Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Dell XPS 8500 runs slow

Started by John Aukerman , Aug 03 2016 06:47 AM

Please log in to reply

#1
John Aukerman

Posted 03 August 2016 - 06:47 AM

Member

Member
284 posts

Takes longer than it used to take to boot up, to open programs, to do anything. I ran FRST64. Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Aukerman (administrator) on AUKERMAN-PC (03-08-2016 08:10:25)
Running from C:\Users\Aukerman\Desktop
Loaded Profiles: Aukerman (Available Profiles: Aukerman)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-07] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Google Update] => C:\Users\Aukerman\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3132E1A3-4DDA-41F4-97CC-79FA274A0328}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKLM-x32 - WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> {8FFE85F0-FBB5-4047-99DE-D4523975C336} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WhiteSmoke US New Toolbar -> {462be121-2b54-4218-bf00-b9bf8135b23f} -> C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll [2011-05-09] (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.facebook.com/
hxxps://mail.google.com/mail/?shva=1#inbox
hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=fiZNqzggyfCvyXfC0GF0iA
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-09] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-09] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aukerman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF SearchPlugin: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\searchplugins\taplika.xml [2015-04-05]
FF Extension: Clearly - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\extensions\[email protected] [2016-01-16]
FF Extension: LastPass - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\extensions\[email protected] [2016-03-11]
FF Extension: Amazon Assistant for Firefox - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-07-28]
FF Extension: webpass - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-07-01]
FF Extension: Garmin Communicator - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-07] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/calendar/render?tab=mc#main_7"
CHR Profile: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-07-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-07-01]
CHR Extension: (Vid-Saver) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2015-06-18] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/3491.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pgmfkblbflahhponhjmkcnpjinenhlnc] - C:\Users\Aukerman\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx [2012-09-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-03 08:10 - 2016-08-03 08:10 - 00026463 _____ C:\Users\Aukerman\Desktop\FRST.txt
2016-08-03 08:10 - 2016-08-03 08:10 - 00000000 ____D C:\FRST
2016-08-03 08:09 - 2016-08-03 08:09 - 02393600 _____ (Farbar) C:\Users\Aukerman\Desktop\FRST64.exe
2016-08-03 08:02 - 2016-08-03 08:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-03 06:35 - 2016-08-03 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-03 06:35 - 2016-08-03 06:35 - 00000000 ____D C:\Program Files\iTunes
2016-08-03 06:35 - 2016-08-03 06:35 - 00000000 ____D C:\Program Files\iPod
2016-08-03 06:35 - 2016-08-03 06:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-03 06:16 - 2016-08-03 06:16 - 00000000 ___RD C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-07-31 21:22 - 2016-07-31 21:22 - 09694945 _____ C:\Users\Aukerman\Downloads\combined_2016_07_31_original.pdf
2016-07-29 21:20 - 2016-07-29 21:20 - 07111745 _____ C:\Users\Aukerman\Downloads\combined_2016_07_29_original (1).pdf
2016-07-29 20:41 - 2016-07-29 20:41 - 07111745 _____ C:\Users\Aukerman\Downloads\combined_2016_07_29_original.pdf
2016-07-28 20:25 - 2016-07-28 20:25 - 05754617 _____ C:\Users\Aukerman\Downloads\combined_2016_07_28_original.pdf
2016-07-27 23:41 - 2016-07-27 23:42 - 04504637 _____ C:\Users\Aukerman\Downloads\combined_2016_07_27_original.pdf
2016-07-27 23:31 - 2016-07-27 23:31 - 04774726 _____ C:\Users\Aukerman\Downloads\combined_2016_07_26_original.pdf
2016-07-27 23:25 - 2016-07-27 23:25 - 04098459 _____ C:\Users\Aukerman\Downloads\combined_2016_07_25_original.pdf
2016-07-27 23:20 - 2016-07-27 23:21 - 09114182 _____ C:\Users\Aukerman\Downloads\combined_2016_07_24_original.pdf
2016-07-27 23:20 - 2016-07-27 23:20 - 07083904 _____ C:\Users\Aukerman\Downloads\combined_2016_07_22_original (1).pdf
2016-07-23 02:35 - 2016-07-23 02:35 - 00000000 ____D C:\Windows\EOONotify
2016-07-22 16:16 - 2016-07-22 16:16 - 07083904 _____ C:\Users\Aukerman\Downloads\combined_2016_07_22_original.pdf
2016-07-22 16:11 - 2016-07-22 16:11 - 06361575 _____ C:\Users\Aukerman\Downloads\combined_2016_07_21_original.pdf
2016-07-22 16:03 - 2016-07-22 16:03 - 06767390 _____ C:\Users\Aukerman\Downloads\combined_2016_07_20_original.pdf
2016-07-22 16:03 - 2016-07-22 16:03 - 04774874 _____ C:\Users\Aukerman\Downloads\combined_2016_07_18_original (1).pdf
2016-07-22 15:47 - 2016-07-22 15:47 - 05059770 _____ C:\Users\Aukerman\Downloads\combined_2016_07_19_original.pdf
2016-07-22 15:43 - 2016-07-22 15:43 - 04774874 _____ C:\Users\Aukerman\Downloads\combined_2016_07_18_original.pdf
2016-07-22 15:34 - 2016-07-22 15:34 - 17229829 _____ C:\Users\Aukerman\Downloads\combined_2016_07_17_original.pdf
2016-07-16 00:16 - 2016-07-16 00:17 - 08030122 _____ C:\Users\Aukerman\Downloads\combined_2016_07_15_original.pdf
2016-07-15 00:09 - 2016-07-15 00:09 - 05883753 _____ C:\Users\Aukerman\Downloads\combined_2016_07_14_original.pdf
2016-07-13 21:10 - 2016-07-13 21:10 - 05731456 _____ C:\Users\Aukerman\Downloads\combined_2016_07_13_original.pdf
2016-07-13 08:40 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 08:40 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 08:40 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 08:40 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 08:40 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 08:40 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 08:40 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 08:40 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 08:40 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 08:40 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 08:40 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 08:40 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 08:40 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 08:40 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 08:40 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 08:40 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 08:40 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 08:40 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 08:40 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 08:40 - 2016-06-11 02:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 08:40 - 2016-06-11 00:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 08:40 - 2016-06-10 17:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 08:40 - 2016-06-10 17:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 08:40 - 2016-06-10 17:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 08:40 - 2016-06-10 17:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 08:40 - 2016-06-10 17:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 08:40 - 2016-06-10 17:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 08:40 - 2016-06-10 17:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 08:40 - 2016-06-10 17:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 08:40 - 2016-06-10 17:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 08:40 - 2016-06-10 17:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 08:40 - 2016-06-10 17:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 08:40 - 2016-06-10 17:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 08:40 - 2016-06-10 17:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 08:40 - 2016-06-10 17:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 08:40 - 2016-06-10 17:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 08:40 - 2016-06-10 17:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 08:40 - 2016-06-10 16:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 08:40 - 2016-06-10 16:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 08:40 - 2016-06-10 16:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 08:40 - 2016-06-10 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 08:40 - 2016-06-10 16:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 08:40 - 2016-06-10 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 08:40 - 2016-06-10 16:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 08:40 - 2016-06-10 16:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 08:40 - 2016-06-10 16:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 08:40 - 2016-06-10 16:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 08:40 - 2016-06-10 16:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 08:40 - 2016-06-10 16:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 08:40 - 2016-06-10 16:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 08:40 - 2016-06-10 16:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 08:40 - 2016-06-10 15:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 08:40 - 2016-06-10 15:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 08:40 - 2016-06-10 15:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 08:40 - 2016-06-10 15:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 08:40 - 2016-06-10 15:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-13 08:40 - 2016-06-10 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-13 08:40 - 2016-06-10 14:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 08:40 - 2016-06-10 14:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-13 08:40 - 2016-06-10 14:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-13 08:40 - 2016-06-10 14:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 08:40 - 2016-06-10 14:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 08:40 - 2016-06-10 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-13 08:40 - 2016-06-10 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-13 08:40 - 2016-06-10 14:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 08:40 - 2016-06-10 14:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-13 08:40 - 2016-06-10 14:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 08:40 - 2016-06-10 14:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-13 08:40 - 2016-06-10 14:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-13 08:40 - 2016-06-10 14:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-13 08:40 - 2016-06-10 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 08:40 - 2016-06-10 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-13 08:40 - 2016-06-10 14:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-13 08:40 - 2016-06-10 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-13 08:40 - 2016-06-10 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 08:40 - 2016-06-10 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-13 08:40 - 2016-06-10 14:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 08:40 - 2016-06-10 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 08:40 - 2016-06-10 14:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 08:40 - 2016-06-10 14:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 08:40 - 2016-06-10 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-13 08:40 - 2016-06-10 13:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 08:40 - 2016-06-10 13:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 08:40 - 2016-06-10 13:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 08:40 - 2016-06-10 13:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-13 08:39 - 2016-06-14 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-12 21:48 - 2016-07-12 21:48 - 04500325 _____ C:\Users\Aukerman\Downloads\combined_2016_07_12_original.pdf
2016-07-11 22:11 - 2016-07-11 22:11 - 04737324 _____ C:\Users\Aukerman\Downloads\combined_2016_07_11_original.pdf
2016-07-10 21:38 - 2016-07-10 21:38 - 07377431 _____ C:\Users\Aukerman\Downloads\combined_2016_07_08_original.pdf
2016-07-10 21:33 - 2016-07-10 21:33 - 07088974 _____ C:\Users\Aukerman\Downloads\combined_2016_07_07_original.pdf
2016-07-10 21:32 - 2016-07-10 21:32 - 10641328 _____ C:\Users\Aukerman\Downloads\combined_2016_07_10_original.pdf
2016-07-10 07:37 - 2016-07-10 07:37 - 00102928 _____ C:\Users\Aukerman\Desktop\2012PRIMARY_ELECTION_CANDIDATE.pdf
2016-07-06 21:11 - 2016-07-06 21:11 - 06014655 _____ C:\Users\Aukerman\Downloads\combined_2016_07_06_original (1).pdf
2016-07-06 21:02 - 2016-07-06 21:02 - 06014655 _____ C:\Users\Aukerman\Downloads\combined_2016_07_06_original.pdf
2016-07-06 07:38 - 2016-07-06 07:38 - 00074717 _____ C:\Users\Aukerman\Downloads\statement (9).pdf
2016-07-05 21:21 - 2016-07-05 21:22 - 06460505 _____ C:\Users\Aukerman\Downloads\combined_2016_07_05_original.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-03 08:07 - 2012-10-27 07:50 - 00000000 ___RD C:\Users\Aukerman\Virtual Machines
2016-08-03 08:03 - 2012-10-06 07:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-03 08:02 - 2012-10-06 08:25 - 00000000 ___RD C:\Users\Aukerman\Desktop\John
2016-08-03 07:45 - 2012-09-26 18:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-03 07:36 - 2012-10-07 17:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 07:23 - 2015-11-11 12:56 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001UA.job
2016-08-03 06:54 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-03 06:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-08-03 06:35 - 2012-10-06 08:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-03 06:30 - 2013-06-01 18:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-03 06:29 - 2013-06-01 18:34 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-03 06:29 - 2012-10-06 08:54 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\LastPass
2016-08-03 06:28 - 2014-04-13 06:29 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-08-03 06:28 - 2013-06-01 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-08-03 06:24 - 2009-07-14 00:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-03 06:24 - 2009-07-14 00:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-03 06:16 - 2012-12-22 08:36 - 00000000 ___RD C:\Users\Aukerman\Google Drive
2016-08-03 06:16 - 2012-10-07 17:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-03 06:16 - 2012-09-26 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-08-03 06:16 - 2012-09-26 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-08-03 06:16 - 2012-09-26 19:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-08-03 06:15 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-03 01:02 - 2012-10-06 08:25 - 00000000 ____D C:\Users\Aukerman\Documents\Bren
2016-08-02 19:52 - 2012-10-06 11:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
2016-08-02 17:23 - 2015-11-11 12:55 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001Core.job
2016-07-31 17:55 - 2012-10-06 08:25 - 00000000 ____D C:\Users\Aukerman\Documents\John
2016-07-31 07:55 - 2012-10-25 09:14 - 00000000 ____D C:\Users\Aukerman\AppData\Local\CrashDumps
2016-07-30 09:17 - 2012-10-06 08:26 - 00000000 ____D C:\Users\Aukerman\Documents\My Digital Editions
2016-07-28 17:18 - 2015-11-11 12:56 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001UA
2016-07-28 17:18 - 2015-11-11 12:55 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001Core
2016-07-28 16:31 - 2012-10-07 17:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 16:31 - 2012-10-07 17:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 17:49 - 2012-10-16 15:37 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-07-27 15:25 - 2010-11-20 23:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-26 16:28 - 2012-10-06 08:25 - 00000000 ____D C:\Users\Aukerman\Desktop\Brenda
2016-07-23 02:35 - 2016-03-23 01:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-23 02:35 - 2016-03-23 01:41 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-14 13:45 - 2012-09-26 18:58 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 13:45 - 2012-09-26 18:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 13:45 - 2012-09-26 18:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 08:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-07-14 06:42 - 2009-07-14 00:45 - 00420216 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 06:41 - 2014-12-11 17:58 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 06:41 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 02:25 - 2013-08-15 01:08 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 02:25 - 2012-10-06 07:40 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-12 09:45 - 2012-09-26 18:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 09:45 - 2012-09-26 18:58 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-05 00:09 - 2013-08-03 00:52 - 00000000 ____D C:\Users\Aukerman\Documents\Outlook Files
2016-07-05 00:07 - 2012-10-07 17:33 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Deployment

==================== Files in the root of some directories =======

2003-11-10 16:27 - 2003-11-10 16:26 - 0376884 _____ () C:\Program Files\image001.bmp
2013-11-09 09:25 - 2013-11-09 09:25 - 12767232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-05 07:22 - 2015-04-05 07:22 - 0000064 _____ () C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00

Files to move or delete:
====================
C:\Users\Aukerman\jobq.dat

Some files in TEMP:
====================
C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Aukerman\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Aukerman\AppData\Local\Temp\lowproc.exe
C:\Users\Aukerman\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Aukerman (2016-08-03 08:11:16)
Running from C:\Users\Aukerman\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-06 11:27:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3383977758-1919853078-1981122960-500 - Administrator - Disabled)
Aukerman (S-1-5-21-3383977758-1919853078-1981122960-1001 - Administrator - Enabled) => C:\Users\Aukerman
Guest (S-1-5-21-3383977758-1919853078-1981122960-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3383977758-1919853078-1981122960-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version: - )
Canon MP970 series User Registration (HKLM-x32\...\Canon MP970 series User Registration) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Drive plug-in 1.6.10.0 (HKLM-x32\...\{8401C6F8-0A63-422E-B3A8-C49422B11E45}) (Version: 1.6.10.0 - Google Inc)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - GVOX)
MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version: - )
MusicTime Deluxe 4.0.4 UpdateTest (HKLM-x32\...\MusicTime Deluxe 4.0.4 UpdateTest 1.1) (Version: 1.1 - GVOX)
MusicTime Updater (HKLM-x32\...\MusicTime Updater ) (Version: - Passport Music Software LLC)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version: - RootsMagic, Inc.)
RootsMagic 7.0.5.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
WhiteSmoke US New Toolbar (HKLM-x32\...\WhiteSmoke_US_New Toolbar) (Version: 6.9.0.16 - WhiteSmoke US New) <==== ATTENTION
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{82186AB2-1881-42D6-B945-35087B680952}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

I'm not sure the FRST64 completed its work. Because the computer locked up with a window (see attached) that was always on top. Couldn't close it, couldn't get rid of it. Had to shut down computer to make it go away.

Attached Thumbnails

#2
RKinner

Posted 03 August 2016 - 08:58 AM

Malware Expert

Expert
24,625 posts

Uninstall:

WhiteSmoke US New Toolbar

Java 8 Update 31

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Separate Replies are probably easiest.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top about 10 lines down.) Save the file. Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File)

#3
John Aukerman

Posted 04 August 2016 - 05:35 AM

Member

Topic Starter
Member
284 posts

Uninstalled

WhiteSmoke US New Toolbar

Java 8 Update 31

Text from Process Explorer:

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   66.01   0 K   24 K   0
svchost.exe   20.14   2,204 K   6,024 K   4696   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
firefox.exe   5.57   719,296 K   706,192 K   4300   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
System   3.34   252 K   4,572 K   4
CarboniteService.exe   1.79   16,408 K   33,988 K   1852   Carbonite Secure Backup Engine   Carbonite, Inc. (www.carbonite.com)   (Verified) Carbonite
procexp64.exe   0.99   30,544 K   53,820 K   3200   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
lsass.exe   0.46   6,172 K   13,800 K   804   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   0.44   0 K   0 K   n/a   Hardware Interrupts and DPCs
dwm.exe   0.26   38,456 K   39,712 K   2316   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
googledrivesync.exe   0.21   88,832 K   101,196 K   4928   Google Drive   Google   (Verified) Google Inc
MsMpEng.exe   0.20   134,520 K   154,380 K   608   Antimalware Service Executable   Microsoft Corporation   (Verified) Microsoft Corporation
msiexec.exe   0.16   10,384 K   20,524 K   6960   Windows® installer   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   0.13   3,976 K   10,928 K   708   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.07   12,112 K   21,136 K   1108   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
msiexec.exe   0.06   2,596 K   8,012 K   7064   Windows® installer   Microsoft Corporation   (Verified) Microsoft Windows
CarboniteUI.exe   0.03   13,380 K   30,032 K   3640   Carbonite User Interface   Carbonite, Inc.   (Verified) Carbonite
Toaster.exe   0.02   56,140 K   48,268 K   3716   Dell DataSafe Local Backup   SoftThinks - Dell   (Verified) Dell Inc
VSSVC.exe   0.02   7,452 K   14,048 K   5756   Microsoft® Volume Shadow Copy Service   Microsoft Corporation   (Verified) Microsoft Windows
explorer.exe   0.02   75,188 K   102,640 K   2368   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
CCC.exe   0.01   110,932 K   2,708 K   5040   Catalyst Control Center: Host application   ATI Technologies Inc.   (No signature was present in the subject) ATI Technologies Inc.
LMS.exe   0.01   2,596 K   5,080 K   5752   Local Manageability Service   Intel Corporation   (Verified) Intel Corporation
svchost.exe   0.01   5,632 K   9,972 K   1008   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
IAStorDataMgrSvc.exe   0.01   23,068 K   21,140 K   2340   IAStorDataSvc   Intel Corporation   (Verified) Intel Corporation
SearchIndexer.exe   0.01   39,056 K   25,476 K   3404   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   5,304 K   10,488 K   916   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
AppleMobileDeviceService.exe   0.01   5,240 K   13,596 K   1764   MobileDeviceService   Apple Inc.   (Verified) Apple Inc.
svchost.exe   0.01   29,776 K   35,680 K   1348   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
MOM.exe   < 0.01   39,804 K   5,060 K   3484   Catalyst Control Center: Monitoring program   Advanced Micro Devices Inc.   (No signature was present in the subject) Advanced Micro Devices Inc.
IAStorIcon.exe   < 0.01   25,388 K   24,732 K   1724   IAStorIcon   Intel Corporation   (Verified) Intel Corporation
svchost.exe   < 0.01   30,552 K   50,380 K   1148   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
NOBuAgent.exe   < 0.01   2,572 K   5,916 K   3896   Dell DataSafe Online Service   Dell, Inc.   (Verified) Symantec Corporation
taskhost.exe   < 0.01   19,308 K   23,292 K   2224   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   < 0.01   2,356 K   5,412 K   584   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   13,848 K   16,896 K   6140   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   < 0.01   7,976 K   16,724 K   4088   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
lsm.exe   < 0.01   2,804 K   4,700 K   812   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   183,720 K   186,428 K   1068   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchProtocolHost.exe   < 0.01   2,300 K   5,576 K   6744   Microsoft Windows Search Protocol Host   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   27,208 K   24,356 K   1036   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
BtvStack.exe   < 0.01   20,868 K   24,244 K   2808   Bluetooth Tray   Atheros Commnucations   (A certificate was explicitly revoked by its issuer) Atheros Commnucations
WUDFHost.exe       2,284 K   6,456 K   5616   Windows Driver Foundation - User-mode Driver Framework Host Process   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe       15,260 K   12,344 K   5404   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       3,096 K   7,112 K   4984   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       1,492 K   3,676 K   2560   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
wlanext.exe       2,364 K   5,900 K   1468   Windows Wireless LAN 802.11 Extensibility Framework   Microsoft Corporation   (Verified) Microsoft Windows
winlogon.exe       3,852 K   8,280 K   768   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,756 K   4,808 K   680   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
UNS.exe       3,780 K   10,204 K   5664   User Notification Service   Intel Corporation   (Verified) Intel Corporation
svchost.exe       7,356 K   13,604 K   1960   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       15,488 K   16,344 K   1616   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,960 K   6,372 K   1252   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,428 K   5,960 K   3272   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,856 K   5,028 K   4992   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,004 K   5,744 K   4040   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       5,720 K   11,672 K   1920   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
STService.exe       3,428 K   11,240 K   2488   ST Service Scheduling       (Verified) Dell Inc
spoolsv.exe       7,476 K   13,808 K   1580   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       544 K   1,228 K   404   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
ShwiconXP9106.exe       1,844 K   6,636 K   3532   IconUtility ShwiconXP Application   Alcor Micro Corp.   (No signature was present in the subject) Alcor Micro Corp.
SftService.exe       4,484 K   8,508 K   3960   SoftThinks Agent Service   SoftThinks SAS   (Verified) Dell Inc
services.exe       7,576 K   12,992 K   780   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
SearchFilterHost.exe       2,248 K   5,492 K   6672   Microsoft Windows Search Filter Host   Microsoft Corporation   (Verified) Microsoft Windows
RtkNGUI64.exe       14,164 K   11,220 K   2792   Realtek HD Audio Manager   Realtek Semiconductor   (Verified) Realtek Semiconductor Corp
RAVBg64.exe       15,172 K   12,216 K   2800   HD Audio Background Process   Realtek Semiconductor   (Verified) Realtek Semiconductor Corp
procexp.exe       2,444 K   7,580 K   1576   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
PresentationFontCache.exe       31,020 K   24,916 K   5672   PresentationFontCache.exe   Microsoft Corporation   (Verified) Microsoft Corporation
OSPPSVC.EXE       3,736 K   11,344 K   6460   Microsoft Office Software Protection Platform Service   Microsoft Corporation   (Verified) Microsoft Corporation
NisSrv.exe       16,908 K   11,724 K   4808   Microsoft Network Realtime Inspection Service   Microsoft Corporation   (Verified) Microsoft Corporation
msseces.exe       6,360 K   14,896 K   2832   Microsoft Security Client User Interface   Microsoft Corporation   (Verified) Microsoft Corporation
msiexec.exe       2,248 K   6,824 K   6976   Windows® installer   Microsoft Corporation   (Verified) Microsoft Windows
mDNSResponder.exe       2,368 K   5,996 K   1828   Bonjour Service   Apple Inc.   (Verified) Apple Inc.
iusb3mon.exe       1,924 K   6,024 K   3464   Intel® USB 3.0 Monitor   Intel Corporation   (Verified) Intel Corporation
ijplmsvc.exe       1,068 K   3,792 K   3836   PIXMA Extended Servey Program Service       (Verified) Canon Inc.
HeciServer.exe       1,904 K   5,636 K   3860   Intel® Capability Licensing Service Interface   Intel® Corporation   (Verified) Intel® Upgrade Service
googledrivesync.exe       1,404 K   3,708 K   3360   Google Drive   Google   (Verified) Google Inc
GoogleCrashHandler64.exe       1,652 K   528 K   2720   Google Crash Handler   Google Inc.   (Verified) Google Inc
GoogleCrashHandler.exe       1,540 K   528 K   2668   Google Crash Handler   Google Inc.   (Verified) Google Inc
DSUpd.exe       16,176 K   18,704 K   2568   DataSafe Update Launcher   SoftThinks - Dell   (Verified) Dell Inc
dllhost.exe       2,788 K   7,452 K   3680   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
conhost.exe       1,092 K   2,976 K   1476   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
BJMYPRT.EXE       2,416 K   5,796 K   2240   Canon My Printer   CANON INC.   (Verified) Canon Inc.
audiodg.exe       19,684 K   20,408 K   5380   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows
atiesrxx.exe       1,716 K   4,620 K   452   AMD External Events Service Module   AMD   (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe       2,592 K   6,884 K   1976   AMD External Events Client Module   AMD   (Verified) Microsoft Windows Hardware Compatibility Publisher
AthBtTray.exe       5,516 K   14,464 K   2820   Bluetooth Tray   Atheros Commnucations   (A certificate was explicitly revoked by its issuer) Atheros Commnucations
Ath_WlanAgent.exe       1,300 K   4,144 K   3184   Atheros Coex Service Application   Atheros   (A certificate was explicitly revoked by its issuer) Atheros
Ath_CoexAgent.exe       1,864 K   5,360 K   1100   Atheros Coex Service Application   Atheros   (A certificate was explicitly revoked by its issuer) Atheros
armsvc.exe       1,220 K   4,104 K   1716   Adobe Acrobat Update Service   Adobe Systems Incorporated   (Verified) Adobe Systems
AERTSr64.exe       1,260 K   3,072 K   1736   Andrea filters APO access service (64-bit)   Andrea Electronics Corporation   (Verified) Andrea Electronics
AdminService.exe       2,560 K   6,792 K   1788   AdminService Application   Atheros Commnucations   (A certificate was explicitly revoked by its issuer) Atheros Commnucations

#4
John Aukerman

Posted 04 August 2016 - 05:39 AM

Member

Topic Starter
Member
284 posts

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       404 N/A
csrss.exe                      584 N/A
wininit.exe                    680 N/A
csrss.exe                      708 N/A
winlogon.exe                   768 N/A
services.exe                   780 N/A
lsass.exe                      804 EFS, KeyIso, SamSs
lsm.exe                        812 N/A
svchost.exe                    916 DcomLaunch, PlugPlay, Power
svchost.exe                   1008 RpcEptMapper, RpcSs
MsMpEng.exe                    608 MsMpSvc
atiesrxx.exe                   452 AMD External Events Utility
svchost.exe                   1036 AudioSrv, Dhcp, eventlog,
                                   HomeGroupProvider, lmhosts, wscsvc
svchost.exe                   1068 AudioEndpointBuilder, hidserv,
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe                   1108 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc
svchost.exe                   1148 AeLookupSvc, Appinfo, AppMgmt, BITS,
                                   Browser, EapHost, IKEEXT, iphlpsvc,
                                   LanmanServer, MMCSS, ProfSvc, Schedule,
                                   SENS, ShellHWDetection, Themes, Winmgmt,
                                   wuauserv
svchost.exe                   1252 gpsvc
svchost.exe                   1348 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
wlanext.exe                   1468 N/A
conhost.exe                   1476 N/A
spoolsv.exe                   1580 Spooler
svchost.exe                   1616 BFE, DPS, MpsSvc
armsvc.exe                    1716 AdobeARMservice
AERTSr64.exe                  1736 AERTFilters
AppleMobileDeviceService.     1764 Apple Mobile Device Service
AdminService.exe              1788 AtherosSvc
mDNSResponder.exe             1828 Bonjour Service
CarboniteService.exe          1852 CarboniteService
svchost.exe                   1920 DiagTrack
svchost.exe                   1960 FDResPub, SSDPSRV, upnphost
atieclxx.exe                  1976 N/A
taskhost.exe                  2224 N/A
dwm.exe                       2316 N/A
explorer.exe                  2368 N/A
GoogleCrashHandler.exe        2668 N/A
GoogleCrashHandler64.exe      2720 N/A
RtkNGUI64.exe                 2792 N/A
RAVBg64.exe                   2800 N/A
BtvStack.exe                  2808 N/A
AthBtTray.exe                 2820 N/A
msseces.exe                   2832 N/A
BJMYPRT.EXE                   2240 N/A
googledrivesync.exe           3360 N/A
iusb3mon.exe                  3464 N/A
MOM.exe                       3484 N/A
ShwiconXP9106.exe             3532 N/A
CarboniteUI.exe               3640 N/A
ijplmsvc.exe                  3836 IJPLMSVC
HeciServer.exe                3860 Intel® Capability Licensing Service Interf
                                   ace
NOBuAgent.exe                 3896 NOBU
SftService.exe                3960 SftService
svchost.exe                   4040 stisvc
WLIDSVC.EXE                   4088 wlidsvc
Ath_CoexAgent.exe             1100 ZAtheros Bt&Wlan Coex Agent
Ath_WlanAgent.exe             3184 ZAtheros Wlan Agent
WLIDSVCM.EXE                  2560 N/A
Toaster.exe                   3716 N/A
STService.exe                 2488 N/A
DSUpd.exe                     2568 N/A
googledrivesync.exe           4928 N/A
CCC.exe                       5040 N/A
IAStorIcon.exe                1724 N/A
SearchIndexer.exe             3404 WSearch
NisSrv.exe                    4808 NisSrv
svchost.exe                   4992 bthserv
svchost.exe                   3272 PolicyAgent
wmpnetwk.exe                  5404 WMPNetworkSvc
WUDFHost.exe                  5616 N/A
svchost.exe                   6140 p2pimsvc, p2psvc, PNRPsvc
dllhost.exe                   3680 N/A
PresentationFontCache.exe     5672 FontCache3.0.0.0
IAStorDataMgrSvc.exe          2340 IAStorDataMgrSvc
LMS.exe                       5752 LMS
UNS.exe                       5664 UNS
svchost.exe                   4696 swprv
firefox.exe                   4300 N/A
audiodg.exe                   5380 N/A
procexp.exe                   1576 N/A
procexp64.exe                 3200 N/A
WmiPrvSE.exe                  4984 N/A
VSSVC.exe                     5756 VSS
OSPPSVC.EXE                   6460 osppsvc
msiexec.exe                   6960 msiserver
notepad.exe                   6612 N/A
taskeng.exe                   6556 N/A
cmd.exe                       5592 N/A
conhost.exe                   5680 N/A
tasklist.exe                  6228 N/A
WmiPrvSE.exe                  2168 N/A

#5
John Aukerman

Posted 04 August 2016 - 05:41 AM

Member

Topic Starter
Member
284 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/08/2016 7:40:56 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/08/2016 12:38:17 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/07/2016 10:40:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/06/2016 11:02:08 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/06/2016 5:55:04 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/06/2016 5:28:41 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/06/2016 10:10:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/06/2016 5:29:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/06/2016 7:36:14 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/06/2016 11:44:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/04/2016 7:35:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/08/2016 10:54:44 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 04/08/2016 10:54:44 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Log: 'System' Date/Time: 04/08/2016 10:54:43 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

Log: 'System' Date/Time: 04/08/2016 10:53:44 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Garmin Device Interaction Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 04/08/2016 10:53:44 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Log: 'System' Date/Time: 03/08/2016 1:30:56 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 03/08/2016 12:39:08 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 8:37:08 AM on ?8/?3/?2016 was unexpected.

Log: 'System' Date/Time: 03/08/2016 10:28:33 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Garmin Device Interaction Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 02/08/2016 3:04:26 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/08/2016 4:11:42 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\Volume{721bfbc5-083d-11e2-a8ff-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AF4E23F4-B30F-4A41-8E15-6D33C9BA5E0A}' was corrupted and it has been recovered. Some data might have been lost.

Log: 'System' Date/Time: 01/08/2016 1:20:35 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 01/08/2016 5:13:37 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 31/07/2016 9:20:45 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 31/07/2016 12:23:49 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 31/07/2016 12:23:32 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\Volume{721bfbc5-083d-11e2-a8ff-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{132526A2-7127-4A63-85B7-2CB2638C2B8F}' was corrupted and it has been recovered. Some data might have been lost.

Log: 'System' Date/Time: 31/07/2016 12:23:21 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\Volume{721bfbc5-083d-11e2-a8ff-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0F57E410-DBFD-471E-A9AA-12401CB4C735}' was corrupted and it has been recovered. Some data might have been lost.

Log: 'System' Date/Time: 31/07/2016 12:23:01 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\Volume{721bfbc5-083d-11e2-a8ff-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{11DDC95A-B80B-4B2B-A764-1EA6D105D31E}' was corrupted and it has been recovered. Some data might have been lost.

Log: 'System' Date/Time: 30/07/2016 8:39:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 30/07/2016 3:29:51 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 30/07/2016 3:29:34 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\Volume{721bfbc5-083d-11e2-a8ff-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3D2086E3-3338-493A-816B-43EED142C347}' was corrupted and it has been recovered. Some data might have been lost.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/08/2016 11:24:05 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name connect.facebook.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/08/2016 10:54:49 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 04/08/2016 4:40:40 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/08/2016 4:40:40 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 03/08/2016 2:21:24 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name clients2.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 03/08/2016 12:40:10 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_CANON&PROD_MP970_SERIES&REV_1110#8&1AE3E506&0&232AD1&0#.

Log: 'System' Date/Time: 03/08/2016 10:47:21 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pix04.revsci.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 03/08/2016 10:16:44 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 03/08/2016 5:12:10 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/08/2016 5:12:10 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 03/08/2016 1:32:57 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name track.eyeviewads.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 02/08/2016 12:55:36 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pixel.mathtag.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 02/08/2016 10:47:26 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 02/08/2016 5:03:12 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/08/2016 5:03:12 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 02/08/2016 3:37:33 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name s.update.rubiconproject.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/08/2016 3:19:10 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name indiana.gop timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/08/2016 1:19:30 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 01/08/2016 5:16:16 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/08/2016 5:16:16 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

#6
John Aukerman

Posted 04 August 2016 - 05:43 AM

Member

Topic Starter
Member
284 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/08/2016 7:43:16 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/08/2016 10:53:57 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 03/08/2016 12:40:09 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 03/08/2016 12:34:55 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program FRST64.exe version 3.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c50 Start Time: 01d1ed7ff683d1f2 Termination Time: 60000 Application Path: C:\Users\Aukerman\Desktop\FRST64.exe Report Id: 805dbd26-5976-11e6-9892-083e8e8298da

Log: 'Application' Date/Time: 03/08/2016 10:17:02 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 02/08/2016 10:47:34 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 01/08/2016 1:19:31 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 31/07/2016 10:56:58 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Log: 'Application' Date/Time: 31/07/2016 11:55:53 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438 Exception code: 0x80000003 Fault offset: 0x0000f3ad Faulting process id: 0x1458 Faulting application start time: 0x01d1eb19831b91de Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: bad1ab02-5715-11e6-b5cb-083e8e8298da

Log: 'Application' Date/Time: 31/07/2016 10:14:45 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 31/07/2016 3:02:02 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 14.0.7171.5000, time stamp: 0x57621d25 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7 Exception code: 0xc0000005 Fault offset: 0x000000000001e1ac Faulting process id: 0x104c Faulting application start time: 0x01d1ead774dfc93a Faulting application path: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Faulting module path: C:\Program Files (x86)\Google\Drive\Microsoft.VC90.CRT\MSVCR90.dll Report Id: 27106557-56cb-11e6-b076-083e8e8298da

Log: 'Application' Date/Time: 30/07/2016 10:59:52 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Log: 'Application' Date/Time: 30/07/2016 10:54:25 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/07/2016 2:42:20 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/07/2016 10:25:42 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/07/2016 2:43:48 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/07/2016 6:47:06 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 23/07/2016 11:17:51 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Log: 'Application' Date/Time: 23/07/2016 11:09:25 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/07/2016 4:41:54 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/07/2016 10:51:58 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/08/2016 4:17:19 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 03/08/2016 10:32:22 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe' (pid 5664) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/08/2016 10:32:22 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe' (pid 4124) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/08/2016 10:32:22 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe' (pid 2536) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/07/2016 11:59:09 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 30/07/2016 6:35:11 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 30/07/2016 6:06:29 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3383977758-1919853078-1981122960-1001:
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1860 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies

Log: 'Application' Date/Time: 29/07/2016 4:12:07 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 27/07/2016 11:25:22 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 23/07/2016 2:56:47 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3383977758-1919853078-1981122960-1001:
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies

Log: 'Application' Date/Time: 23/07/2016 11:09:34 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 23/07/2016 12:44:54 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 17/07/2016 8:34:51 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3383977758-1919853078-1981122960-1001:
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1832 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies

Log: 'Application' Date/Time: 17/07/2016 5:48:16 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3383977758-1919853078-1981122960-1001:
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1864 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies

Log: 'Application' Date/Time: 16/07/2016 11:44:18 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 15/07/2016 6:10:15 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 15/07/2016 4:33:12 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3383977758-1919853078-1981122960-1001:
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1848 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies

Log: 'Application' Date/Time: 14/07/2016 12:09:57 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 13/07/2016 7:57:34 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3383977758-1919853078-1981122960-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 13/07/2016 5:07:42 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3383977758-1919853078-1981122960-1001:
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1920 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies

#7
John Aukerman

Posted 04 August 2016 - 05:50 AM

Member

Topic Starter
Member
284 posts

Speccy log is attached

Attached Files

AUKERMAN-PC.txt 791.03KB 325 downloads

#8
John Aukerman

Posted 04 August 2016 - 05:52 AM

Member

Topic Starter
Member
284 posts

Oops. I missed a couple steps in the middle. I'm starting with the Reboot instruction now and will post further results shortly.

#9
John Aukerman

Posted 04 August 2016 - 06:12 AM

Member

Topic Starter
Member
284 posts

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(This will check your critical system files. Does this finish without complaint?

Yes, it finished without complaint.

#10
RKinner

Posted 04 August 2016 - 06:20 AM

Malware Expert

Expert
24,625 posts

Also uninstall Bonjour.

Carbonite also needs to be uninstalled. Hopefully you re not paying for it. If you are I hope you know your login info so you can reinstall it.

Process Explorer says these three are causing the problem:

svchost.exe   20.14   2,204 K   6,024 K   4696   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
firefox.exe   5.57   719,296 K   706,192 K   4300   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
System   3.34   252 K   4,572 K   4

The first is actually:

svchost.exe 4696 swprv

Which is Microsoft Software Shadow Copy Provider

I have a fix for it but let's wait until we take care of a more urgent problem:

Log: 'System' Date/Time: 31/07/2016 12:23:49 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

Right click on Computer and select Manage Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close nOtepad. Close the Command Window.

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

#11
John Aukerman

Posted 04 August 2016 - 06:27 AM

Member

Topic Starter
Member
284 posts

Bonjour uninstalled.

Why uninstall Carbonite? I pay for it, it's what I use to backup my files.

#12
John Aukerman

Posted 04 August 2016 - 06:38 AM

Member

Topic Starter
Member
284 posts

I did the following:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

Click Yes to schedule the disk check, but don't restart yet.

Right click on Computer and select Manage Then the Event Viewer. Next select Windows Logs.

But can't find Windows Logs. See attached for screenshot after I click Event Viewer.

Attached Thumbnails

#13
RKinner

Posted 04 August 2016 - 06:47 AM

Malware Expert

Expert
24,625 posts

You have to click on the arrow in front of Event Viewer

Carbonite is causing problems but it may be because your file system is messed up so wait until we see what happens after the disk check.

I don't use Carbonite myself so am not familiar with its options but perhaps there is a way to update it without removing it.

#14
John Aukerman

Posted 05 August 2016 - 06:11 AM

Member

Topic Starter
Member
284 posts

Ran Disk check. Took 3+ hours. No problems.

Ran sfc /scannow. No problems.

Event viewer log with *System clicked:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/08/2016 8:05:41 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/08/2016 11:11:45 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 05/08/2016 4:11:57 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/08/2016 4:11:57 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 04/08/2016 10:51:42 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name api.komentary.aol.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/08/2016 9:45:46 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name a.scorecardresearch.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/08/2016 7:33:48 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_CANON&PROD_MP970_SERIES&REV_1110#8&1AE3E506&0&232AD1&0#.

Event viewer log with *Application clicked:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/08/2016 8:10:15 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2016 11:11:56 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 04/08/2016 7:34:08 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2016 4:11:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-3383977758-1919853078-1981122960-1001:
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1796 (\Device\HarddiskVolume3\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe) has opened key \REGISTRY\USER\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Policies

#15
RKinner

Posted 05 August 2016 - 07:50 AM

Malware Expert

Expert
24,625 posts

Log: 'System' Date/Time: 05/08/2016 11:21:11 AM

Type: Error Category: 2

Event: 55 Source: Ntfs

The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Aukerman.

It's still not happy. You have a second NTFS partition of 26.2 GB without a letter. What is that used for? Let's see if volume Aukerman is the same as C:

Open an elevated command prompt: Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator

Type (with an Enter after each line):

diskpart

(It will says somthing like:

Microsoft DiskPart version 6.1.7601

Copyright © 1999-2008 Microsoft Corporation.

On computer: ONEGUY

DISKPART> )

list volume

You will get something like:

DISKPART> list volume

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

Volume 0 D DVD-ROM 0 B No Media

Volume 1 C NTFS Partition 446 GB Healthy Boot

Volume 2 FAT32 Partition 100 MB Healthy System

Volume 3 E NTFS Partition 1024 GB Healthy

Volume 4 G New Volume NTFS Partition 390 GB Healthy

Volume 5 F New Volume NTFS Partition 448 GB Healthy

Volume 6 FAT32 Partition 100 MB Healthy Hidden

Volume 7 H Removable 0 B No Media

Volume 8 K Removable 0 B No Media

Volume 9 J FAT32 Removable 14 GB Healthy

Volume 10 I Removable 0 B No Media

(Right click and MARK then left click in front of DiskPart and hold down the left mouse button and select all of the text then hit Enter. This will copy all of the text you have selected. )