Today I went to System Restore to drop back to a previous configuration after trying out some new software. To my surprise System Protection was OFF and, of course, there were no restore points. Immediately I suspect a virus or Trojan that has gone undetected by Microsoft Security Essentials. I have downloaded Malwarebytes, as recommended elsewhere and thati has found no threat. I have also noticed that in the System Protection activation window there is a second System drive shown as a potential drive on which to activate protection with the caption System C:) (Missing) with most recent restore point as 03/11/2011. It looks as though I have had the bug since November. My wife's computer, part of our home network, has the same problem - identical symptoms but she has no restore points in the "missing"extra C drive. Any thoughts? It's that extra "missing" C drive that worries me, but I guess I had better turn on System Protection again and see if it gets turned off! I can always ignore retores with dates earlier than the date when I find the cause. MORE INFO: When I created a new Restore Point the "missing" drive disappeared. Thanks ________________________ Perhaps I have solved it! I ran sfc /scannow which found some corrupt files in system protection. I have looked at the log file CBS.txt and the bit of the log that mentions Repair is: 2012-01-23 15:02:01, Info CSI 000001d8 Repair results created: POQ 93 starts: 0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e09ca0f5dfd9cc010828000000150c17._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms" 1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\6046a4f5dfd9cc010928000000150c17.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms" 2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\90bba4f5dfd9cc010a28000000150c17.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms" 3: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\208ca8f5dfd9cc010b28000000150c17.$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms" 4: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\d039aaf5dfd9cc010c28000000150c17.$$_inf_ugthrsvc_0409_8451c270df70bfac.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0409_8451c270df70bfac.cdf-ms" 5: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\a035acf5dfd9cc010d28000000150c17.$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms" 6: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\50e3adf5dfd9cc010e28000000150c17.$$_inf_ugatherer_0409_046b6321f9ca254f.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0409_046b6321f9ca254f.cdf-ms" 7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\5054b0f5dfd9cc010f28000000150c17.$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms" 8: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenam 2012-01-23 15:02:01, Info CSI es\f0dab1f5dfd9cc011028000000150c17.$$_inf_wsearchidxpi_0409_2e6e3e8caf9fcb6d.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0409_2e6e3e8caf9fcb6d.cdf-ms" 9: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\10ca29f6dfd9cc011128000000150c17.$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms" 10: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\90732df6dfd9cc011228000000150c17.$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms" 11: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\00f630f6dfd9cc011328000000150c17.$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms" 12: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{b76294a3-6908-3d74-feb3-aa882aa02408}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c006d00730073007200630068002e0064006c006c002c004d00530053007200630068005f0053007900730050007200650070005f0043006c00650061006e00750070000000} POQ 93 ends. 2012-01-23 15:02:01, Info CSI 000001d9 [SR] Verify complete 2012-01-23 15:02:01, Info CSI 000001da [SR] Verifying 11 (0x0000000b) components 2012-01-23 15:02:01, Info CSI 000001db [SR] Beginning Verify and Repair transaction 2012-01-23 15:02:02, Info CSI 000001dc Repair results created: POQ 94 starts: POQ 94 ends. 2012-01-23 15:02:02, Info CSI 000001dd [SR] Verify complete 2012-01-23 15:02:02, Info CSI 000001de [SR] Repairing 1 components 2012-01-23 15:02:02, Info CSI 000001df [SR] Beginning Verify and Repair transaction 2012-01-23 15:02:02, Info CSI 000001e0 [SR] Cannot verify component files for Microsoft-Windows-MSAuditEvtLog.Resources, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest may be damaged (FALSE) 2012-01-23 15:02:02, Info CSI 000001e1 [SR] Recovered manifest from backup for Microsoft-Windows-MSAuditEvtLog.Resources, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral 2012-01-23 15:02:02, Info CSI 000001e2 Repair results created: POQ 95 starts: 0: Create File: File = [l:274{137}]"\SystemRoot\WinSxS\Manifests\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5bf11cff56fe3219.manifest", Attributes = 00000080 1: Move File: Source = [l:360{180}]"\SystemRoot\WinSxS\Temp\PendingRenames\b0e17bf6dfd9cc011f28000000150c17.x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5bf11cff56fe3219.manifest", Destination = [l:274{137}]"\SystemRoot\WinSxS\Manifests\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5bf11cff56fe3219.manifest" POQ 95 ends. 2012-01-23 15:02:02, Info CSI 000001e3 [SR] Repair complete 2012-01-23 15:02:02, Info CSI 000001e4 [SR] Committing transaction 2012-01-23 15:02:02, Info CSI 000001e5 Creating NT transaction (seq 1), objectname [6]"(null)" 2012-01-23 15:02:02, Info CSI 000001e6 Created NT transaction (seq 1) result 0x00000000, handle @0x1a80 2012-01-23 15:02:02, Info CSI 000001e7@2012/1/23:15:02:02.677 CSI perf trace: CSIPERF:TXCOMMIT;68220 2012-01-23 15:02:02, Info CSI 000001e8 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired 2012-01-23 15:05:07, Info CBS Scavenge: Package store indicates there is no component to scavenge, skipping. All that means nothing to me but maybe it was a corruption that occurred to both machines as a result of a power outage? Wh knows? I will now do the same repair on my wife's machine and will post back only if the System Restore switches itself off again. Ron