Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer runs slow

Started by John Aukerman , Feb 07 2017 07:56 AM

Please log in to reply

#1
John Aukerman

Posted 07 February 2017 - 07:56 AM

Member

Member
284 posts

This is a Dell desktop, running Windows 7. And it has slowed way down. I think it's infected.

I ran FRST64, but it did not complete. I got an error message about putting a disk in the drive......? Couldn't dismiss the message, had to force FRST64 to stop.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Aukerman (administrator) on AUKERMAN-PC (07-02-2017 08:52:05)
Running from C:\Users\Aukerman\Desktop
Loaded Profiles: Aukerman (Available Profiles: Aukerman)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc) C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\DriveForOffice.SyncHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-07] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Google Update] => C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-15] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3132E1A3-4DDA-41F4-97CC-79FA274A0328}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> {8FFE85F0-FBB5-4047-99DE-D4523975C336} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default [2017-02-07]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\ujdi172x.default -> hxxps://www.facebook.com/
hxxps://mail.google.com/mail/?shva=1#inbox
hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=fiZNqzggyfCvyXfC0GF0iA
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-01-22]
FF Extension: (Clearly) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-01-16]
FF Extension: (LastPass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-12-16]
FF Extension: (webpass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-09-30]
FF Extension: (Garmin Communicator) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-07] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF SearchPlugin: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\searchplugins\taplika.xml [2015-04-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-09] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-09] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aukerman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/calendar/render?tab=mc#main_7"
CHR Profile: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default [2017-02-07]
CHR Extension: (Google Slides) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-07-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-07-01]
CHR Extension: (Vid-Saver) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2015-06-18] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/3491.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pgmfkblbflahhponhjmkcnpjinenhlnc] - C:\Users\Aukerman\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx [2012-09-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-08-03] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 08:52 - 2017-02-07 08:53 - 00027578 _____ C:\Users\Aukerman\Desktop\FRST.txt
2017-02-07 08:51 - 2017-02-07 08:51 - 02421248 _____ (Farbar) C:\Users\Aukerman\Desktop\FRST64.exe
2017-02-07 07:31 - 2017-02-07 07:31 - 00000000 ___RD C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-02-05 06:39 - 2017-02-05 06:40 - 00000000 ____D C:\FRST
2017-02-03 15:48 - 2017-02-03 15:48 - 00134705 _____ C:\Users\Aukerman\asdf
2017-02-03 06:50 - 2017-02-03 06:50 - 00074818 _____ C:\Users\Aukerman\Downloads\document.pdf
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iPod
2017-01-16 07:46 - 2017-01-16 07:46 - 00047091 _____ C:\Users\Aukerman\Downloads\Sanctuary Remodel Financial Report.xls.xlsx
2017-01-10 13:40 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 13:40 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 13:40 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 13:40 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 13:40 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 13:40 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 13:40 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 13:40 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 13:40 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 13:40 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 13:40 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-09 07:19 - 2017-01-09 07:19 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Bit_Studio
2017-01-09 07:18 - 2017-01-09 07:49 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\SyncTunesDesktop
2017-01-09 07:18 - 2017-01-09 07:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synctunes Desktop
2017-01-09 07:18 - 2017-01-09 07:18 - 00000000 ____D C:\Program Files (x86)\The Bit Studio
2017-01-09 07:09 - 2017-01-09 07:17 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Free Download Manager
2017-01-08 07:12 - 2017-01-08 07:12 - 00000000 ____D C:\Users\Aukerman\Documents\Aimersoft DRM Media Converter
2017-01-08 07:00 - 2017-01-08 07:34 - 00000000 ____D C:\Program Files (x86)\Aimersoft
2017-01-08 07:00 - 2017-01-08 07:00 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Aimersoft
2017-01-08 07:00 - 2015-08-03 10:55 - 00675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2017-01-08 07:00 - 2015-08-03 10:54 - 00892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2017-01-08 07:00 - 2015-08-03 10:54 - 00496640 _____ C:\Windows\SysWOW64\xvid.ax
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio5.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio4.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio3.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio2.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio1.sys
2017-01-08 06:53 - 2017-01-08 06:53 - 00000000 ____D C:\Users\Aukerman\AppData\Local\doubleTwist Corporation

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 08:45 - 2012-09-26 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 08:29 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-07 08:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-07 08:12 - 2012-10-06 07:54 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\LastPass
2017-02-07 08:06 - 2012-12-22 07:36 - 00000000 ___RD C:\Users\Aukerman\Google Drive
2017-02-07 07:55 - 2016-11-19 07:02 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\Mozilla
2017-02-07 07:43 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-07 07:43 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-07 07:37 - 2016-09-14 22:55 - 08005632 _____ C:\Users\Aukerman\Desktop\Aukerman losses.xls
2017-02-07 07:31 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-02-07 07:31 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-02-07 07:31 - 2012-09-26 18:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-02-07 07:31 - 2009-07-14 00:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-07 07:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-06 23:20 - 2012-10-27 06:50 - 00000000 ___RD C:\Users\Aukerman\Virtual Machines
2017-02-06 22:19 - 2013-11-27 07:03 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:06 - 2012-10-06 10:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
2017-02-06 07:37 - 2016-08-04 08:49 - 01400832 ___SH C:\Users\Aukerman\Desktop\Thumbs.db
2017-02-06 00:26 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\Bren
2017-02-05 07:49 - 2016-12-23 07:30 - 00310395 _____ C:\Users\Aukerman\Documents\Untitled_3549.amj
2017-02-03 15:48 - 2012-10-06 06:27 - 00000000 ____D C:\Users\Aukerman
2017-02-01 07:40 - 2016-12-23 07:30 - 00310379 _____ C:\Users\Aukerman\Untitled_3549.amk
2017-02-01 06:49 - 2012-10-06 07:25 - 00000000 ___RD C:\Users\Aukerman\Desktop\John
2017-02-01 06:39 - 2012-10-06 07:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-29 23:18 - 2016-07-26 15:28 - 00000000 ____D C:\Users\Aukerman\Desktop\Lou Ann - Choruses
2017-01-28 06:37 - 2016-11-18 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 06:37 - 2012-10-06 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 08:07 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\John
2017-01-21 21:17 - 2016-08-11 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 22:57 - 2013-08-02 23:52 - 00000000 ____D C:\Users\Aukerman\Documents\Outlook Files
2017-01-18 22:57 - 2012-10-07 16:33 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Deployment
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-18 07:04 - 2014-04-13 05:29 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-01-18 07:04 - 2013-06-01 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-15 07:55 - 2012-10-06 16:27 - 00000000 ____D C:\Users\Aukerman\AppData\Local\ElevatedDiagnostics
2017-01-12 17:23 - 2015-05-16 05:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 08:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 01:00 - 2013-08-15 00:08 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 00:59 - 2012-10-06 06:40 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 09:45 - 2012-09-26 17:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 09:45 - 2012-09-26 17:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 09:45 - 2012-09-26 17:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 09:45 - 2012-09-26 17:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 09:45 - 2012-09-26 17:58 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2003-11-10 15:27 - 2003-11-10 15:26 - 0376884 _____ () C:\Program Files\image001.bmp
2013-11-09 08:25 - 2013-11-09 08:25 - 12767232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-05 06:22 - 2015-04-05 06:22 - 0000064 _____ () C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00

Files to move or delete:
====================
C:\Users\Aukerman\jobq.dat

Some files in TEMP:
====================
2013-01-02 20:20 - 2013-01-02 20:20 - 0726016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.dll
2013-01-02 20:20 - 2013-01-02 20:20 - 0150016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0023477 _____ () C:\Users\Aukerman\AppData\Local\Temp\dtkill.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Aukerman\AppData\Local\Temp\Executor.exe
2012-10-07 06:32 - 2012-10-07 06:32 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe-1.exe
2012-10-07 06:29 - 2012-10-07 06:29 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe.exe
2013-01-30 18:58 - 2013-01-30 18:58 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-03-01 15:00 - 2013-03-01 15:00 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 10:36 - 2013-06-13 10:36 - 0903592 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 12:06 - 2013-12-19 12:06 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 15:50 - 2014-04-15 15:50 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 16:12 - 2014-07-11 16:12 - 0918952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 00:15 - 2014-07-28 00:15 - 0918440 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 12:06 - 2014-09-29 12:06 - 0937896 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2012-09-27 16:56 - 2012-09-27 16:56 - 0895464 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2014-12-18 12:29 - 2014-12-18 12:29 - 0641448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-8u31-windows-au.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0150096 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\lowproc.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\stubhelper.dll
2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
2013-04-23 17:15 - 2013-04-23 17:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2010.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2012.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Aukerman (07-02-2017 08:53:59)
Running from C:\Users\Aukerman\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-06 11:27:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3383977758-1919853078-1981122960-500 - Administrator - Disabled)
Aukerman (S-1-5-21-3383977758-1919853078-1981122960-1001 - Administrator - Enabled) => C:\Users\Aukerman
Guest (S-1-5-21-3383977758-1919853078-1981122960-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3383977758-1919853078-1981122960-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version: - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version: - )
Canon MP970 series User Registration (HKLM-x32\...\Canon MP970 series User Registration) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Drive plug-in 1.6.13.0 (HKLM-x32\...\{BE9B9ACB-90BC-4F9D-8952-61B33AD3AFC4}) (Version: 1.6.13.0 - Google Inc)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - GVOX)
MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version: - )
MusicTime Deluxe 4.0.4 UpdateTest (HKLM-x32\...\MusicTime Deluxe 4.0.4 UpdateTest 1.1) (Version: 1.1 - GVOX)
MusicTime Updater (HKLM-x32\...\MusicTime Updater ) (Version: - Passport Music Software LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version: - RootsMagic, Inc.)
RootsMagic 7.0.5.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synctunes Desktop (HKLM-x32\...\{E828D6D5-E46F-49CE-8EC8-8AA0CA852F2F}) (Version: 1.1.7 - The Bit Studio)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0C6B48DD-71D2-382E-9179-C5F899B73D0D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0CD22449-F930-33EB-85B8-2E8676284ABF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2B6AE651-7A0F-3DF5-8BAF-3AD95C19EE54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2C047547-4685-3541-ACA4-CEA3622CDA46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{57030FCC-4D11-3303-8DCF-C72BB0D63403}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{5A63AFF1-DF22-334F-8403-C08018CF2F7E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{82186AB2-1881-42D6-B945-35087B680952}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{859E1D4B-62D3-3BC2-97C3-D7221D8D0B2C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{8C773506-862F-3B84-B219-1D439AEDBE10}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A127BC2E-6037-3719-B332-5E7C40B155F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{C124DB8B-34BE-3FBE-935B-DA807C9A42F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{EE6FC79B-08B9-3BC6-8508-E17566B152AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{FA446C14-194B-3964-B21D-D76C4B4951AD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

#2
RKinner

Posted 09 February 2017 - 08:12 PM

Malware Expert

Expert
24,625 posts

Multiple posts are OK. It's usually easier to just post a log as you get it.

You are correct that it didn't finish. We are missing the errors and the partitions so let's see if minitoolbox will work:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer Errors

List Devices

List Users, Partitions and Memory size.

List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Also I see some adware so let's:

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Then for your slowness let's look at process explorer:

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Then let's do Speccy:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER if it asks. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top about 10 lines down.) Save the file. Attach the file to your next post. It's way too big to just copy and paste. (More Reply Options, Choose File, Open, Attach This File)

#3
John Aukerman

Posted 10 February 2017 - 06:42 AM

Member

Topic Starter
Member
284 posts

MiniToolBox by Farbar Version: 17-06-2016
Ran by Aukerman (administrator) on 10-02-2017 at 07:07:57
Running from "C:\Users\Aukerman\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Model: XPS 8500 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Dell Wireless 1703 802.11b/g/n (2.4GHz) = Wireless Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Aukerman-PC
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 08-3E-8E-82-98-DA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Dell Wireless 1703 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : 08-3E-8E-82-98-D9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 18-03-73-40-B4-56
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:3893:d750:791f:de7b:6d6c:3b70(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:3893:d750:1da:34bd:dcbc:4f0(Preferred)
   Link-local IPv6 Address . . . . . : fe80::791f:de7b:6d6c:3b70%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, February 10, 2017 6:25:35 AM
   Lease Expires . . . . . . . . . . : Saturday, February 11, 2017 6:25:35 AM
   Default Gateway . . . . . . . . . : fe80::fa2c:18ff:fee6:cd09%11
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 236454771
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F5-5B-E1-18-03-73-40-B4-56
   DNS Servers . . . . . . . . . . . : 2602:306:3893:d750::1
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{88A920E8-6812-4E16-9F12-57C037535180}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A0F92081-24FE-4CCD-AB21-FA74CEFFF55C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 2602:306:3893:d750::1

Name:    google.com
Addresses: 2607:f8b0:4009:801::200e
      74.125.138.138
      74.125.138.101
      74.125.138.100
      74.125.138.102
      74.125.138.139
      74.125.138.113

Pinging google.com [2607:f8b0:4002:c06::8a] with 32 bytes of data:
Reply from 2607:f8b0:4002:c06::8a: time=47ms
Reply from 2607:f8b0:4002:c06::8a: time=46ms

Ping statistics for 2607:f8b0:4002:c06::8a:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 46ms, Maximum = 47ms, Average = 46ms
Server: homeportal
Address: 2602:306:3893:d750::1

Name:    yahoo.com
Addresses: 2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      98.139.183.24
      206.190.36.45
      98.138.253.109

Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=37ms
Reply from 2001:4998:44:204::a7: time=36ms

Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 37ms, Average = 36ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...08 3e 8e 82 98 da ......Bluetooth Device (Personal Area Network)
15...08 3e 8e 82 98 d9 ......Dell Wireless 1703 802.11b/g/n (2.4GHz)
11...18 03 73 40 b4 56 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.72     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1 255.255.255.255         On-link         127.0.0.1    306
127.255.255.255 255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.72    266
     192.168.1.72 255.255.255.255         On-link      192.168.1.72    266
    192.168.1.255 255.255.255.255         On-link      192.168.1.72    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.72    266
255.255.255.255 255.255.255.255         On-link         127.0.0.1    306
255.255.255.255 255.255.255.255         On-link      192.168.1.72    266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
11    266 ::/0                     fe80::fa2c:18ff:fee6:cd09
1    306 ::1/128                  On-link
11     18 2602:306:3893:d750::/64 On-link
11    266 2602:306:3893:d750:1da:34bd:dcbc:4f0/128
                                    On-link
11    266 2602:306:3893:d750:791f:de7b:6d6c:3b70/128
                                    On-link
11    266 fe80::/64                On-link
11    266 fe80::791f:de7b:6d6c:3b70/128
                                    On-link
1    306 ff00::/8                 On-link
11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/10/2017 06:35:36 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/10/2017 06:26:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2017 06:52:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2017 06:52:47 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/08/2017 06:43:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2017 11:06:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2017 08:55:00 AM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 5.2.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 209c

Start Time: 01d2814957f166c4

Termination Time: 20532

Application Path: C:\Users\Aukerman\Desktop\FRST64.exe

Report Id: f3821be0-ed3c-11e6-95ef-083e8e8298da

Error: (02/07/2017 07:32:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2017 07:04:42 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/06/2017 06:55:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/10/2017 06:26:07 AM) (Source: Service Control Manager) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/10/2017 06:26:07 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (02/09/2017 06:58:13 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Aukerman.

Error: (02/09/2017 06:53:35 AM) (Source: Service Control Manager) (User: )
Description: The Wondershare Application Framework Service service hung on starting.

Error: (02/09/2017 06:52:04 AM) (Source: Service Control Manager) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/09/2017 06:52:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (02/08/2017 06:42:42 AM) (Source: Service Control Manager) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/08/2017 06:42:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (02/07/2017 11:18:30 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (02/07/2017 11:06:08 AM) (Source: Service Control Manager) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Microsoft Office Sessions:
=========================
Error: (02/10/2017 06:35:36 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/10/2017 06:26:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2017 06:52:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2017 06:52:47 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/08/2017 06:43:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2017 11:06:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2017 08:55:00 AM) (Source: Application Hang)(User: )
Description: FRST64.exe5.2.2017.0209c01d2814957f166c420532C:\Users\Aukerman\Desktop\FRST64.exef3821be0-ed3c-11e6-95ef-083e8e8298da

Error: (02/07/2017 07:32:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2017 07:04:42 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:05@fe80::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/06/2017 06:55:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

========================= Devices: ================================

Name: Canon MP970 ser Network
Description: Canon MP970 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Device ID: ROOT\CANON_IJ_NETWORK\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 8152.96 MB
Available physical RAM: 4209.02 MB
Total Virtual: 16304.11 MB
Available Virtual: 11627.79 MB

========================= Partitions: =====================================

1 Drive c: (Aukerman) (Fixed) (Total:905.22 GB) (Free:590.82 GB) NTFS

========================= Users: ========================================

User accounts for \\AUKERMAN-PC

Administrator            Aukerman                 Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\030814-26535-01.dmp

**** End of log ****

# AdwCleaner v6.043 - Logfile created 10/02/2017 at 07:17:21
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-09.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Aukerman - AUKERMAN-PC
# Running from : C:\Users\Aukerman\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Aukerman\AppData\Local\Conduit
[-] Folder deleted: C:\Users\Aukerman\AppData\Local\Vid-Saver
[-] Folder deleted: C:\Users\Aukerman\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Aukerman\AppData\LocalLow\PriceGong
[-] Folder deleted: C:\Users\Aukerman\AppData\Roaming\WSE_Taplika
[-] Folder deleted: C:\Users\Aukerman\AppData\Roaming\Itibiti
[-] Folder deleted: C:\Users\Aukerman\Documents\PROPCCleaner
[-] Folder deleted: C:\ProgramData\Uniblue
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uniblue
[-] Folder deleted: C:\Program Files (x86)\Conduit
[-] Folder deleted: C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder deleted: C:\Users\Aukerman\AppData\Local\Temp\Air Globe
[-] Folder deleted: C:\Users\Aukerman\AppData\Local\Temp\WebUpdater
[-] Folder deleted: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
[-] Folder deleted: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0

***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\extensions\[email protected]

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
[-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3244149
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Cr_Installer
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\InstalledBrowserExtensions
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\wscontb
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\Crossrider
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\PriceGong
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\Vid-Saver
[#] Key deleted on reboot: HKCU\Software\Cr_Installer
[#] Key deleted on reboot: HKCU\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: HKCU\Software\wscontb
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Vid-Saver
[-] Key deleted: HKLM\SOFTWARE\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Cr_Installer
[#] Key deleted on reboot: [x64] HKCU\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: [x64] HKCU\Software\wscontb
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Vid-Saver
[-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336}
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.crossrider.bic" - "13a3620ecd444703d49d1e3d91405f8d"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.homepage" - "hxxp://home.tb.ask.com/index.jhtml?ptb=3E94AC5F-CB31-4138-A914-1F877F3742A2&n=77fce3db&p2=^ZX^xdm003^S05798^us&si=CMvgweiD9bcCFc0WMgod6iIARA"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.initialized" - true
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.contextKey" - ""
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.installDate" - "2013062107"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.partnerId" - "^ZX^xdm003^S05798^us"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId" - "CMvgweiD9bcCFc0WMgod6iIARA"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.success" - true
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.toolbarId" - "3E94AC5F-CB31-4138-A914-1F877F3742A2"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.lastActivePing" - "1371813617187"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.defaultSearch" - false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled" - false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled" - false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.tabEnabled" - false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.searchHistory" - "radio trinidad"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.weather.location" - "46201"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" - "[email protected]"
[-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: taplika.com
[-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8385 Bytes] - [10/02/2017 07:17:21]
C:\AdwCleaner\AdwCleaner[S0].txt - [9296 Bytes] - [10/02/2017 07:16:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8531 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by Aukerman (Administrator) on Fri 02/10/2017 at 7:24:55.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 36

Successfully deleted: C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00 (File)
Successfully deleted: C:\Users\Aukerman\Documents\add-in express (Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1E9C7WL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHDK14DZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI8A994L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY23LCKF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFK0JHSA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IB325FN2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8RHOPE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9LDTXDM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJRX6N9R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK89CQ9N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFNGTT6A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPKAI7IX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEGQRFV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1E9C7WL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHDK14DZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI8A994L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY23LCKF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFK0JHSA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IB325FN2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8RHOPE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9LDTXDM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJRX6N9R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK89CQ9N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFNGTT6A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPKAI7IX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEGQRFV (Temporary Internet Files Folder)

Deleted the following from C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Free Download Manager (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{462BE121-2B54-4218-BF00-B9BF8135B23F} (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/10/2017 at 7:28:14.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       396 N/A
csrss.exe                      584 N/A
wininit.exe                    672 N/A
csrss.exe                      688 N/A
services.exe                   756 N/A
lsass.exe                      764 EFS, KeyIso, SamSs
lsm.exe                        772 N/A
winlogon.exe                   796 N/A
svchost.exe                    932 DcomLaunch, PlugPlay, Power
svchost.exe                   1020 RpcEptMapper, RpcSs
MsMpEng.exe                    692 MsMpSvc
atiesrxx.exe                   948 AMD External Events Utility
svchost.exe                   1048 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc
svchost.exe                   1084 AudioEndpointBuilder, hidserv, Netman,
                                   PcaSvc, SysMain, TrkWks, UxSms,
                                   WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe                   1112 EventSystem, FontCache, netprofm, nsi,
                                   WdiServiceHost, WinHttpAutoProxySvc
svchost.exe                   1144 AeLookupSvc, Appinfo, BITS, Browser,
                                   EapHost, IKEEXT, iphlpsvc, LanmanServer,
                                   MMCSS, ProfSvc, Schedule, SENS,
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
audiodg.exe                   1212 N/A
svchost.exe                   1256 gpsvc
svchost.exe                   1352 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
wlanext.exe                   1464 N/A
conhost.exe                   1472 N/A
spoolsv.exe                   1520 Spooler
svchost.exe                   1576 BFE, DPS, MpsSvc
armsvc.exe                    1724 AdobeARMservice
AERTSr64.exe                  1744 AERTFilters
AppleMobileDeviceService.     1772 Apple Mobile Device Service
AdminService.exe              1812 AtherosSvc
mDNSResponder.exe             1848 Bonjour Service
CarboniteService.exe          1888 CarboniteService
svchost.exe                   1920 DiagTrack
svchost.exe                   1952 FDResPub, SSDPSRV, upnphost
GarminService.exe             2040 Garmin Device Interaction Service
dwm.exe                       2352 N/A
explorer.exe                  2420 N/A
HeciServer.exe                2692 Intel® Capability Licensing Service Interf
                                   ace
NOBuAgent.exe                 2728 NOBU
SftService.exe                2792 SftService
svchost.exe                   2860 stisvc
WLIDSVC.EXE                   2908 wlidsvc
WLIDSVCM.EXE                  3120 N/A
WsAppService.exe              3144 WsAppService
Ath_CoexAgent.exe             3448 ZAtheros Bt&Wlan Coex Agent
Ath_WlanAgent.exe             3484 ZAtheros Wlan Agent
GoogleCrashHandler.exe        3588 N/A
GoogleCrashHandler64.exe      3680 N/A
svchost.exe                   3796 bthserv
svchost.exe                   4020 PolicyAgent
WUDFHost.exe                  1972 N/A
msseces.exe                   4112 N/A
iPodService.exe               4708 iPod Service
SearchIndexer.exe             4240 WSearch
IAStorIcon.exe                4064 N/A
PresentationFontCache.exe     4836 FontCache3.0.0.0
IAStorDataMgrSvc.exe           588 IAStorDataMgrSvc
LMS.exe                       2172 LMS
wmpnetwk.exe                  4208 WMPNetworkSvc
UNS.exe                       7160 UNS
TrustedInstaller.exe          6808 TrustedInstaller
svchost.exe                   5520 swprv
firefox.exe                   6020 N/A
taskeng.exe                   7000 N/A
NisSrv.exe                    5856 NisSrv
procexp.exe                   4796 N/A
procexp64.exe                 4268 N/A
WmiPrvSE.exe                  1028 N/A
dllhost.exe                   2248 N/A
cmd.exe                       5084 N/A
conhost.exe                   5076 N/A
tasklist.exe                  1120 N/A
WmiPrvSE.exe                  4356 N/A

Attached Files

AUKERMAN-PC.txt 878.9KB 199 downloads

#4
RKinner

Posted 10 February 2017 - 06:54 AM

Malware Expert

Expert
24,625 posts

Error: (02/09/2017 06:58:13 AM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume Aukerman.

Above error is why FRST failed. Run a disk check:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

If you do not see the "The file system structure on the disk is corrupt and unusable." error in VEW system then try FRST again.

#5
John Aukerman

Posted 11 February 2017 - 06:53 AM

Member

Topic Starter
Member
284 posts

2017-02-11 07:30:38, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:38, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:40, Info                  CSI    0000000c [SR] Verify complete
2017-02-11 07:30:41, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:41, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:42, Info                  CSI    00000010 [SR] Verify complete
2017-02-11 07:30:43, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:43, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:44, Info                  CSI    00000014 [SR] Verify complete
2017-02-11 07:30:46, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:46, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:47, Info                  CSI    00000018 [SR] Verify complete
2017-02-11 07:30:48, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:48, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:50, Info                  CSI    0000001c [SR] Verify complete
2017-02-11 07:30:51, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:51, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:52, Info                  CSI    00000020 [SR] Verify complete
2017-02-11 07:30:53, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:53, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:55, Info                  CSI    00000024 [SR] Verify complete
2017-02-11 07:30:56, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:56, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2017-02-11 07:30:57, Info                  CSI    00000028 [SR] Verify complete
2017-02-11 07:30:58, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:30:58, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:00, Info                  CSI    0000002c [SR] Verify complete
2017-02-11 07:31:01, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:01, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:02, Info                  CSI    00000030 [SR] Verify complete
2017-02-11 07:31:03, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:03, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:04, Info                  CSI    00000034 [SR] Verify complete
2017-02-11 07:31:05, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:05, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:07, Info                  CSI    00000038 [SR] Verify complete
2017-02-11 07:31:08, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:08, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:09, Info                  CSI    0000003c [SR] Verify complete
2017-02-11 07:31:11, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:11, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:14, Info                  CSI    00000040 [SR] Verify complete
2017-02-11 07:31:15, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:15, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:17, Info                  CSI    00000044 [SR] Verify complete
2017-02-11 07:31:17, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:17, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:19, Info                  CSI    00000048 [SR] Verify complete
2017-02-11 07:31:20, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:20, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:22, Info                  CSI    0000004c [SR] Verify complete
2017-02-11 07:31:24, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:24, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:27, Info                  CSI    00000050 [SR] Verify complete
2017-02-11 07:31:28, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:28, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:29, Info                  CSI    00000054 [SR] Verify complete
2017-02-11 07:31:30, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:30, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:32, Info                  CSI    00000058 [SR] Verify complete
2017-02-11 07:31:33, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:33, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:34, Info                  CSI    0000005c [SR] Verify complete
2017-02-11 07:31:35, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:35, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:36, Info                  CSI    00000060 [SR] Verify complete
2017-02-11 07:31:37, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:37, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:38, Info                  CSI    00000064 [SR] Verify complete
2017-02-11 07:31:39, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:39, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:40, Info                  CSI    00000068 [SR] Verify complete
2017-02-11 07:31:41, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:41, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:43, Info                  CSI    0000006c [SR] Verify complete
2017-02-11 07:31:43, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:43, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:45, Info                  CSI    00000070 [SR] Verify complete
2017-02-11 07:31:46, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:46, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:47, Info                  CSI    00000074 [SR] Verify complete
2017-02-11 07:31:48, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:48, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:50, Info                  CSI    00000078 [SR] Verify complete
2017-02-11 07:31:50, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:50, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:52, Info                  CSI    0000007c [SR] Verify complete
2017-02-11 07:31:53, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:53, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:54, Info                  CSI    00000080 [SR] Verify complete
2017-02-11 07:31:55, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:55, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:57, Info                  CSI    00000084 [SR] Verify complete
2017-02-11 07:31:58, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:31:58, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2017-02-11 07:31:59, Info                  CSI    00000088 [SR] Verify complete
2017-02-11 07:32:00, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:00, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:02, Info                  CSI    0000008c [SR] Verify complete
2017-02-11 07:32:02, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:02, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:04, Info                  CSI    00000090 [SR] Verify complete
2017-02-11 07:32:04, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:04, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:06, Info                  CSI    00000094 [SR] Verify complete
2017-02-11 07:32:07, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:07, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:09, Info                  CSI    00000098 [SR] Verify complete
2017-02-11 07:32:10, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:10, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:11, Info                  CSI    0000009c [SR] Verify complete
2017-02-11 07:32:12, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:12, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:13, Info                  CSI    000000a0 [SR] Verify complete
2017-02-11 07:32:14, Info                  CSI    000000a1 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:14, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:15, Info                  CSI    000000a4 [SR] Verify complete
2017-02-11 07:32:16, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:16, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:18, Info                  CSI    000000a8 [SR] Verify complete
2017-02-11 07:32:18, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:18, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:20, Info                  CSI    000000ac [SR] Verify complete
2017-02-11 07:32:21, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:21, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:22, Info                  CSI    000000b0 [SR] Verify complete
2017-02-11 07:32:23, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:23, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:24, Info                  CSI    000000b4 [SR] Verify complete
2017-02-11 07:32:25, Info                  CSI    000000b5 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:25, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:26, Info                  CSI    000000b8 [SR] Verify complete
2017-02-11 07:32:27, Info                  CSI    000000b9 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:27, Info                  CSI    000000ba [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:28, Info                  CSI    000000bc [SR] Verify complete
2017-02-11 07:32:29, Info                  CSI    000000bd [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:29, Info                  CSI    000000be [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:30, Info                  CSI    000000c0 [SR] Verify complete
2017-02-11 07:32:31, Info                  CSI    000000c1 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:31, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:33, Info                  CSI    000000c4 [SR] Verify complete
2017-02-11 07:32:33, Info                  CSI    000000c5 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:33, Info                  CSI    000000c6 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:36, Info                  CSI    000000c8 [SR] Verify complete
2017-02-11 07:32:36, Info                  CSI    000000c9 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:36, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:38, Info                  CSI    000000cc [SR] Verify complete
2017-02-11 07:32:38, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:38, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:43, Info                  CSI    000000d1 [SR] Verify complete
2017-02-11 07:32:43, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:43, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:51, Info                  CSI    000000d6 [SR] Verify complete
2017-02-11 07:32:51, Info                  CSI    000000d7 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:51, Info                  CSI    000000d8 [SR] Beginning Verify and Repair transaction
2017-02-11 07:32:56, Info                  CSI    000000dc [SR] Verify complete
2017-02-11 07:32:57, Info                  CSI    000000dd [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:32:57, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:05, Info                  CSI    000000e1 [SR] Verify complete
2017-02-11 07:33:06, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:06, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:19, Info                  CSI    000000e5 [SR] Verify complete
2017-02-11 07:33:20, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:20, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:28, Info                  CSI    00000109 [SR] Verify complete
2017-02-11 07:33:29, Info                  CSI    0000010a [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:29, Info                  CSI    0000010b [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:34, Info                  CSI    00000110 [SR] Verify complete
2017-02-11 07:33:35, Info                  CSI    00000111 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:35, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:41, Info                  CSI    00000114 [SR] Verify complete
2017-02-11 07:33:41, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:41, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:46, Info                  CSI    00000118 [SR] Verify complete
2017-02-11 07:33:46, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:46, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:51, Info                  CSI    0000011c [SR] Verify complete
2017-02-11 07:33:52, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:52, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2017-02-11 07:33:56, Info                  CSI    00000120 [SR] Verify complete
2017-02-11 07:33:57, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:33:57, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:00, Info                  CSI    00000124 [SR] Verify complete
2017-02-11 07:34:01, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:01, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:07, Info                  CSI    0000012a [SR] Verify complete
2017-02-11 07:34:08, Info                  CSI    0000012b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:08, Info                  CSI    0000012c [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:15, Info                  CSI    0000014d [SR] Verify complete
2017-02-11 07:34:16, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:16, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:23, Info                  CSI    00000151 [SR] Verify complete
2017-02-11 07:34:24, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:24, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:35, Info                  CSI    00000155 [SR] Verify complete
2017-02-11 07:34:35, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:35, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:37, Info                  CSI    0000015b [SR] Verify complete
2017-02-11 07:34:38, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:38, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:40, Info                  CSI    0000015f [SR] Verify complete
2017-02-11 07:34:40, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:40, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:41, Info                  CSI    00000163 [SR] Verify complete
2017-02-11 07:34:41, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:41, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:45, Info                  CSI    00000167 [SR] Verify complete
2017-02-11 07:34:45, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:45, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:50, Info                  CSI    0000017c [SR] Verify complete
2017-02-11 07:34:50, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:50, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:52, Info                  CSI    00000180 [SR] Verify complete
2017-02-11 07:34:53, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:53, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:56, Info                  CSI    00000184 [SR] Verify complete
2017-02-11 07:34:57, Info                  CSI    00000185 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:34:57, Info                  CSI    00000186 [SR] Beginning Verify and Repair transaction
2017-02-11 07:34:59, Info                  CSI    00000188 [SR] Verify complete
2017-02-11 07:35:00, Info                  CSI    00000189 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:00, Info                  CSI    0000018a [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:09, Info                  CSI    0000018d [SR] Verify complete
2017-02-11 07:35:10, Info                  CSI    0000018e [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:10, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:20, Info                  CSI    00000192 [SR] Verify complete
2017-02-11 07:35:20, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:20, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:22, Info                  CSI    00000196 [SR] Verify complete
2017-02-11 07:35:22, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:22, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:23, Info                  CSI    0000019a [SR] Verify complete
2017-02-11 07:35:23, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:23, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:29, Info                  CSI    0000019e [SR] Verify complete
2017-02-11 07:35:29, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:29, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:34, Info                  CSI    000001a2 [SR] Verify complete
2017-02-11 07:35:35, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:35, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:39, Info                  CSI    000001a6 [SR] Verify complete
2017-02-11 07:35:39, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:39, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:49, Info                  CSI    000001c0 [SR] Verify complete
2017-02-11 07:35:49, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:49, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2017-02-11 07:35:53, Info                  CSI    000001c4 [SR] Verify complete
2017-02-11 07:35:53, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:35:53, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:03, Info                  CSI    000001c8 [SR] Verify complete
2017-02-11 07:36:04, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:04, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:10, Info                  CSI    000001cd [SR] Verify complete
2017-02-11 07:36:10, Info                  CSI    000001ce [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:10, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:17, Info                  CSI    000001d1 [SR] Verify complete
2017-02-11 07:36:17, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:17, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:23, Info                  CSI    000001d5 [SR] Verify complete
2017-02-11 07:36:23, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:23, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:28, Info                  CSI    000001d9 [SR] Verify complete
2017-02-11 07:36:29, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:29, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:33, Info                  CSI    000001dd [SR] Verify complete
2017-02-11 07:36:33, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:33, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:37, Info                  CSI    000001e3 [SR] Verify complete
2017-02-11 07:36:37, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:37, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:41, Info                  CSI    000001e7 [SR] Verify complete
2017-02-11 07:36:42, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:42, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2017-02-11 07:36:53, Info                  CSI    000001eb [SR] Verify complete
2017-02-11 07:36:54, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:36:54, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:00, Info                  CSI    000001f0 [SR] Verify complete
2017-02-11 07:37:00, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:00, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:04, Info                  CSI    000001f4 [SR] Verify complete
2017-02-11 07:37:05, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:05, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:10, Info                  CSI    000001f9 [SR] Verify complete
2017-02-11 07:37:10, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:10, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:19, Info                  CSI    000001fe [SR] Verify complete
2017-02-11 07:37:19, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:19, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:23, Info                  CSI    00000202 [SR] Verify complete
2017-02-11 07:37:24, Info                  CSI    00000203 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:24, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:27, Info                  CSI    00000206 [SR] Verify complete
2017-02-11 07:37:28, Info                  CSI    00000207 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:28, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:32, Info                  CSI    0000020a [SR] Verify complete
2017-02-11 07:37:32, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:32, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:36, Info                  CSI    0000020f [SR] Verify complete
2017-02-11 07:37:36, Info                  CSI    00000210 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:36, Info                  CSI    00000211 [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:41, Info                  CSI    00000213 [SR] Verify complete
2017-02-11 07:37:41, Info                  CSI    00000214 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:41, Info                  CSI    00000215 [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:44, Info                  CSI    00000218 [SR] Verify complete
2017-02-11 07:37:44, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:44, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:52, Info                  CSI    0000021c [SR] Verify complete
2017-02-11 07:37:52, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:52, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
2017-02-11 07:37:59, Info                  CSI    00000220 [SR] Verify complete
2017-02-11 07:37:59, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:37:59, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:04, Info                  CSI    00000224 [SR] Verify complete
2017-02-11 07:38:05, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:05, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:10, Info                  CSI    00000229 [SR] Verify complete
2017-02-11 07:38:10, Info                  CSI    0000022a [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:10, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:15, Info                  CSI    0000022d [SR] Verify complete
2017-02-11 07:38:16, Info                  CSI    0000022e [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:16, Info                  CSI    0000022f [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:21, Info                  CSI    00000233 [SR] Verify complete
2017-02-11 07:38:22, Info                  CSI    00000234 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:22, Info                  CSI    00000235 [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:30, Info                  CSI    00000237 [SR] Verify complete
2017-02-11 07:38:31, Info                  CSI    00000238 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:31, Info                  CSI    00000239 [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:43, Info                  CSI    0000023c [SR] Verify complete
2017-02-11 07:38:44, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:44, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:48, Info                  CSI    00000240 [SR] Verify complete
2017-02-11 07:38:48, Info                  CSI    00000241 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:48, Info                  CSI    00000242 [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:49, Info                  CSI    00000244 [SR] Verify complete
2017-02-11 07:38:49, Info                  CSI    00000245 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:49, Info                  CSI    00000246 [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:52, Info                  CSI    00000248 [SR] Verify complete
2017-02-11 07:38:53, Info                  CSI    00000249 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:53, Info                  CSI    0000024a [SR] Beginning Verify and Repair transaction
2017-02-11 07:38:58, Info                  CSI    0000024c [SR] Verify complete
2017-02-11 07:38:59, Info                  CSI    0000024d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:38:59, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:05, Info                  CSI    00000250 [SR] Verify complete
2017-02-11 07:39:05, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:05, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:09, Info                  CSI    00000254 [SR] Verify complete
2017-02-11 07:39:09, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:09, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:12, Info                  CSI    00000258 [SR] Verify complete
2017-02-11 07:39:12, Info                  CSI    00000259 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:12, Info                  CSI    0000025a [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:18, Info                  CSI    0000025c [SR] Verify complete
2017-02-11 07:39:18, Info                  CSI    0000025d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:18, Info                  CSI    0000025e [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:28, Info                  CSI    00000260 [SR] Verify complete
2017-02-11 07:39:29, Info                  CSI    00000261 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:29, Info                  CSI    00000262 [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:31, Info                  CSI    00000264 [SR] Verify complete
2017-02-11 07:39:32, Info                  CSI    00000265 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:32, Info                  CSI    00000266 [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:35, Info                  CSI    00000268 [SR] Verify complete
2017-02-11 07:39:35, Info                  CSI    00000269 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:35, Info                  CSI    0000026a [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:36, Info                  CSI    0000026c [SR] Verify complete
2017-02-11 07:39:37, Info                  CSI    0000026d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:37, Info                  CSI    0000026e [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:40, Info                  CSI    00000270 [SR] Verify complete
2017-02-11 07:39:41, Info                  CSI    00000271 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:41, Info                  CSI    00000272 [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:44, Info                  CSI    00000274 [SR] Verify complete
2017-02-11 07:39:45, Info                  CSI    00000275 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:45, Info                  CSI    00000276 [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:48, Info                  CSI    00000278 [SR] Verify complete
2017-02-11 07:39:48, Info                  CSI    00000279 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:48, Info                  CSI    0000027a [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:50, Info                  CSI    0000027c [SR] Verify complete
2017-02-11 07:39:50, Info                  CSI    0000027d [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:50, Info                  CSI    0000027e [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:51, Info                  CSI    00000280 [SR] Verify complete
2017-02-11 07:39:51, Info                  CSI    00000281 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:51, Info                  CSI    00000282 [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:54, Info                  CSI    0000028a [SR] Verify complete
2017-02-11 07:39:55, Info                  CSI    0000028b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:55, Info                  CSI    0000028c [SR] Beginning Verify and Repair transaction
2017-02-11 07:39:58, Info                  CSI    0000028e [SR] Verify complete
2017-02-11 07:39:58, Info                  CSI    0000028f [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:39:58, Info                  CSI    00000290 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:02, Info                  CSI    00000292 [SR] Verify complete
2017-02-11 07:40:03, Info                  CSI    00000293 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:03, Info                  CSI    00000294 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:05, Info                  CSI    00000296 [SR] Verify complete
2017-02-11 07:40:06, Info                  CSI    00000297 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:06, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:09, Info                  CSI    0000029a [SR] Verify complete
2017-02-11 07:40:10, Info                  CSI    0000029b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:10, Info                  CSI    0000029c [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:14, Info                  CSI    0000029e [SR] Verify complete
2017-02-11 07:40:14, Info                  CSI    0000029f [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:14, Info                  CSI    000002a0 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:20, Info                  CSI    000002a3 [SR] Verify complete
2017-02-11 07:40:20, Info                  CSI    000002a4 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:20, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:23, Info                  CSI    000002a7 [SR] Verify complete
2017-02-11 07:40:23, Info                  CSI    000002a8 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:23, Info                  CSI    000002a9 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:24, Info                  CSI    000002ab [SR] Verify complete
2017-02-11 07:40:25, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:25, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:33, Info                  CSI    000002b0 [SR] Verify complete
2017-02-11 07:40:33, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:33, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:43, Info                  CSI    000002b6 [SR] Verify complete
2017-02-11 07:40:43, Info                  CSI    000002b7 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:43, Info                  CSI    000002b8 [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:49, Info                  CSI    000002bd [SR] Verify complete
2017-02-11 07:40:49, Info                  CSI    000002be [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:49, Info                  CSI    000002bf [SR] Beginning Verify and Repair transaction
2017-02-11 07:40:54, Info                  CSI    000002c5 [SR] Verify complete
2017-02-11 07:40:55, Info                  CSI    000002c6 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:40:55, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:01, Info                  CSI    000002d1 [SR] Verify complete
2017-02-11 07:41:01, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:01, Info                  CSI    000002d3 [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:07, Info                  CSI    000002d9 [SR] Verify complete
2017-02-11 07:41:07, Info                  CSI    000002da [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:07, Info                  CSI    000002db [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:11, Info                  CSI    000002dd [SR] Verify complete
2017-02-11 07:41:11, Info                  CSI    000002de [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:11, Info                  CSI    000002df [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:14, Info                  CSI    000002e3 [SR] Verify complete
2017-02-11 07:41:14, Info                  CSI    000002e4 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:14, Info                  CSI    000002e5 [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:16, Info                  CSI    000002e7 [SR] Verify complete
2017-02-11 07:41:17, Info                  CSI    000002e8 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:17, Info                  CSI    000002e9 [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:22, Info                  CSI    0000030e [SR] Verify complete
2017-02-11 07:41:23, Info                  CSI    0000030f [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:23, Info                  CSI    00000310 [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:29, Info                  CSI    00000312 [SR] Verify complete
2017-02-11 07:41:29, Info                  CSI    00000313 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:29, Info                  CSI    00000314 [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:36, Info                  CSI    00000316 [SR] Verify complete
2017-02-11 07:41:36, Info                  CSI    00000317 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:36, Info                  CSI    00000318 [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:42, Info                  CSI    0000031a [SR] Verify complete
2017-02-11 07:41:43, Info                  CSI    0000031b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:43, Info                  CSI    0000031c [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:48, Info                  CSI    0000032a [SR] Verify complete
2017-02-11 07:41:48, Info                  CSI    0000032b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:48, Info                  CSI    0000032c [SR] Beginning Verify and Repair transaction
2017-02-11 07:41:56, Info                  CSI    0000032e [SR] Verify complete
2017-02-11 07:41:56, Info                  CSI    0000032f [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:41:56, Info                  CSI    00000330 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:02, Info                  CSI    0000033e [SR] Verify complete
2017-02-11 07:42:02, Info                  CSI    0000033f [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:02, Info                  CSI    00000340 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:05, Info                  CSI    00000342 [SR] Verify complete
2017-02-11 07:42:06, Info                  CSI    00000343 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:06, Info                  CSI    00000344 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:12, Info                  CSI    00000346 [SR] Verify complete
2017-02-11 07:42:13, Info                  CSI    00000347 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:13, Info                  CSI    00000348 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:19, Info                  CSI    0000034b [SR] Verify complete
2017-02-11 07:42:19, Info                  CSI    0000034c [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:19, Info                  CSI    0000034d [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:21, Info                  CSI    0000034f [SR] Verify complete
2017-02-11 07:42:21, Info                  CSI    00000350 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:21, Info                  CSI    00000351 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:26, Info                  CSI    00000353 [SR] Verify complete
2017-02-11 07:42:26, Info                  CSI    00000354 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:26, Info                  CSI    00000355 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:30, Info                  CSI    00000357 [SR] Verify complete
2017-02-11 07:42:30, Info                  CSI    00000358 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:30, Info                  CSI    00000359 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:36, Info                  CSI    0000035d [SR] Verify complete
2017-02-11 07:42:37, Info                  CSI    0000035e [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:37, Info                  CSI    0000035f [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:42, Info                  CSI    00000377 [SR] Verify complete
2017-02-11 07:42:42, Info                  CSI    00000378 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:42, Info                  CSI    00000379 [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:54, Info                  CSI    0000037b [SR] Verify complete
2017-02-11 07:42:55, Info                  CSI    0000037c [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:55, Info                  CSI    0000037d [SR] Beginning Verify and Repair transaction
2017-02-11 07:42:58, Info                  CSI    0000037f [SR] Verify complete
2017-02-11 07:42:59, Info                  CSI    00000380 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:42:59, Info                  CSI    00000381 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:01, Info                  CSI    00000383 [SR] Verify complete
2017-02-11 07:43:01, Info                  CSI    00000384 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:01, Info                  CSI    00000385 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:04, Info                  CSI    00000389 [SR] Verify complete
2017-02-11 07:43:04, Info                  CSI    0000038a [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:04, Info                  CSI    0000038b [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:07, Info                  CSI    0000038d [SR] Verify complete
2017-02-11 07:43:08, Info                  CSI    0000038e [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:08, Info                  CSI    0000038f [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:14, Info                  CSI    00000391 [SR] Verify complete
2017-02-11 07:43:15, Info                  CSI    00000392 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:15, Info                  CSI    00000393 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:18, Info                  CSI    00000395 [SR] Verify complete
2017-02-11 07:43:19, Info                  CSI    00000396 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:19, Info                  CSI    00000397 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:22, Info                  CSI    0000039a [SR] Verify complete
2017-02-11 07:43:23, Info                  CSI    0000039b [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:23, Info                  CSI    0000039c [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:26, Info                  CSI    0000039e [SR] Verify complete
2017-02-11 07:43:26, Info                  CSI    0000039f [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:26, Info                  CSI    000003a0 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:30, Info                  CSI    000003a2 [SR] Verify complete
2017-02-11 07:43:30, Info                  CSI    000003a3 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:30, Info                  CSI    000003a4 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:35, Info                  CSI    000003a6 [SR] Verify complete
2017-02-11 07:43:35, Info                  CSI    000003a7 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:35, Info                  CSI    000003a8 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:38, Info                  CSI    000003ab [SR] Verify complete
2017-02-11 07:43:39, Info                  CSI    000003ac [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:39, Info                  CSI    000003ad [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:43, Info                  CSI    000003af [SR] Verify complete
2017-02-11 07:43:44, Info                  CSI    000003b0 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:44, Info                  CSI    000003b1 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:49, Info                  CSI    000003b3 [SR] Verify complete
2017-02-11 07:43:49, Info                  CSI    000003b4 [SR] Verifying 100 (0x0000000000000064) components
2017-02-11 07:43:49, Info                  CSI    000003b5 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:55, Info                  CSI    000003b7 [SR] Verify complete
2017-02-11 07:43:56, Info                  CSI    000003b8 [SR] Verifying 76 (0x000000000000004c) components
2017-02-11 07:43:56, Info                  CSI    000003b9 [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:59, Info                  CSI    000003bb [SR] Verify complete
2017-02-11 07:43:59, Info                  CSI    000003bc [SR] Repairing 0 components
2017-02-11 07:43:59, Info                  CSI    000003bd [SR] Beginning Verify and Repair transaction
2017-02-11 07:43:59, Info                  CSI    000003bf [SR] Repair complete

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/02/2017 7:46:38 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/02/2017 12:27:30 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 11/02/2017 12:25:51 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Garmin Device Interaction Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 11/02/2017 12:25:51 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Log: 'System' Date/Time: 11/02/2017 12:25:15 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 7:22:19 AM on ?2/?11/?2017 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/02/2017 12:26:51 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#.

I followed all instructions and tried FRST again, but it still had the same problem, failed to complete the scan with a "No Disk in Drive" error message.

#6
John Aukerman

Posted 11 February 2017 - 06:54 AM

Member

Topic Starter
Member
284 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-02-2017
Ran by Aukerman (administrator) on AUKERMAN-PC (11-02-2017 07:50:21)
Running from C:\Users\Aukerman\Desktop
Loaded Profiles: Aukerman (Available Profiles: Aukerman)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-07] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Google Update] => C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-15] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2017-02-08]
ShortcutTarget: Slack.lnk -> C:\Users\Aukerman\AppData\Local\slack\slack.exe (Slack Technologies)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3132E1A3-4DDA-41F4-97CC-79FA274A0328}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default [2017-02-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\ujdi172x.default -> hxxps://www.facebook.com/
hxxps://mail.google.com/mail/?shva=1#inbox
hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=fiZNqzggyfCvyXfC0GF0iA
FF Extension: (Clearly) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-01-16]
FF Extension: (LastPass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-12-16]
FF Extension: (webpass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-02-09]
FF Extension: (Garmin Communicator) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-07] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-09] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-09] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aukerman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/calendar/render?tab=mc#main_7"
CHR Profile: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Extension: (Google Slides) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-07-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-07-01]
CHR Extension: (Gmail) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-08-03] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 07:50 - 2017-02-11 07:52 - 00025979 _____ C:\Users\Aukerman\Desktop\FRST.txt
2017-02-11 07:50 - 2017-02-11 07:50 - 00000000 ____D C:\Users\Aukerman\Desktop\FRST-OlderVersion
2017-02-11 07:46 - 2017-02-11 07:48 - 00000913 _____ C:\VEW.txt
2017-02-11 07:46 - 2017-02-11 07:46 - 00001624 _____ C:\Users\Aukerman\Desktop\VEW.txt
2017-02-11 07:45 - 2017-02-11 07:45 - 00061440 _____ ( ) C:\Users\Aukerman\Desktop\VEW.exe
2017-02-11 07:45 - 2017-02-11 07:45 - 00052248 _____ C:\Users\Aukerman\Desktop\junk.txt
2017-02-11 07:25 - 2017-02-11 07:25 - 00000000 ___RD C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-02-10 11:44 - 2017-02-10 11:44 - 00002152 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-10 11:44 - 2017-02-10 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-10 07:38 - 2017-02-10 07:38 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\Program Files\Speccy
2017-02-10 07:35 - 2017-02-10 07:35 - 00006644 _____ C:\junk.txt
2017-02-10 07:30 - 2017-02-10 07:30 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Aukerman\Desktop\procexp.exe
2017-02-10 07:23 - 2017-02-10 07:23 - 01663040 _____ (Malwarebytes) C:\Users\Aukerman\Desktop\JRT.exe
2017-02-10 07:14 - 2017-02-10 07:17 - 00000000 ____D C:\AdwCleaner
2017-02-10 07:09 - 2017-02-10 07:09 - 04015056 _____ C:\Users\Aukerman\Desktop\AdwCleaner.exe
2017-02-10 07:06 - 2017-02-10 07:06 - 00892416 _____ (Farbar) C:\Users\Aukerman\Desktop\MiniToolBox.exe
2017-02-08 10:18 - 2017-02-08 10:18 - 00008129 _____ C:\Users\Aukerman\Downloads\student-orgs.xlsx
2017-02-08 10:10 - 2017-02-11 07:26 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Slack
2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\SquirrelTemp
2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\slack
2017-02-07 08:51 - 2017-02-11 07:50 - 02421248 _____ (Farbar) C:\Users\Aukerman\Desktop\FRST64.exe
2017-02-05 06:39 - 2017-02-05 06:40 - 00000000 ____D C:\FRST
2017-02-03 15:48 - 2017-02-03 15:48 - 00134705 _____ C:\Users\Aukerman\asdf
2017-02-03 06:50 - 2017-02-03 06:50 - 00074818 _____ C:\Users\Aukerman\Downloads\document.pdf
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iPod
2017-01-16 07:46 - 2017-01-16 07:46 - 00047091 _____ C:\Users\Aukerman\Downloads\Sanctuary Remodel Financial Report.xls.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 07:45 - 2012-09-26 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-11 07:35 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-11 07:35 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-11 07:31 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-11 07:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-11 07:27 - 2016-11-19 07:02 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\Mozilla
2017-02-11 07:27 - 2012-10-06 07:54 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\LastPass
2017-02-11 07:26 - 2012-12-22 07:36 - 00000000 ___RD C:\Users\Aukerman\Google Drive
2017-02-11 07:26 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-02-11 07:26 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-02-11 07:26 - 2012-09-26 18:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-02-11 07:25 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-11 01:01 - 2012-10-27 06:50 - 00000000 ___RD C:\Users\Aukerman\Virtual Machines
2017-02-11 00:59 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\Bren
2017-02-10 14:46 - 2012-10-06 10:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
2017-02-10 11:44 - 2012-10-07 16:33 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-09 08:49 - 2016-08-04 08:49 - 01446912 ___SH C:\Users\Aukerman\Desktop\Thumbs.db
2017-02-08 23:42 - 2016-07-26 15:28 - 00000000 ____D C:\Users\Aukerman\Desktop\Lou Ann - Choruses
2017-02-07 07:37 - 2016-09-14 22:55 - 08005632 _____ C:\Users\Aukerman\Desktop\Aukerman losses.xls
2017-02-07 07:31 - 2009-07-14 00:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-06 22:19 - 2013-11-27 07:03 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 07:49 - 2016-12-23 07:30 - 00310395 _____ C:\Users\Aukerman\Documents\Untitled_3549.amj
2017-02-03 15:48 - 2012-10-06 06:27 - 00000000 ____D C:\Users\Aukerman
2017-02-01 07:40 - 2016-12-23 07:30 - 00310379 _____ C:\Users\Aukerman\Untitled_3549.amk
2017-02-01 06:49 - 2012-10-06 07:25 - 00000000 ___RD C:\Users\Aukerman\Desktop\John
2017-02-01 06:39 - 2012-10-06 07:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-28 06:37 - 2016-11-18 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 06:37 - 2012-10-06 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 08:07 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\John
2017-01-21 21:17 - 2016-08-11 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 22:57 - 2013-08-02 23:52 - 00000000 ____D C:\Users\Aukerman\Documents\Outlook Files
2017-01-18 22:57 - 2012-10-07 16:33 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Deployment
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-18 07:04 - 2014-04-13 05:29 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-01-18 07:04 - 2013-06-01 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-15 07:55 - 2012-10-06 16:27 - 00000000 ____D C:\Users\Aukerman\AppData\Local\ElevatedDiagnostics
2017-01-12 17:23 - 2015-05-16 05:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2003-11-10 15:27 - 2003-11-10 15:26 - 0376884 _____ () C:\Program Files\image001.bmp
2013-11-09 08:25 - 2013-11-09 08:25 - 12767232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

Files to move or delete:
====================
C:\Users\Aukerman\jobq.dat

Some files in TEMP:
====================
2013-01-02 20:20 - 2013-01-02 20:20 - 0726016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.dll
2013-01-02 20:20 - 2013-01-02 20:20 - 0150016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0023477 _____ () C:\Users\Aukerman\AppData\Local\Temp\dtkill.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Aukerman\AppData\Local\Temp\Executor.exe
2012-10-07 06:32 - 2012-10-07 06:32 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe-1.exe
2012-10-07 06:29 - 2012-10-07 06:29 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe.exe
2013-01-30 18:58 - 2013-01-30 18:58 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-03-01 15:00 - 2013-03-01 15:00 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 10:36 - 2013-06-13 10:36 - 0903592 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 12:06 - 2013-12-19 12:06 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 15:50 - 2014-04-15 15:50 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 16:12 - 2014-07-11 16:12 - 0918952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 00:15 - 2014-07-28 00:15 - 0918440 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 12:06 - 2014-09-29 12:06 - 0937896 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2012-09-27 16:56 - 2012-09-27 16:56 - 0895464 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2014-12-18 12:29 - 2014-12-18 12:29 - 0641448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-8u31-windows-au.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0150096 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\lowproc.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\stubhelper.dll
2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
2013-04-23 17:15 - 2013-04-23 17:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2010.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2012.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2017
Ran by Aukerman (11-02-2017 07:53:05)
Running from C:\Users\Aukerman\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-06 11:27:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3383977758-1919853078-1981122960-500 - Administrator - Disabled)
Aukerman (S-1-5-21-3383977758-1919853078-1981122960-1001 - Administrator - Enabled) => C:\Users\Aukerman
Guest (S-1-5-21-3383977758-1919853078-1981122960-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3383977758-1919853078-1981122960-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version: - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version: - )
Canon MP970 series User Registration (HKLM-x32\...\Canon MP970 series User Registration) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Drive plug-in 1.6.13.0 (HKLM-x32\...\{BE9B9ACB-90BC-4F9D-8952-61B33AD3AFC4}) (Version: 1.6.13.0 - Google Inc)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - GVOX)
MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version: - )
MusicTime Deluxe 4.0.4 UpdateTest (HKLM-x32\...\MusicTime Deluxe 4.0.4 UpdateTest 1.1) (Version: 1.1 - GVOX)
MusicTime Updater (HKLM-x32\...\MusicTime Updater ) (Version: - Passport Music Software LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version: - RootsMagic, Inc.)
RootsMagic 7.0.5.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\slack) (Version: 2.4.1 - Slack Technologies)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Synctunes Desktop (HKLM-x32\...\{E828D6D5-E46F-49CE-8EC8-8AA0CA852F2F}) (Version: 1.1.7 - The Bit Studio)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0C6B48DD-71D2-382E-9179-C5F899B73D0D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0CD22449-F930-33EB-85B8-2E8676284ABF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2B6AE651-7A0F-3DF5-8BAF-3AD95C19EE54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2C047547-4685-3541-ACA4-CEA3622CDA46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{57030FCC-4D11-3303-8DCF-C72BB0D63403}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{5A63AFF1-DF22-334F-8403-C08018CF2F7E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{82186AB2-1881-42D6-B945-35087B680952}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{859E1D4B-62D3-3BC2-97C3-D7221D8D0B2C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{8C773506-862F-3B84-B219-1D439AEDBE10}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A127BC2E-6037-3719-B332-5E7C40B155F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{C124DB8B-34BE-3FBE-935B-DA807C9A42F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{EE6FC79B-08B9-3BC6-8508-E17566B152AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{FA446C14-194B-3964-B21D-D76C4B4951AD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

#7
RKinner

Posted 11 February 2017 - 08:02 AM

Malware Expert

Expert
24,625 posts

Odd. VEW doesn't show a problem with the disk any more so it should work. Let's try aswMBR

Download aswMBR.exe to your desktop.

The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it

Wait until the AV Scan shows up at the bottom left.

Change AV Scan: from Quick Scan to C:\

Click the "Scan" button to start scan

If it asks you to allow the Avast engine to download then say Yes. It will take a while to finish.

On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

#8
John Aukerman

Posted 11 February 2017 - 06:51 PM

Member

Topic Starter
Member
284 posts

Completed. There is a button, FixMBR.

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-02-11 10:04:01
-----------------------------
10:04:01.404    OS Version: Windows x64 6.1.7601 Service Pack 1
10:04:01.404    Number of processors: 4 586 0x3A09
10:04:01.404    ComputerName: AUKERMAN-PC UserName: Aukerman
10:04:09.447    Initialize success
10:04:09.816    VM: initialized successfully
10:04:09.817    VM: Intel CPU supported
10:04:17.063    VM: supported disk I/O iaStor.sys
10:06:05.554    AVAST engine defs: 17010903
10:06:20.866    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:06:20.870    Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
10:06:21.043    VM: Disk 0 MBR read successfully
10:06:21.046    Disk 0 MBR scan
10:06:21.108    Disk 0 Windows VISTA default MBR code
10:06:24.189    Disk 0 Partition 1 00     DE   Dell Utility DELL 4.1       39 MB offset 63
10:06:24.254    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS        26880 MB offset 81920
10:06:24.262    Disk 0 Boot: NTFS     code=1
10:06:24.330    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       926948 MB offset 55132160
10:06:24.553    Disk 0 scanning C:\Windows\system32\drivers
10:06:52.936    Service scanning
10:07:24.969    Modules scanning
10:07:24.972    Disk 0 trace - called modules:
10:07:25.084    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:07:25.087    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009ab9060]
10:07:25.089    3 CLASSPNP.SYS[fffff88001d0443f] -> nt!IofCallDriver -> [0xfffffa80071e50f0]
10:07:25.092    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071ea050]
10:07:32.889    AVAST engine scan C:\
11:15:40.712    File: C:\Users\Aukerman\AppData\Local\Temp\DM\Installer_for_QKTM_mhicustaller772_exe_067312\WStest.exe **INFECTED** Win32:GenMaliciousA-HPZ [Adw]
18:05:59.842    Disk 0 statistics 70279649/0/23958 @ 1.70 MB/s
18:05:59.850    Scan finished successfully
19:50:10.308    Disk 0 MBR has been saved successfully to "C:\Users\Aukerman\Desktop\MBR.dat"
19:50:10.331    The log file has been saved successfully to "C:\Users\Aukerman\Desktop\aswMBR.txt"

#9
RKinner

Posted 11 February 2017 - 09:44 PM

Malware Expert

Expert
24,625 posts

Looks like it found something but it's just adware. Not a rootkit. I don't think it removed it so let's use a fixlist to remove the file.

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

#10
John Aukerman

Posted 12 February 2017 - 05:42 AM

Member

Topic Starter
Member
284 posts

Same result. FRST did not complete.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Aukerman (administrator) on AUKERMAN-PC (12-02-2017 06:39:34)
Running from C:\Users\Aukerman\Desktop
Loaded Profiles: Aukerman (Available Profiles: Aukerman)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-07] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Google Update] => C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-15] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2017-02-08]
ShortcutTarget: Slack.lnk -> C:\Users\Aukerman\AppData\Local\slack\slack.exe (Slack Technologies)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3132E1A3-4DDA-41F4-97CC-79FA274A0328}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default [2017-02-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\ujdi172x.default -> hxxps://www.facebook.com/
hxxps://mail.google.com/mail/?shva=1#inbox
hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=fiZNqzggyfCvyXfC0GF0iA
FF Extension: (Clearly) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-01-16]
FF Extension: (LastPass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-12-16]
FF Extension: (webpass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-02-09]
FF Extension: (Garmin Communicator) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-07] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-09] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-09] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aukerman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/calendar/render?tab=mc#main_7"
CHR Profile: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
CHR Extension: (Google Slides) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-07-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-07-01]
CHR Extension: (Gmail) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-08-03] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 06:39 - 2017-02-12 06:41 - 00026166 _____ C:\Users\Aukerman\Desktop\FRST.txt
2017-02-12 06:39 - 2017-02-12 06:39 - 00000342 _____ C:\Users\Aukerman\Desktop\fixlist.txt
2017-02-12 06:39 - 2017-02-12 06:39 - 00000000 ____D C:\Users\Aukerman\Desktop\FRST-OlderVersion
2017-02-12 06:30 - 2017-02-12 06:30 - 00000000 ___RD C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-02-11 10:03 - 2017-02-11 10:03 - 05200384 _____ (AVAST Software) C:\Users\Aukerman\Desktop\aswmbr.exe
2017-02-11 07:46 - 2017-02-11 07:48 - 00000913 _____ C:\VEW.txt
2017-02-11 07:45 - 2017-02-11 07:45 - 00061440 _____ ( ) C:\Users\Aukerman\Desktop\VEW.exe
2017-02-10 11:44 - 2017-02-10 11:44 - 00002152 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-10 11:44 - 2017-02-10 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-10 07:38 - 2017-02-10 07:38 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\Program Files\Speccy
2017-02-10 07:35 - 2017-02-10 07:35 - 00006644 _____ C:\junk.txt
2017-02-10 07:30 - 2017-02-10 07:30 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Aukerman\Desktop\procexp.exe
2017-02-10 07:23 - 2017-02-10 07:23 - 01663040 _____ (Malwarebytes) C:\Users\Aukerman\Desktop\JRT.exe
2017-02-10 07:14 - 2017-02-10 07:17 - 00000000 ____D C:\AdwCleaner
2017-02-10 07:09 - 2017-02-10 07:09 - 04015056 _____ C:\Users\Aukerman\Desktop\AdwCleaner.exe
2017-02-10 07:06 - 2017-02-10 07:06 - 00892416 _____ (Farbar) C:\Users\Aukerman\Desktop\MiniToolBox.exe
2017-02-08 10:18 - 2017-02-08 10:18 - 00008129 _____ C:\Users\Aukerman\Downloads\student-orgs.xlsx
2017-02-08 10:10 - 2017-02-12 06:31 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Slack
2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\SquirrelTemp
2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\slack
2017-02-07 08:51 - 2017-02-12 06:39 - 02421248 _____ (Farbar) C:\Users\Aukerman\Desktop\FRST64.exe
2017-02-05 06:39 - 2017-02-05 06:40 - 00000000 ____D C:\FRST
2017-02-03 15:48 - 2017-02-03 15:48 - 00134705 _____ C:\Users\Aukerman\asdf
2017-02-03 06:50 - 2017-02-03 06:50 - 00074818 _____ C:\Users\Aukerman\Downloads\document.pdf
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iPod
2017-01-16 07:46 - 2017-01-16 07:46 - 00047091 _____ C:\Users\Aukerman\Downloads\Sanctuary Remodel Financial Report.xls.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 06:38 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-12 06:38 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-12 06:37 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-12 06:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-12 06:36 - 2016-11-19 07:02 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\Mozilla
2017-02-12 06:36 - 2012-10-06 07:54 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\LastPass
2017-02-12 06:31 - 2012-12-22 07:36 - 00000000 ___RD C:\Users\Aukerman\Google Drive
2017-02-12 06:31 - 2012-09-26 18:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-02-12 06:30 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-02-12 06:30 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-02-12 06:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-12 01:15 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\Bren
2017-02-12 00:45 - 2012-09-26 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-11 23:04 - 2016-08-04 08:49 - 01461248 ___SH C:\Users\Aukerman\Desktop\Thumbs.db
2017-02-11 22:08 - 2012-10-27 06:50 - 00000000 ___RD C:\Users\Aukerman\Virtual Machines
2017-02-11 16:34 - 2012-10-06 10:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
2017-02-11 12:04 - 2016-09-14 22:55 - 08008192 _____ C:\Users\Aukerman\Desktop\Aukerman losses.xls
2017-02-10 11:44 - 2012-10-07 16:33 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-08 23:42 - 2016-07-26 15:28 - 00000000 ____D C:\Users\Aukerman\Desktop\Lou Ann - Choruses
2017-02-07 07:31 - 2009-07-14 00:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-06 22:19 - 2013-11-27 07:03 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 07:49 - 2016-12-23 07:30 - 00310395 _____ C:\Users\Aukerman\Documents\Untitled_3549.amj
2017-02-03 15:48 - 2012-10-06 06:27 - 00000000 ____D C:\Users\Aukerman
2017-02-01 07:40 - 2016-12-23 07:30 - 00310379 _____ C:\Users\Aukerman\Untitled_3549.amk
2017-02-01 06:49 - 2012-10-06 07:25 - 00000000 ___RD C:\Users\Aukerman\Desktop\John
2017-02-01 06:39 - 2012-10-06 07:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-28 06:37 - 2016-11-18 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 06:37 - 2012-10-06 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 08:07 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\John
2017-01-21 21:17 - 2016-08-11 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 22:57 - 2013-08-02 23:52 - 00000000 ____D C:\Users\Aukerman\Documents\Outlook Files
2017-01-18 22:57 - 2012-10-07 16:33 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Deployment
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-18 07:04 - 2014-04-13 05:29 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-01-18 07:04 - 2013-06-01 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-15 07:55 - 2012-10-06 16:27 - 00000000 ____D C:\Users\Aukerman\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2003-11-10 15:27 - 2003-11-10 15:26 - 0376884 _____ () C:\Program Files\image001.bmp
2013-11-09 08:25 - 2013-11-09 08:25 - 12767232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

Files to move or delete:
====================
C:\Users\Aukerman\jobq.dat

Some files in TEMP:
====================
2013-01-02 20:20 - 2013-01-02 20:20 - 0726016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.dll
2013-01-02 20:20 - 2013-01-02 20:20 - 0150016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0023477 _____ () C:\Users\Aukerman\AppData\Local\Temp\dtkill.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Aukerman\AppData\Local\Temp\Executor.exe
2012-10-07 06:32 - 2012-10-07 06:32 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe-1.exe
2012-10-07 06:29 - 2012-10-07 06:29 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe.exe
2013-01-30 18:58 - 2013-01-30 18:58 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-03-01 15:00 - 2013-03-01 15:00 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 10:36 - 2013-06-13 10:36 - 0903592 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 12:06 - 2013-12-19 12:06 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 15:50 - 2014-04-15 15:50 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 16:12 - 2014-07-11 16:12 - 0918952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 00:15 - 2014-07-28 00:15 - 0918440 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 12:06 - 2014-09-29 12:06 - 0937896 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2012-09-27 16:56 - 2012-09-27 16:56 - 0895464 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2014-12-18 12:29 - 2014-12-18 12:29 - 0641448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-8u31-windows-au.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0150096 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\lowproc.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\stubhelper.dll
2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
2013-04-23 17:15 - 2013-04-23 17:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2010.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2012.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Aukerman (12-02-2017 06:41:25)
Running from C:\Users\Aukerman\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-06 11:27:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3383977758-1919853078-1981122960-500 - Administrator - Disabled)
Aukerman (S-1-5-21-3383977758-1919853078-1981122960-1001 - Administrator - Enabled) => C:\Users\Aukerman
Guest (S-1-5-21-3383977758-1919853078-1981122960-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3383977758-1919853078-1981122960-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version: - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version: - )
Canon MP970 series User Registration (HKLM-x32\...\Canon MP970 series User Registration) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Drive plug-in 1.6.13.0 (HKLM-x32\...\{BE9B9ACB-90BC-4F9D-8952-61B33AD3AFC4}) (Version: 1.6.13.0 - Google Inc)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - GVOX)
MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version: - )
MusicTime Deluxe 4.0.4 UpdateTest (HKLM-x32\...\MusicTime Deluxe 4.0.4 UpdateTest 1.1) (Version: 1.1 - GVOX)
MusicTime Updater (HKLM-x32\...\MusicTime Updater ) (Version: - Passport Music Software LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version: - RootsMagic, Inc.)
RootsMagic 7.0.5.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\slack) (Version: 2.4.1 - Slack Technologies)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Synctunes Desktop (HKLM-x32\...\{E828D6D5-E46F-49CE-8EC8-8AA0CA852F2F}) (Version: 1.1.7 - The Bit Studio)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0C6B48DD-71D2-382E-9179-C5F899B73D0D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0CD22449-F930-33EB-85B8-2E8676284ABF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2B6AE651-7A0F-3DF5-8BAF-3AD95C19EE54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2C047547-4685-3541-ACA4-CEA3622CDA46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{57030FCC-4D11-3303-8DCF-C72BB0D63403}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{5A63AFF1-DF22-334F-8403-C08018CF2F7E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{82186AB2-1881-42D6-B945-35087B680952}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{859E1D4B-62D3-3BC2-97C3-D7221D8D0B2C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{8C773506-862F-3B84-B219-1D439AEDBE10}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A127BC2E-6037-3719-B332-5E7C40B155F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{C124DB8B-34BE-3FBE-935B-DA807C9A42F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{EE6FC79B-08B9-3BC6-8508-E17566B152AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{FA446C14-194B-3964-B21D-D76C4B4951AD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

#11
RKinner

Posted 12 February 2017 - 05:48 AM

Malware Expert

Expert
24,625 posts

Did you forget and hit the SCAN button instead of the Fix button?

#12
John Aukerman

Posted 12 February 2017 - 05:52 AM

Member

Topic Starter
Member
284 posts

Yep. So let's try that again......

#13
John Aukerman

Posted 12 February 2017 - 05:53 AM

Member

Topic Starter
Member
284 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Aukerman (12-02-2017 06:52:46) Run:1
Running from C:\Users\Aukerman\Desktop
Loaded Profiles: Aukerman (Available Profiles: Aukerman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Aukerman\AppData\Local\Temp\DM\Installer_for_QKTM_mhicustaller772_exe_067312\WStest.exe
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************

C:\Users\Aukerman\AppData\Local\Temp\DM\Installer_for_QKTM_mhicustaller772_exe_067312\WStest.exe => moved successfully

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

========= End of CMD: =========

==== End of Fixlog 06:52:56 ====

#14
RKinner

Posted 12 February 2017 - 06:18 AM

Malware Expert

Expert
24,625 posts

Since we know that a fixlist will work let's just continue with another one:

Then let's look at Process Explorer and Speccy

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

#15
John Aukerman

Posted 12 February 2017 - 06:40 AM

Member

Topic Starter
Member
284 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Aukerman (12-02-2017 07:23:33) Run:2
Running from C:\Users\Aukerman\Desktop
Loaded Profiles: Aukerman (Available Profiles: Aukerman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> {8FFE85F0-FBB5-4047-99DE-D4523975C336} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-01-22]
FF SearchPlugin: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\searchplugins\taplika.xml [2015-04-05]
CHR Extension: (Vid-Saver) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2015-06-18] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/3491.xml] <==== ATTENTION
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]
2015-04-05 06:22 - 2015-04-05 06:22 - 0000064 _____ () C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00
C:\Users\Aukerman\jobq.dat
2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CMD: dir /a c:\Windows\System32\Tasks
EmptyTemp:
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************

HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Run\\FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{462be121-2b54-4218-bf00-b9bf8135b23f} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336} => key not found.
HKCR\CLSID\{8FFE85F0-FBB5-4047-99DE-D4523975C336} => key not found.
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{462BE121-2B54-4218-BF00-B9BF8135B23F} => value not found.
HKCR\CLSID\{462BE121-2B54-4218-BF00-B9BF8135B23F} => key not found.
C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] => not found.
"C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\searchplugins\taplika.xml" => not found.
C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc <==== ATTENTION => not found
HKLM\System\CurrentControlSet\Services\WsDrvInst => key removed successfully
WsDrvInst => service removed successfully
"C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00" => not found.
C:\Users\Aukerman\jobq.dat => moved successfully
C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll => moved successfully
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully

========= dir /a c:\Windows\System32\Tasks =========

Volume in drive C is Aukerman
Volume Serial Number is 8AC6-1EF5

Directory of c:\Windows\System32\Tasks

01/18/2017 07:04 AM    <DIR>          .
01/18/2017 07:04 AM    <DIR>          ..
01/12/2017 05:23 PM             4,476 Adobe Acrobat Update Task
01/10/2017 09:45 AM             3,768 Adobe Flash Player Updater
03/23/2016 06:41 AM    <DIR>          Apple
01/18/2017 07:04 AM             3,554 GarminUpdaterTask
12/16/2016 05:37 PM             3,202 GoogleUpdateTaskMachineCore
12/16/2016 05:37 PM             3,330 GoogleUpdateTaskMachineUA
12/15/2016 05:24 PM             3,242 GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001Core
12/15/2016 05:24 PM             3,514 GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001UA
04/05/2015 10:44 AM    <DIR>          Microsoft
10/06/2012 08:21 AM    <DIR>          OfficeSoftwareProtectionPlatform
07/25/2014 06:24 AM             3,246 RealDownloaderRealUpgradeLogonTaskS-1-5-21-3383977758-1919853078-1981122960-1001
07/25/2014 06:24 AM             3,374 RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3383977758-1919853078-1981122960-1001
02/11/2017 04:34 PM             3,950 User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
06/16/2015 08:36 AM    <DIR>          WPD
10/06/2012 10:44 AM             2,996 {185B82C7-FEE3-4BCA-8125-F0C8727CD3BC}
10/06/2012 10:45 AM             2,996 {2D67BB2B-BB93-4C34-946A-4BA1DF9A81F2}
10/06/2012 10:42 AM             2,996 {430CBEB2-88FD-4060-BEA4-3D613B3D46D4}
10/06/2012 10:43 AM             2,996 {4369632D-C058-4D1F-A979-A6B64250645A}
09/29/2016 10:01 AM             4,132 {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
10/06/2012 10:45 AM             2,996 {67E69D3E-EB55-4BBD-853A-D2C6352B22EB}
10/06/2012 10:45 AM             2,996 {A3132638-413D-455F-8636-D7A6EEF56730}
10/06/2012 10:43 AM             2,996 {C35110BA-3994-4C57-B97B-827AEF72CDEC}
10/06/2012 10:43 AM             2,996 {E61F0FCD-915D-4FB0-8100-F5482FBD8351}
02/16/2013 06:57 AM             3,158 {E8FC12DF-637C-4E5D-877F-D2322AFC2077}
              20 File(s)         66,914 bytes
               6 Dir(s) 630,490,132,480 bytes free

========= End of CMD: =========

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 226956950 B
Java, Flash, Steam htmlcache => 38322 B
Windows/system/drivers => 3480821075 B
Edge => 0 B
Chrome => 1209004484 B
Firefox => 447605550 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128333 B
systemprofile32 => 88810 B
LocalService => 16384 B
NetworkService => 21877271 B

Process   CPU   Private Bytes   Working Set   PID   Verified Signer
System Idle Process   94.37   0 K   24 K   0
FRST64.exe   2.37   20,312 K   31,748 K   3608   (No signature was present in the subject) Farbar
procexp(1)64.exe   1.15   32,772 K   54,944 K   7836   (Verified) Microsoft Corporation
googledrivesync.exe   0.63   106,904 K   119,256 K   3884   (Verified) Google Inc
Interrupts   0.30   0 K   0 K   n/a
System   0.24   352 K   7,576 K   4
firefox.exe   0.22   354,732 K   363,596 K   6332   (Verified) Mozilla Corporation
MsMpEng.exe   0.17   141,688 K   154,156 K   532   (Verified) Microsoft Corporation
dwm.exe   0.16   39,836 K   41,232 K   2408   (Verified) Microsoft Windows
CarboniteService.exe   0.08   17,864 K   37,176 K   1876   (No signature was present in the subject) Carbonite, Inc. (www.carbonite.com)
explorer.exe   0.05   87,880 K   116,320 K   2448   (Verified) Microsoft Windows
csrss.exe   0.05   3,572 K   9,252 K   684   (Verified) Microsoft Windows
CarboniteUI.exe   0.03   14,328 K   33,000 K   1832   (No signature was present in the subject) Carbonite, Inc.
Toaster.exe   0.03   58,600 K   49,980 K   1816   (Verified) Dell Inc
LMS.exe   0.02   2,444 K   5,032 K   880   (Verified) Intel Corporation
svchost.exe   0.02   202,924 K   202,648 K   1084   (Verified) Microsoft Windows
svchost.exe   0.01   5,076 K   10,524 K   932   (Verified) Microsoft Windows
CCC.exe   0.01   109,172 K   22,824 K   3500   (No signature was present in the subject) ATI Technologies Inc.
IAStorDataMgrSvc.exe   0.01   23,100 K   21,152 K   404   (Verified) Intel Corporation
iPodService.exe   0.01   2,480 K   6,948 K   5060   (Verified) Apple Inc.
NOBuAgent.exe   < 0.01   2,572 K   5,948 K   3952   (Verified) Symantec Corporation
MOM.exe   < 0.01   40,140 K   5,420 K   2128   (No signature was present in the subject) Advanced Micro Devices Inc.
slack.exe   < 0.01   184,848 K   113,324 K   3404   (Verified) Slack Technologies Inc.
svchost.exe   < 0.01   34,300 K   52,572 K   1160   (Verified) Microsoft Windows
lsass.exe   < 0.01   7,080 K   14,380 K   800   (Verified) Microsoft Windows
slack.exe   < 0.01   164,024 K   243,596 K   4752   (Verified) Slack Technologies Inc.
slack.exe   < 0.01   147,488 K   184,100 K   5888   (Verified) Slack Technologies Inc.
svchost.exe   < 0.01   5,428 K   9,280 K   160   (Verified) Microsoft Windows
slack.exe   < 0.01   54,684 K   53,052 K   5744   (Verified) Slack Technologies Inc.
AppleMobileDeviceService.exe   < 0.01   4,464 K   13,008 K   1756   (Verified) Apple Inc.
VSSVC.exe   < 0.01   2,704 K   8,320 K   8372   (Verified) Microsoft Windows
SearchIndexer.exe   < 0.01   33,828 K   17,304 K   3596   (Verified) Microsoft Windows
taskhost.exe   < 0.01   14,428 K   15,668 K   2168   (Verified) Microsoft Windows
chrome.exe   < 0.01   7,416 K   18,916 K   2540   (Verified) Google Inc
svchost.exe   < 0.01   16,260 K   18,676 K   1344   (Verified) Microsoft Windows
WLIDSVC.EXE   < 0.01   7,880 K   15,704 K   1980   (Verified) Microsoft Corporation
IAStorIcon.exe   < 0.01   26,660 K   24,988 K   5616   (Verified) Intel Corporation
svchost.exe   < 0.01   17,732 K   18,332 K   3556   (Verified) Microsoft Windows
WsAppService.exe   < 0.01   37,400 K   30,812 K   4176   (Verified) Wondershare software CO.
iTunesHelper.exe   < 0.01   5,192 K   14,668 K   2908   (Verified) Apple Inc.
csrss.exe   < 0.01   2,404 K   5,428 K   584   (Verified) Microsoft Windows
svchost.exe   < 0.01   13,552 K   15,304 K   1572   (Verified) Microsoft Windows
BtvStack.exe   < 0.01   21,412 K   24,372 K   2640   (A certificate was explicitly revoked by its issuer) Atheros Commnucations
WUDFHost.exe       2,292 K   6,504 K   5736   (Verified) Microsoft Windows
wmpnetwk.exe       16,648 K   13,040 K   3236   (Verified) Microsoft Windows
WmiPrvSE.exe       4,080 K   8,196 K   5472   (Verified) Microsoft Windows
WmiPrvSE.exe       2,916 K   6,720 K   6228   (Verified) Microsoft Windows
WLIDSVCM.EXE       1,484 K   3,672 K   4148   (Verified) Microsoft Corporation
wlanext.exe       2,336 K   5,872 K   1456   (Verified) Microsoft Windows
winlogon.exe       3,772 K   8,352 K   764   (Verified) Microsoft Windows
wininit.exe       1,800 K   4,832 K   664   (Verified) Microsoft Windows
UNS.exe       3,860 K   10,292 K   2340   (Verified) Intel Corporation
svchost.exe       9,592 K   18,368 K   1128   (Verified) Microsoft Windows
svchost.exe       6,920 K   13,220 K   1960   (Verified) Microsoft Windows
svchost.exe       2,000 K   5,116 K   2092   (Verified) Microsoft Windows
svchost.exe       34,580 K   31,804 K   1052   (Verified) Microsoft Windows
svchost.exe       2,900 K   6,332 K   1244   (Verified) Microsoft Windows
svchost.exe       2,152 K   5,924 K   2572   (Verified) Microsoft Windows
svchost.exe       2,352 K   5,948 K   4664   (Verified) Microsoft Windows
svchost.exe       5,960 K   11,932 K   1928   (Verified) Microsoft Windows
STService.exe       3,664 K   11,536 K   2276   (Verified) Dell Inc
spoolsv.exe       7,676 K   14,740 K   1520   (Verified) Microsoft Windows
smss.exe       552 K   1,256 K   396   (Verified) Microsoft Windows
slack.exe       78,984 K   117,888 K   5172   (Verified) Slack Technologies Inc.
slack.exe       61,276 K   78,112 K   5456   (Verified) Slack Technologies Inc.
slack.exe       5,484 K   9,208 K   5980   (Verified) Slack Technologies Inc.
ShwiconXP9106.exe       2,024 K   6,768 K   2952   (No signature was present in the subject) Alcor Micro Corp.
SftService.exe       4,404 K   8,484 K   2816   (Verified) Dell Inc
services.exe       6,092 K   9,968 K   740   (Verified) Microsoft Windows
RtkNGUI64.exe       14,160 K   11,172 K   2596   (Verified) Realtek Semiconductor Corp
RAVBg64.exe       15,292 K   12,336 K   2604   (Verified) Realtek Semiconductor Corp
procexp(1).exe       2,416 K   7,824 K   9092   (Verified) Microsoft Corporation
PresentationFontCache.exe       32,348 K   26,384 K   5960   (Verified) Microsoft Corporation
OSPPSVC.EXE       3,696 K   11,360 K   1116   (Verified) Microsoft Corporation
OSE.EXE       2,504 K   6,288 K   8840   (Verified) Microsoft Corporation
NisSrv.exe       17,848 K   11,752 K   4588   (Verified) Microsoft Corporation
msseces.exe       6,528 K   14,936 K   2828   (Verified) Microsoft Corporation
mDNSResponder.exe       2,356 K   6,012 K   1852   (Verified) Apple Inc.
lsm.exe       2,988 K   4,768 K   812   (Verified) Microsoft Windows
iusb3mon.exe       1,920 K   6,096 K   2256   (Verified) Intel Corporation
HeciServer.exe       1,928 K   5,692 K   3908   (Verified) Intel® Upgrade Service
googledrivesync.exe       1,432 K   3,760 K   2956   (Verified) Google Inc
GoogleCrashHandler64.exe       1,640 K   756 K   4340   (Verified) Google Inc
GoogleCrashHandler.exe       1,516 K   668 K   4320   (Verified) Google Inc
DSUpd.exe       15,676 K   18,368 K   4248   (Verified) Dell Inc
conhost.exe       1,088 K   2,996 K   1464   (Verified) Microsoft Windows
BJMYPRT.EXE       2,420 K   5,820 K   2844   (Verified) Canon Inc.
audiodg.exe       18,440 K   19,536 K   5836   (Verified) Microsoft Windows
atiesrxx.exe       1,708 K   4,636 K   1012   (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe       2,588 K   6,952 K   1528   (Verified) Microsoft Windows Hardware Compatibility Publisher
AthBtTray.exe       5,540 K   14,452 K   2652   (A certificate was explicitly revoked by its issuer) Atheros Commnucations
Ath_WlanAgent.exe       1,312 K   4,156 K   4500   (A certificate was explicitly revoked by its issuer) Atheros
Ath_CoexAgent.exe       2,204 K   5,704 K   4452   (A certificate was explicitly revoked by its issuer) Atheros
armsvc.exe       1,228 K   4,124 K   1704   (Verified) Adobe Systems
AERTSr64.exe       1,252 K   3,068 K   1728   (Verified) Andrea Electronics
AdminService.exe       2,540 K   6,836 K   1780   (A certificate was explicitly revoked by its issuer) Atheros Commnucations

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       396 N/A
csrss.exe                      584 N/A
wininit.exe                    664 N/A
csrss.exe                      684 N/A
services.exe                   740 N/A
winlogon.exe                   764 N/A
lsass.exe                      800 EFS, KeyIso, SamSs
lsm.exe                        812 N/A
svchost.exe                    932 DcomLaunch, PlugPlay, Power
svchost.exe                    160 RpcEptMapper, RpcSs
MsMpEng.exe                    532 MsMpSvc
atiesrxx.exe                  1012 AMD External Events Utility
svchost.exe                   1052 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc
svchost.exe                   1084 AudioEndpointBuilder, hidserv, Netman,
                                   PcaSvc, SysMain, TrkWks, UxSms, Wlansvc,
                                   WPDBusEnum, wudfsvc
svchost.exe                   1128 EventSystem, FontCache, netprofm, nsi,
                                   WdiServiceHost
svchost.exe                   1160 AeLookupSvc, Appinfo, Browser, EapHost,
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,
                                   ProfSvc, Schedule, SENS, ShellHWDetection,
                                   Themes, Winmgmt, wuauserv
svchost.exe                   1244 gpsvc
svchost.exe                   1344 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
wlanext.exe                   1456 N/A
conhost.exe                   1464 N/A
spoolsv.exe                   1520 Spooler
svchost.exe                   1572 BFE, DPS, MpsSvc
armsvc.exe                    1704 AdobeARMservice
AERTSr64.exe                  1728 AERTFilters
AppleMobileDeviceService.     1756 Apple Mobile Device Service
AdminService.exe              1780 AtherosSvc
mDNSResponder.exe             1852 Bonjour Service
CarboniteService.exe          1876 CarboniteService
svchost.exe                   1928 DiagTrack
svchost.exe                   1960 FDResPub, SSDPSRV, upnphost
atieclxx.exe                  1528 N/A
taskhost.exe                  2168 N/A
dwm.exe                       2408 N/A
explorer.exe                  2448 N/A
RtkNGUI64.exe                 2596 N/A
RAVBg64.exe                   2604 N/A
BtvStack.exe                  2640 N/A
AthBtTray.exe                 2652 N/A
msseces.exe                   2828 N/A
BJMYPRT.EXE                   2844 N/A
iTunesHelper.exe              2908 N/A
googledrivesync.exe           2956 N/A
iusb3mon.exe                  2256 N/A
ShwiconXP9106.exe             2952 N/A
MOM.exe                       2128 N/A
CarboniteUI.exe               1832 N/A
slack.exe                     3404 N/A
CCC.exe                       3500 N/A
googledrivesync.exe           3884 N/A
HeciServer.exe                3908 Intel® Capability Licensing Service Interf
                                   ace
NOBuAgent.exe                 3952 NOBU
SftService.exe                2816 SftService
svchost.exe                   3556 stisvc
WLIDSVC.EXE                   1980 wlidsvc
Toaster.exe                   1816 N/A
STService.exe                 2276 N/A
WLIDSVCM.EXE                  4148 N/A
WsAppService.exe              4176 WsAppService
DSUpd.exe                     4248 N/A
GoogleCrashHandler.exe        4320 N/A
GoogleCrashHandler64.exe      4340 N/A
Ath_CoexAgent.exe             4452 ZAtheros Bt&Wlan Coex Agent
Ath_WlanAgent.exe             4500 ZAtheros Wlan Agent
iPodService.exe               5060 iPod Service
NisSrv.exe                    4588 NisSrv
SearchIndexer.exe             3596 WSearch
svchost.exe                   2092 bthserv
svchost.exe                   4664 PolicyAgent
IAStorIcon.exe                5616 N/A
WUDFHost.exe                  5736 N/A
slack.exe                     5744 N/A
slack.exe                     5980 N/A
slack.exe                     5172 N/A
slack.exe                     5456 N/A
slack.exe                     4752 N/A
PresentationFontCache.exe     5960 FontCache3.0.0.0
slack.exe                     5888 N/A
IAStorDataMgrSvc.exe           404 IAStorDataMgrSvc
LMS.exe                        880 LMS
wmpnetwk.exe                  3236 WMPNetworkSvc
UNS.exe                       2340 UNS
svchost.exe                   2572 swprv
OSPPSVC.EXE                   1116 osppsvc
OSE.EXE                       8840 ose64
audiodg.exe                   5836 N/A
VSSVC.exe                     8372 VSS
FRST64.exe                    3608 N/A
WmiPrvSE.exe                  6228 N/A
SearchProtocolHost.exe        8100 N/A
SearchFilterHost.exe          6972 N/A
cmd.exe                       7772 N/A
conhost.exe                   7336 N/A
firefox.exe                   7324 N/A
WmiPrvSE.exe                  6908 N/A
svchost.exe                   7456 WerSvc
tasklist.exe                  7392 N/A