00 00 00 00 e0  isatap.{E2CD68E9-F64B-46CA-AF60-CF8CB6FA1F9C}
 15 ...00 00 00 00 00 00 00 e0  isatap.PK5001Z
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.141     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.204.34    276
   169.254.204.34  255.255.255.255         On-link    169.254.204.34    276
  169.254.255.255  255.255.255.255         On-link    169.254.204.34    276
      192.168.0.0    255.255.255.0         On-link     192.168.0.141    281
    192.168.0.141  255.255.255.255         On-link     192.168.0.141    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.141    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.204.34    276
        224.0.0.0        240.0.0.0         On-link     192.168.0.141    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.204.34    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.141    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    281 ::/0                     fe80::b077:bc11:2fb0:cc22
  1    306 ::1/128                  On-link
  8    276 fe80::/64                On-link
  9    281 fe80::/64                On-link
 15    286 fe80::5efe:192.168.0.141/128
                                    On-link
  9    281 fe80::31f5:5074:ea88:613/128
                                    On-link
  8    276 fe80::b077:bc11:2fb0:cc22/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    276 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/18/2013 05:52:15 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,
process id 0x14bc, application start time 0xsvchost.exe_BFE0.
 
Error: (10/18/2013 05:47:14 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,
process id 0xbe0, application start time 0xsvchost.exe_BFE0.
 
Error: (10/18/2013 05:47:08 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x0002799d,
process id 0x6e4, application start time 0xsvchost.exe_BFE0.
 
Error: (10/18/2013 05:44:53 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe_BFE, version 6.0.6001.18000, time stamp 0x47918b89, faulting module bfe.dll, version 6.0.6002.18005, time stamp 0x49e036ff, exception code 0xc0000005, fault offset 0x00028232,
process id 0x6a0, application start time 0xsvchost.exe_BFE0.
 
Error: (10/16/2013 00:26:35 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RALPH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AJPCDIPECMMHMHFCHEGPAFLPJKMCEIIP\1.0.0.0_0> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/16/2013 00:26:17 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RALPH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AJPCDIPECMMHMHFCHEGPAFLPJKMCEIIP\1.0.0.0_0> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/16/2013 11:32:44 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.
 
Error: (10/16/2013 11:17:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped.  Verify that you have sufficient privileges to stop system services.
 
Error: (10/15/2013 11:21:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/15/2013 05:55:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f4b934b4-48a2-41b7-a311-37902ec5516c}
 
 
System errors:
=============
Error: (10/18/2013 06:45:40 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (10/18/2013 06:33:33 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.204.34, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (10/18/2013 06:32:12 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:12:17 PM on 10/18/2013 was unexpected.
 
Error: (10/18/2013 05:44:52 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (10/18/2013 05:44:50 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (10/18/2013 05:43:35 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (10/18/2013 05:43:30 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (10/18/2013 05:42:30 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (10/18/2013 05:44:31 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (10/18/2013 04:50:17 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-17 09:57:22.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:57:21.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:57:20.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:57:20.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:53:02.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:53:01.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:53:00.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:52:59.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:52:58.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-17 09:52:57.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advertising Center (Version: 0.0.0.1)
AFPL Ghostscript 7.03
AFPL Ghostscript Fonts
Agere Systems HDA Modem
Amazon Kindle
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon MP3 Uploader (Version: 1.0.8)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 4
ArcSoft PhotoStudio 5.5
CAM UnZip 4.42
Canon CanoScan LiDE 100 User Registration
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon Inkjet Printer Driver Add-On Module
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon MP Navigator EX 2.0
Canon PIXMA iP3000
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Easy-PhotoPrint
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CanoScan LiDE 100 Scanner Driver
CCleaner (Version: 4.04)
CDBurnerXP (Version: 4.3.7.2423)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.15)
DolbyFiles (Version: 0.1)
EasyCleaner (Version: 2.0.6.380)
Elevated Installer (Version: 2.2.21)
ERUNT 1.1j
ESET Online Scanner v3
Family Tree Maker
File Uploader (Version: 1.2.0)
Filzip 3.06 (Version: 3.0.6)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.2.21)
Garmin Express Tray (Version: 2.2.21)
Garmin Update Service (Version: 2.2.21)
Garmin USB Drivers (Version: 2.3.0.0)
Gateway Connect (Version: 1.1.0)
Gateway Recovery Center Installer (Version: 1.01.031)
Google Chrome (Version: 30.0.1599.101)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.165)
GSview 4.1
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photosmart 6520 series Help (Version: 28.0.0)
HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)
HPDiagnosticAlert (Version: 1.00.0000)
IDT Audio (Version: 5.10.5303.0)
ImagXpress (Version: 7.0.74.0)
IMM4 VCM Codec 1.0.0.10
Inkjet Printer/Scanner Extended Survey Program
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.36)
Junk Mail filter update (Version: 15.4.3502.0922)
Keyspan USB Serial Adapter (Version: 3.7s)
LabelPrint (Version: 2.0.1826)
Logitech Legacy USB Camera Driver Package
Logitech QuickCam (Version: 11.90.1263)
Logitech QuickCam Driver Package
Magnifier (Version: 2.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Malwarebytes Secure Backup (Version: 5.9.1.4720)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)
Move Media Player
Movie Templates - Starter Kit (Version: 9.4.2.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.11.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.9.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.11.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.11.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.0.100)
Nero ShowTime (Version: 5.4.13.100)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero Vision (Version: 6.4.12.100)
Nero Vision Help (Version: 6.4.8.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.4.0)
Notepad++ (Version: 5.7)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Omron Health Management Software (Version: 1.21.0001)
PA095 / PA075 USB2.0 DOCK
Part 2 of 2
PDF reDirect (remove only) (Version: v2.2.8)
Picasa 3 (Version: 3.9)
Picasa Uploader (Version: 0.6)
Power2Go 5.0
Quicken Deluxe 98
Quicken WillMaker Plus 2013 (Version: 1.0.0.0)
QuickTime (Version: 7.74.80.86)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
REALTEK USB Wireless LAN Driver (Version: 1.00.0000)
Secunia PSI (2.0.0.3001)
Segoe UI (Version: 15.4.2271.0615)
Singlesnet (Version: 0.9.2901.0)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.6 (Version: 6.6.106)
Spare Backup (Version: 3.2)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 9.1.17.0)
TaxACT 2010
TaxACT 2011 - 1040 Edition
TaxACT 2011 Oregon
TaxACT 2012 - 1040 Edition
TaxACT 2012 Oregon
TomTom HOME (Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
TreeSize
Uniblue DriverScanner 2009 (Version: 2.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebCopier
WhoCrashed 4.01
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Messenger
 
========================= Devices: ================================
 
Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 57%
Total physical RAM: 2037.69 MB
Available physical RAM: 870.39 MB
Total Pagefile: 4984.93 MB
Available Pagefile: 3418.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.45 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:139.02 GB) (Free:71.36 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:4.46 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\RALPH-PC
 
Administrator            Guest                    Ralph                    
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\Mini013113-01.dmp
C:\Windows\Minidump\Mini013113-02.dmp
C:\Windows\Minidump\Mini020413-01.dmp
C:\Windows\Minidump\Mini020513-01.dmp
C:\Windows\Minidump\Mini020813-01.dmp
C:\Windows\Minidump\Mini021213-01.dmp
C:\Windows\Minidump\Mini022213-01.dmp
C:\Windows\Minidump\Mini041213-01.dmp
C:\Windows\Minidump\Mini071113-01.dmp
C:\Windows\Minidump\Mini071213-01.dmp
C:\Windows\Minidump\Mini071413-01.dmp
C:\Windows\Minidump\Mini071713-01.dmp
C:\Windows\Minidump\Mini072913-01.dmp
C:\Windows\Minidump\Mini080113-01.dmp
C:\Windows\Minidump\Mini080413-01.dmp
C:\Windows\Minidump\Mini080613-01.dmp
C:\Windows\Minidump\Mini081813-01.dmp
C:\Windows\Minidump\Mini082913-01.dmp
C:\Windows\Minidump\Mini083113-01.dmp
C:\Windows\Minidump\Mini090513-01.dmp
C:\Windows\Minidump\Mini091413-01.dmp
C:\Windows\Minidump\Mini091713-01.dmp
C:\Windows\Minidump\Mini091913-01.dmp
C:\Windows\Minidump\Mini092013-01.dmp
C:\Windows\Minidump\Mini092013-02.dmp
C:\Windows\Minidump\Mini092013-03.dmp
C:\Windows\Minidump\Mini092113-01.dmp
C:\Windows\Minidump\Mini092413-01.dmp
C:\Windows\Minidump\Mini092613-01.dmp
C:\Windows\Minidump\Mini092713-01.dmp
C:\Windows\Minidump\Mini100313-01.dmp
C:\Windows\Minidump\Mini100613-01.dmp
C:\Windows\Minidump\Mini101113-01.dmp
C:\Windows\Minidump\Mini101113-02.dmp
C:\Windows\Minidump\Mini101113-03.dmp
C:\Windows\Minidump\Mini101213-01.dmp
========================= Restore Points ==================================
 
 
**** End of log ****
Link to post
Share on other sites

  • Root Admin

Can you please try to just rename the following file and upload it.  Instead of .dmp rename the extension to .TXT and then using the More Reply Options button attach the file.

 

C:\Windows\Minidump\Mini101213-01.dmp

 

Then do a Full disk check.

 

Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator"

The logs show there is still something wrong with the hard drive.

 

In the DOS console type the following and press the Enter key.  It will say it cannot lock the drive and ask if you want to run it after a restart.

Press the Y key and then the Enter key and restart the computer and let the disk check run.  Hopefully a FULL disk check can find and repair this error otherwise you'll need to try and follow the advise in that other topic

 

 

CHKDSK C: /R

 

Then once its back up and running run a new FRST scan and post back both log files.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

I seem to be stuck here: "Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator"

I do this, typing it into the search field at the bottom of the START page, but I can't find it on "the menu." (what menu?)  It's probably something obvious that I'm just not understanding.  If I could find it, I could continue with the instructions.  But I'm stuck here.  Sorry.

Link to post
Share on other sites

  • Root Admin

To start an Admin command prompt please do the following.



Click Start, click All Programs, and then click Accessories.

Right-click Command prompt, and then click Run as administrator.

Then type as before

CHKDSK C: /R

The dump file shows that it had some issue with the memory manager.  Not a conclusive answer there.  It could be hardware related or possibly a bad driver.
 
 
You can download and burn a disk to test your memory.
MemTest86 is a free, thorough, stand alone memory test for x86 architecture computers.
MemTest86

Link to post
Share on other sites

Okay, today has been strange.  First I tried to find Command Prompt, but couldn't find it your way, because I never did find Accessorries.

I eventally found it by searching for Command prompt at the bottom of the Start page.

Then I started it as Administrator, and scheduled it to start after a restart.

 

It restarted fine and launced into the Chkdsk /R,  But it eventually hung up in step 5.  But first:

it found 0 bad sectors

but it found and fixed the usual indexes, including indexes for wmplayer.exe and taskmgr.exe, and about 3 others, 

then restoring the orphan records which it had removed from the indexes.

 

In stage 4, it verified file data.(stage 4 of 5):

"Windows replaced bad clusters in file 6939

of name \boot\bootstat.dat."

 

Interstingly, this is the same spot where both ESET runs had hung up, in previous runs.

 

At about 2 PM I left to play tennis, leaving the chkdsk running.

 

When I returned at about 4:30, Chkdsk had added the following lines:

 

"318896 files processed (no more bad clusters found, however)

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

79% percent complete.  (13981389 of 18627858 free clusters processed)"

 

I was surprised that it hadn't finished, and I waited another 3 hours, and the last line stayed the same.

Since neither the memory or disk lights were blinking, I finally concluded that it was hung up and not

going any farther,  and since it was just verifying free space, I forced it to shut down.

 

Nothing had gotten into the event log from that CHKDSK run, only when I canceled it.

 

So I will schedule another CHKDSK /R run tonight. 

 

I'll be interested to see if those bad clusters in boot/bootstat.dat have indeed been fixed,

and if an ESET run will be able to get past that spot without hanging up,

and if it will complete stage 5 this time.

 

Hopefully, I'll get a complete report this time.

Link to post
Share on other sites

  • Root Admin

No that entry means the hard drive is failing.  What you need to do is make sure you backup your data before  you potentially lose it.

 

There is no way to determine how long the drive will last before completely quitting.  It could be a year or it could be tomorrow.

 

You need to replace the hard drive and reinstall Windows or if possible get a new hard drive and image over the current one to the new one if possible.

 

In stage 4, it verified file data.(stage 4 of 5):

"Windows replaced bad clusters in file 6939

of name \boot\bootstat.dat."

Link to post
Share on other sites

Okay, I scheduled another run of CHKDSK /R for last night when I went to bed, around 10 PM.

When I checked on it later, it had completed stage 4, verifying file data.  The bad clusters which had been found

in boot/bootstat.dat in the previous run, had indeed been fixed.  (I still want to rerun ESET to make sure it gets past

that area).

 

But later still, it had hung up in stage 5, making no further progress all night.  This time it only completed 71% of the 

free space clusters, as opposed to 79% the previous afternoon.

 

Here is what remained on the screen this morning (hand written and typed here):

 

Deleting index entry taskmgr.exe in index $I30 of file 1459.

Deleting index entry wer.dll in index $I30 of file 1459.

    386164 index entries processed.

Index verification completed.

CHKDSK is recovering lost files.

Recovering orphaned file taskmgr.exe (131276) into directory file 1459.

Recovering orphaned file wer.dll (200161) into directory file 1459.

Recovering orphaned file inetpp.dll (200649) into directory file 1459.

Recovering orphaned file wmplayer.exe (223375) into directory file 203.

    5 unindexed files processed.

Recovering orphaned file taskeng.exe (224859) into directory file 1459.

CHKDSK is verifying security descriptors (stage 3 of 5). . .

    318912 security descriptors processed.

Security descriptor verification completed.

    33627 data files processed.

CHKDSK is verifying usn journal. . .

    33855032 USN bytes processed.

usn journal verification completed.

CHKDSK is verifying file data (stage 4 of 5). . .

    318896 files processed.

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5). . .

71 percent complete. (12047345 of 18627258 free clusters processed)

 

Now I am interested in rerunning ESET, as it only scanned a small portion of the disk 

before hanging up in boot/bootstat.dat  (which has now had bad clusters replaced).

 

Thanks for your advice about failing hard drive, but I'd like to investigate further.

 

But I think I will schedule another CHKDSK /R first.

 

PS - the system came up much quicker this morning after first forcing a shutdown

hasn't shown signs of freezing up yet, but it's still too soon to say.

Link to post
Share on other sites

  • Root Admin

No, that is the point.  The hard drive is failing and though CHKDSK may remap that failed cluster it does nothing to prevent continued failures. 

 

It's certainly up to you and all I can do is warn you but if you don't have or get your data backed up as soon as you can you are looking for a disaster one day when you go to turn your computer on and it won't turn on or you go to access your data and find you can't.

 

The safest option is to backup your data and replace the hard drive as soon as you if you value the data you have saved.

Link to post
Share on other sites

Okay, This afternoon, I started ESET online scan again.  It breezed right past the repaired (by CHKDSK /R) 

bad clusters in file 6939 of C: boot\bootstat.dat, which had hung up ESET on two previous attempts to run it.

As of now, after 4 hours of scanning and about 50% of the way through, it has found

4 infected files so far:

 

These are:

 

1.  Win32/Joke.Screenmate application

2.  a variant of Win32/Registry Booster application

3.  a variant of Win32/Soft32 Downloader D application

4.  multiple threats

 

So, I will let it continue running into the night and finish this time, if it will.

These infected files were not found by Malwarebytes Pro or MSE, but I have not

been able to do a full scan with either of these programs since August 30 (I believe).

I have done Flash scans with Malwarebytes Pro, and quick scans with MSE.

But I don't know how recent these infections are.  If I get a report I will print it.

Link to post
Share on other sites

ESET finished.  Here is the output as a txt file:

 

C:\download\Felix2.exe Win32/Joke.ScreenMate application
C:\Users\Ralph\Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
C:\Users\Ralph\Downloads\google earth setup.exe a variant of Win32/Soft32Downloader.D application
C:\Users\Ralph\Downloads\speedupmypc.exe multiple threats
 
Since I ran ESET with 'Remove found threats' unticked, as instructed, how do I go about removing them now?
Link to post
Share on other sites

  • Root Admin

Just simply delete them. 

 

Did you read my previous reply though?  You've not replied and perhaps may seem to think that all will be okay - it will not be okay.  Sooner or later that hard drive is going to fail and you stand the chance of possibly loosing your data.  I just want you to be clear that trying to stay on the hard drive is a recipe for disaster.

 

All of these items are adware and not actual malware.

Link to post
Share on other sites

I looked up these threats in the files listed to see when they were downloaded.

 

The first one was a little cat application that I'd had on various computers, dated 11-19-2001

 

The second was Registry Booster from Uniblue dated 2-04-2010

 

The third was a Google Earth setup from 3-11-2013.  I think I was looking for an earlier version.

 

The fourth was Speedupmypc from Uniblue, whom I trusted, on 2-06-2013.

 

Malwarebytes full scans never indicated that any of them were threats, nor did MSE..

Link to post
Share on other sites

Yes, I read your warning about possibly failing hard drive, but have had no other indication of that, and since

Windows was able to fix it, I feel hopeful that it won't cause any more trouble.

 

Is there some source I could read about that?  My computer has been much more stable for the 

past few days since I uninstalled my recently purchased (February, 2013) HP PHotosmart printer.  The tech gave me

newer installation software which I have not used yet, will wait until other issues are solved.  I shold also probably

uninstall my old Canon printer before I do that.

 

And I have purchased MalwareBytes Secure Backup to save my important data.  I will probably be getting a newer 

laptop before too long, anyway.

Link to post
Share on other sites

I will try to run a Malwarebytes Pro full scan tonight.  I hadn't been able to do that recently because my 

computer would bog down and freeze up.  We'll see if that problem has been put behind us.  My computer has 

been up and running all day, including the ESET scan on IE, and several programs including Facebook

on Chrome including this one.

So we'll see.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.