Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer runs slow


  • Please log in to reply

#1
John Aukerman

John Aukerman

    Member

  • Member
  • PipPipPip
  • 204 posts

This is a Dell desktop, running Windows 7. And it has slowed way down. I think it's infected.

 

I ran FRST64, but it did not complete. I got an error message about putting a disk in the drive......? Couldn't dismiss the message, had to force FRST64 to stop.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Aukerman (administrator) on AUKERMAN-PC (07-02-2017 08:52:05)
Running from C:\Users\Aukerman\Desktop
Loaded Profiles: Aukerman (Available Profiles: Aukerman)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc) C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\DriveForOffice.SyncHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-07] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Google Update] => C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-15] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3132E1A3-4DDA-41F4-97CC-79FA274A0328}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> {8FFE85F0-FBB5-4047-99DE-D4523975C336} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} -  No File
Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default [2017-02-07]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\ujdi172x.default -> hxxps://www.facebook.com/
hxxps://mail.google.com/mail/?shva=1#inbox
hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=fiZNqzggyfCvyXfC0GF0iA
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-01-22]
FF Extension: (Clearly) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-01-16]
FF Extension: (LastPass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-12-16]
FF Extension: (webpass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-09-30]
FF Extension: (Garmin Communicator) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-07] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF SearchPlugin: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\searchplugins\taplika.xml [2015-04-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-09] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-09] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aukerman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/calendar/render?tab=mc#main_7"
CHR Profile: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default [2017-02-07]
CHR Extension: (Google Slides) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-07-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-07-01]
CHR Extension: (Vid-Saver) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2015-06-18] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/3491.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pgmfkblbflahhponhjmkcnpjinenhlnc] - C:\Users\Aukerman\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx [2012-09-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-08-03] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-08-03] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 08:52 - 2017-02-07 08:53 - 00027578 _____ C:\Users\Aukerman\Desktop\FRST.txt
2017-02-07 08:51 - 2017-02-07 08:51 - 02421248 _____ (Farbar) C:\Users\Aukerman\Desktop\FRST64.exe
2017-02-07 07:31 - 2017-02-07 07:31 - 00000000 ___RD C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-02-05 06:39 - 2017-02-05 06:40 - 00000000 ____D C:\FRST
2017-02-03 15:48 - 2017-02-03 15:48 - 00134705 _____ C:\Users\Aukerman\asdf
2017-02-03 06:50 - 2017-02-03 06:50 - 00074818 _____ C:\Users\Aukerman\Downloads\document.pdf
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iTunes
2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iPod
2017-01-16 07:46 - 2017-01-16 07:46 - 00047091 _____ C:\Users\Aukerman\Downloads\Sanctuary Remodel Financial Report.xls.xlsx
2017-01-10 13:40 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 13:40 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 13:40 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 13:40 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 13:40 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 13:40 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 13:40 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 13:40 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 13:40 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 13:40 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 13:40 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 13:40 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 13:40 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-09 07:19 - 2017-01-09 07:19 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Bit_Studio
2017-01-09 07:18 - 2017-01-09 07:49 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\SyncTunesDesktop
2017-01-09 07:18 - 2017-01-09 07:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synctunes Desktop
2017-01-09 07:18 - 2017-01-09 07:18 - 00000000 ____D C:\Program Files (x86)\The Bit Studio
2017-01-09 07:09 - 2017-01-09 07:17 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Free Download Manager
2017-01-08 07:12 - 2017-01-08 07:12 - 00000000 ____D C:\Users\Aukerman\Documents\Aimersoft DRM Media Converter
2017-01-08 07:00 - 2017-01-08 07:34 - 00000000 ____D C:\Program Files (x86)\Aimersoft
2017-01-08 07:00 - 2017-01-08 07:00 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Aimersoft
2017-01-08 07:00 - 2015-08-03 10:55 - 00675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2017-01-08 07:00 - 2015-08-03 10:54 - 00892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2017-01-08 07:00 - 2015-08-03 10:54 - 00496640 _____ C:\Windows\SysWOW64\xvid.ax
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio5.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio4.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio3.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio2.sys
2017-01-08 07:00 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio1.sys
2017-01-08 06:53 - 2017-01-08 06:53 - 00000000 ____D C:\Users\Aukerman\AppData\Local\doubleTwist Corporation

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 08:45 - 2012-09-26 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 08:29 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-07 08:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-07 08:12 - 2012-10-06 07:54 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\LastPass
2017-02-07 08:06 - 2012-12-22 07:36 - 00000000 ___RD C:\Users\Aukerman\Google Drive
2017-02-07 07:55 - 2016-11-19 07:02 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\Mozilla
2017-02-07 07:43 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-07 07:43 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-07 07:37 - 2016-09-14 22:55 - 08005632 _____ C:\Users\Aukerman\Desktop\Aukerman losses.xls
2017-02-07 07:31 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-02-07 07:31 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-02-07 07:31 - 2012-09-26 18:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-02-07 07:31 - 2009-07-14 00:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-07 07:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-06 23:20 - 2012-10-27 06:50 - 00000000 ___RD C:\Users\Aukerman\Virtual Machines
2017-02-06 22:19 - 2013-11-27 07:03 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:06 - 2012-10-06 10:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
2017-02-06 07:37 - 2016-08-04 08:49 - 01400832 ___SH C:\Users\Aukerman\Desktop\Thumbs.db
2017-02-06 00:26 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\Bren
2017-02-05 07:49 - 2016-12-23 07:30 - 00310395 _____ C:\Users\Aukerman\Documents\Untitled_3549.amj
2017-02-03 15:48 - 2012-10-06 06:27 - 00000000 ____D C:\Users\Aukerman
2017-02-01 07:40 - 2016-12-23 07:30 - 00310379 _____ C:\Users\Aukerman\Untitled_3549.amk
2017-02-01 06:49 - 2012-10-06 07:25 - 00000000 ___RD C:\Users\Aukerman\Desktop\John
2017-02-01 06:39 - 2012-10-06 07:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-29 23:18 - 2016-07-26 15:28 - 00000000 ____D C:\Users\Aukerman\Desktop\Lou Ann - Choruses
2017-01-28 06:37 - 2016-11-18 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 06:37 - 2012-10-06 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 08:07 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\John
2017-01-21 21:17 - 2016-08-11 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 22:57 - 2013-08-02 23:52 - 00000000 ____D C:\Users\Aukerman\Documents\Outlook Files
2017-01-18 22:57 - 2012-10-07 16:33 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Deployment
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-18 07:04 - 2014-04-13 05:29 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-01-18 07:04 - 2013-06-01 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-15 07:55 - 2012-10-06 16:27 - 00000000 ____D C:\Users\Aukerman\AppData\Local\ElevatedDiagnostics
2017-01-12 17:23 - 2015-05-16 05:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 08:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 01:00 - 2013-08-15 00:08 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 00:59 - 2012-10-06 06:40 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 09:45 - 2012-09-26 17:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 09:45 - 2012-09-26 17:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 09:45 - 2012-09-26 17:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 09:45 - 2012-09-26 17:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 09:45 - 2012-09-26 17:58 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2003-11-10 15:27 - 2003-11-10 15:26 - 0376884 _____ () C:\Program Files\image001.bmp
2013-11-09 08:25 - 2013-11-09 08:25 - 12767232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-05 06:22 - 2015-04-05 06:22 - 0000064 _____ () C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00

Files to move or delete:
====================
C:\Users\Aukerman\jobq.dat


Some files in TEMP:
====================
2013-01-02 20:20 - 2013-01-02 20:20 - 0726016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.dll
2013-01-02 20:20 - 2013-01-02 20:20 - 0150016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0023477 _____ () C:\Users\Aukerman\AppData\Local\Temp\dtkill.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Aukerman\AppData\Local\Temp\Executor.exe
2012-10-07 06:32 - 2012-10-07 06:32 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe-1.exe
2012-10-07 06:29 - 2012-10-07 06:29 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe.exe
2013-01-30 18:58 - 2013-01-30 18:58 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-03-01 15:00 - 2013-03-01 15:00 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 10:36 - 2013-06-13 10:36 - 0903592 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 12:06 - 2013-12-19 12:06 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 15:50 - 2014-04-15 15:50 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 16:12 - 2014-07-11 16:12 - 0918952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 00:15 - 2014-07-28 00:15 - 0918440 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 12:06 - 2014-09-29 12:06 - 0937896 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2012-09-27 16:56 - 2012-09-27 16:56 - 0895464 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2014-12-18 12:29 - 2014-12-18 12:29 - 0641448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-8u31-windows-au.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0150096 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\lowproc.exe
2014-07-25 06:17 - 2014-07-07 08:57 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\stubhelper.dll
2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
2013-04-23 17:15 - 2013-04-23 17:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2010.exe
2013-01-02 20:20 - 2013-01-02 20:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2012.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Aukerman (07-02-2017 08:53:59)
Running from C:\Users\Aukerman\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-06 11:27:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3383977758-1919853078-1981122960-500 - Administrator - Disabled)
Aukerman (S-1-5-21-3383977758-1919853078-1981122960-1001 - Administrator - Enabled) => C:\Users\Aukerman
Guest (S-1-5-21-3383977758-1919853078-1981122960-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3383977758-1919853078-1981122960-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version:  - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version:  - )
Canon MP970 series User Registration (HKLM-x32\...\Canon MP970 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Drive plug-in 1.6.13.0 (HKLM-x32\...\{BE9B9ACB-90BC-4F9D-8952-61B33AD3AFC4}) (Version: 1.6.13.0 - Google Inc)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - GVOX)
MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version:  - )
MusicTime Deluxe 4.0.4 UpdateTest (HKLM-x32\...\MusicTime Deluxe 4.0.4 UpdateTest 1.1) (Version: 1.1 - GVOX)
MusicTime Updater (HKLM-x32\...\MusicTime Updater ) (Version:  - Passport Music Software LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version:  - RootsMagic, Inc.)
RootsMagic 7.0.5.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synctunes Desktop (HKLM-x32\...\{E828D6D5-E46F-49CE-8EC8-8AA0CA852F2F}) (Version: 1.1.7 - The Bit Studio)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0C6B48DD-71D2-382E-9179-C5F899B73D0D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0CD22449-F930-33EB-85B8-2E8676284ABF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2B6AE651-7A0F-3DF5-8BAF-3AD95C19EE54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2C047547-4685-3541-ACA4-CEA3622CDA46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{57030FCC-4D11-3303-8DCF-C72BB0D63403}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{5A63AFF1-DF22-334F-8403-C08018CF2F7E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{82186AB2-1881-42D6-B945-35087B680952}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{859E1D4B-62D3-3BC2-97C3-D7221D8D0B2C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{8C773506-862F-3B84-B219-1D439AEDBE10}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A127BC2E-6037-3719-B332-5E7C40B155F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{C124DB8B-34BE-3FBE-935B-DA807C9A42F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{EE6FC79B-08B9-3BC6-8508-E17566B152AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{FA446C14-194B-3964-B21D-D76C4B4951AD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP
Multiple posts are OK.  It's usually easier to just post a log as you get it.
 
You are correct that it didn't finish.  We are missing the errors and the partitions so let's see if minitoolbox will work:
 
Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkboxes:
 
  • Report IE Proxy Settings
  •  
  • Report FF Proxy Settings
  •  
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  •  
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  •  

    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
     
     
    Also I see some adware so let's:
     

     
    Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
     
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
     
    Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
     
    scan-results.jpg
     
    Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
     
    The report will be saved in the C:\AdwCleaner folder.
     
     
     
    Junkware-Removal-Tool
     
    Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
    • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
    Then for your slowness let's look at process explorer:
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     
    Copy the next 2 lines:
     

    TASKLIST /SVC  > \junk.txt

    notepad \junk.txt
     
    Open an Elevated Command Prompt:
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
     
    Right click and Paste (or Edit then Paste) and the copied lines should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
     
     
    Then let's do Speccy:
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER if it asks.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  It's way too big to just copy and paste. (More Reply Options, Choose File, Open, Attach This File)

    • 0

    #3
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    MiniToolBox by Farbar  Version: 17-06-2016
    Ran by Aukerman (administrator) on 10-02-2017 at 07:07:57
    Running from "C:\Users\Aukerman\Desktop"
    Microsoft Windows 7 Professional  Service Pack 1 (X64)
    Model: XPS 8500 Manufacturer: Dell Inc.
    Boot Mode: Normal
    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================
    ========================= IP Configuration: ================================

    Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
    Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
    Dell Wireless 1703 802.11b/g/n (2.4GHz) = Wireless Network Connection (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Aukerman-PC
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : attlocal.net

    Ethernet adapter Bluetooth Network Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : 08-3E-8E-82-98-DA
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Dell Wireless 1703 802.11b/g/n (2.4GHz)
       Physical Address. . . . . . . . . : 08-3E-8E-82-98-D9
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : attlocal.net
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : 18-03-73-40-B4-56
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2602:306:3893:d750:791f:de7b:6d6c:3b70(Preferred)
       Temporary IPv6 Address. . . . . . : 2602:306:3893:d750:1da:34bd:dcbc:4f0(Preferred)
       Link-local IPv6 Address . . . . . : fe80::791f:de7b:6d6c:3b70%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Friday, February 10, 2017 6:25:35 AM
       Lease Expires . . . . . . . . . . : Saturday, February 11, 2017 6:25:35 AM
       Default Gateway . . . . . . . . . : fe80::fa2c:18ff:fee6:cd09%11
                                           192.168.1.254
       DHCP Server . . . . . . . . . . . : 192.168.1.254
       DHCPv6 IAID . . . . . . . . . . . : 236454771
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F5-5B-E1-18-03-73-40-B4-56
       DNS Servers . . . . . . . . . . . : 2602:306:3893:d750::1
                                           192.168.1.254
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{88A920E8-6812-4E16-9F12-57C037535180}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 13:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{A0F92081-24FE-4CCD-AB21-FA74CEFFF55C}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.attlocal.net:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : attlocal.net
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Server:  homeportal
    Address:  2602:306:3893:d750::1

    Name:    google.com
    Addresses:  2607:f8b0:4009:801::200e
          74.125.138.138
          74.125.138.101
          74.125.138.100
          74.125.138.102
          74.125.138.139
          74.125.138.113


    Pinging google.com [2607:f8b0:4002:c06::8a] with 32 bytes of data:
    Reply from 2607:f8b0:4002:c06::8a: time=47ms
    Reply from 2607:f8b0:4002:c06::8a: time=46ms

    Ping statistics for 2607:f8b0:4002:c06::8a:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 46ms, Maximum = 47ms, Average = 46ms
    Server:  homeportal
    Address:  2602:306:3893:d750::1

    Name:    yahoo.com
    Addresses:  2001:4998:c:a06::2:4008
          2001:4998:58:c02::a9
          2001:4998:44:204::a7
          98.139.183.24
          206.190.36.45
          98.138.253.109


    Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
    Reply from 2001:4998:44:204::a7: time=37ms
    Reply from 2001:4998:44:204::a7: time=36ms

    Ping statistics for 2001:4998:44:204::a7:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 36ms, Maximum = 37ms, Average = 36ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
     17...08 3e 8e 82 98 da ......Bluetooth Device (Personal Area Network)
     15...08 3e 8e 82 98 d9 ......Dell Wireless 1703 802.11b/g/n (2.4GHz)
     11...18 03 73 40 b4 56 ......Realtek PCIe GBE Family Controller
      1...........................Software Loopback Interface 1
     12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
     14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
     16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
     20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.72     10
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.1.0    255.255.255.0         On-link      192.168.1.72    266
         192.168.1.72  255.255.255.255         On-link      192.168.1.72    266
        192.168.1.255  255.255.255.255         On-link      192.168.1.72    266
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      192.168.1.72    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      192.168.1.72    266
    ===========================================================================
    Persistent Routes:
      None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     11    266 ::/0                     fe80::fa2c:18ff:fee6:cd09
      1    306 ::1/128                  On-link
     11     18 2602:306:3893:d750::/64  On-link
     11    266 2602:306:3893:d750:1da:34bd:dcbc:4f0/128
                                        On-link
     11    266 2602:306:3893:d750:791f:de7b:6d6c:3b70/128
                                        On-link
     11    266 fe80::/64                On-link
     11    266 fe80::791f:de7b:6d6c:3b70/128
                                        On-link
      1    306 ff00::/8                 On-link
     11    266 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
    Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
    Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
    x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
    x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (02/10/2017 06:35:36 AM) (Source: Bonjour Service) (User: )
    Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:[email protected]::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/10/2017 06:26:34 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/09/2017 06:52:11 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2017 06:52:47 AM) (Source: Bonjour Service) (User: )
    Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:[email protected]::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/08/2017 06:43:10 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2017 11:06:33 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2017 08:55:00 AM) (Source: Application Hang) (User: )
    Description: The program FRST64.exe version 5.2.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 209c

    Start Time: 01d2814957f166c4

    Termination Time: 20532

    Application Path: C:\Users\Aukerman\Desktop\FRST64.exe

    Report Id: f3821be0-ed3c-11e6-95ef-083e8e8298da

    Error: (02/07/2017 07:32:00 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/06/2017 07:04:42 AM) (Source: Bonjour Service) (User: )
    Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:[email protected]::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/06/2017 06:55:59 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (02/10/2017 06:26:07 AM) (Source: Service Control Manager) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (02/10/2017 06:26:07 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

    Error: (02/09/2017 06:58:13 AM) (Source: Ntfs) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume Aukerman.

    Error: (02/09/2017 06:53:35 AM) (Source: Service Control Manager) (User: )
    Description: The Wondershare Application Framework Service service hung on starting.

    Error: (02/09/2017 06:52:04 AM) (Source: Service Control Manager) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (02/09/2017 06:52:04 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

    Error: (02/08/2017 06:42:42 AM) (Source: Service Control Manager) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (02/08/2017 06:42:42 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

    Error: (02/07/2017 11:18:30 PM) (Source: DCOM) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (02/07/2017 11:06:08 AM) (Source: Service Control Manager) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.



    Microsoft Office Sessions:
    =========================
    Error: (02/10/2017 06:35:36 AM) (Source: Bonjour Service)(User: )
    Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:[email protected]::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/10/2017 06:26:34 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/09/2017 06:52:11 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2017 06:52:47 AM) (Source: Bonjour Service)(User: )
    Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:[email protected]::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/08/2017 06:43:10 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2017 11:06:33 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2017 08:55:00 AM) (Source: Application Hang)(User: )
    Description: FRST64.exe5.2.2017.0209c01d2814957f166c420532C:\Users\Aukerman\Desktop\FRST64.exef3821be0-ed3c-11e6-95ef-083e8e8298da

    Error: (02/07/2017 07:32:00 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/06/2017 07:04:42 AM) (Source: Bonjour Service)(User: )
    Description: Client application bug: DNSServiceResolve(4c:b1:99:20:ea:[email protected]::4eb1:99ff:fe20:ea05._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/06/2017 06:55:59 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ========================= Devices: ================================

    Name: Canon MP970 ser Network
    Description: Canon MP970 ser Network
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Canon
    Service: StillCam
    Device ID: ROOT\CANON_IJ_NETWORK\0000
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ========================= Memory info: ===================================

    Percentage of memory in use: 48%
    Total physical RAM: 8152.96 MB
    Available physical RAM: 4209.02 MB
    Total Virtual: 16304.11 MB
    Available Virtual: 11627.79 MB

    ========================= Partitions: =====================================

    1 Drive c: (Aukerman) (Fixed) (Total:905.22 GB) (Free:590.82 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\AUKERMAN-PC

    Administrator            Aukerman                 Guest                    

    ========================= Minidump Files ==================================

    C:\Windows\Minidump\030814-26535-01.dmp

    **** End of log ****
     

     

    # AdwCleaner v6.043 - Logfile created 10/02/2017 at 07:17:21
    # Updated on 27/01/2017 by Malwarebytes
    # Database : 2017-02-09.1 [Server]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Aukerman - AUKERMAN-PC
    # Running from : C:\Users\Aukerman\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Aukerman\AppData\Local\Conduit
    [-] Folder deleted: C:\Users\Aukerman\AppData\Local\Vid-Saver
    [-] Folder deleted: C:\Users\Aukerman\AppData\LocalLow\Conduit
    [-] Folder deleted: C:\Users\Aukerman\AppData\LocalLow\PriceGong
    [-] Folder deleted: C:\Users\Aukerman\AppData\Roaming\WSE_Taplika
    [-] Folder deleted: C:\Users\Aukerman\AppData\Roaming\Itibiti
    [-] Folder deleted: C:\Users\Aukerman\Documents\PROPCCleaner
    [-] Folder deleted: C:\ProgramData\Uniblue
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Uniblue
    [-] Folder deleted: C:\Program Files (x86)\Conduit
    [-] Folder deleted: C:\Program Files (x86)\Itibiti Soft Phone
    [-] Folder deleted: C:\Users\Aukerman\AppData\Local\Temp\Air Globe
    [-] Folder deleted: C:\Users\Aukerman\AppData\Local\Temp\WebUpdater
    [-] Folder deleted: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
    [-] Folder deleted: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0


    ***** [ Files ] *****

    [-] File deleted: C:\END
    [-] File deleted: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\extensions\[email protected]


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
    [-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
    [-] Key deleted: HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3244149
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Cr_Installer
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\InstalledBrowserExtensions
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\wscontb
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\Conduit
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\ConduitSearchScopes
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\Crossrider
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\PriceGong
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\AppDataLow\Software\Vid-Saver
    [#] Key deleted on reboot: HKCU\Software\Cr_Installer
    [#] Key deleted on reboot: HKCU\Software\InstalledBrowserExtensions
    [#] Key deleted on reboot: HKCU\Software\wscontb
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Vid-Saver
    [-] Key deleted: HKLM\SOFTWARE\Conduit
    [#] Key deleted on reboot: [x64] HKCU\Software\Cr_Installer
    [#] Key deleted on reboot: [x64] HKCU\Software\InstalledBrowserExtensions
    [#] Key deleted on reboot: [x64] HKCU\Software\wscontb
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Vid-Saver
    [-] Key deleted: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336}
    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc


    ***** [ Web browsers ] *****

    [-] Chrome preferences cleaned: "extensions.crossrider.bic" -  "13a3620ecd444703d49d1e3d91405f8d"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.homepage" -  "hxxp://home.tb.ask.com/index.jhtml?ptb=3E94AC5F-CB31-4138-A914-1F877F3742A2&n=77fce3db&p2=^ZX^xdm003^S05798^us&si=CMvgweiD9bcCFc0WMgod6iIARA"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.initialized" -  true
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.contextKey" -  ""
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.installDate" -  "2013062107"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.partnerId" -  "^ZX^xdm003^S05798^us"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId" -  "CMvgweiD9bcCFc0WMgod6iIARA"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.success" -  true
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.installation.toolbarId" -  "3E94AC5F-CB31-4138-A914-1F877F3742A2"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.lastActivePing" -  "1371813617187"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.defaultSearch" -  false
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled" -  false
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled" -  false
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.options.tabEnabled" -  false
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.searchHistory" -  "radio trinidad"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._4jMembers_.weather.location" -  "46201"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" -  "[email protected]"
    [-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
    [-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: taplika.com
    [-] [C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pgmfkblbflahhponhjmkcnpjinenhlnc


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [8385 Bytes] - [10/02/2017 07:17:21]
    C:\AdwCleaner\AdwCleaner[S0].txt - [9296 Bytes] - [10/02/2017 07:16:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8531 Bytes] ##########
     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 7 Professional x64
    Ran by Aukerman (Administrator) on Fri 02/10/2017 at  7:24:55.19
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 36

    Successfully deleted: C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00 (File)
    Successfully deleted: C:\Users\Aukerman\Documents\add-in express (Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1E9C7WL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHDK14DZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI8A994L (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY23LCKF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFK0JHSA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IB325FN2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8RHOPE9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9LDTXDM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJRX6N9R (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK89CQ9N (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFNGTT6A (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPKAI7IX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Aukerman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEGQRFV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1E9C7WL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHDK14DZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI8A994L (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY23LCKF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFK0JHSA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IB325FN2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8RHOPE9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9LDTXDM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJRX6N9R (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK89CQ9N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFNGTT6A (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPKAI7IX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEGQRFV (Temporary Internet Files Folder)

    Deleted the following from C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\prefs.js
    user_pref(browser.urlbar.suggest.searches, true);



    Registry: 4

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Free Download Manager (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{462BE121-2B54-4218-BF00-B9BF8135B23F} (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 02/10/2017 at  7:28:14.89
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

    Image Name                     PID Services                                    
    ========================= ======== ============================================
    System Idle Process              0 N/A                                         
    System                           4 N/A                                         
    smss.exe                       396 N/A                                         
    csrss.exe                      584 N/A                                         
    wininit.exe                    672 N/A                                         
    csrss.exe                      688 N/A                                         
    services.exe                   756 N/A                                         
    lsass.exe                      764 EFS, KeyIso, SamSs                          
    lsm.exe                        772 N/A                                         
    winlogon.exe                   796 N/A                                         
    svchost.exe                    932 DcomLaunch, PlugPlay, Power                 
    svchost.exe                   1020 RpcEptMapper, RpcSs                         
    MsMpEng.exe                    692 MsMpSvc                                     
    atiesrxx.exe                   948 AMD External Events Utility                 
    svchost.exe                   1048 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
    svchost.exe                   1084 AudioEndpointBuilder, hidserv, Netman,      
                                       PcaSvc, SysMain, TrkWks, UxSms,             
                                       WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
    svchost.exe                   1112 EventSystem, FontCache, netprofm, nsi,      
                                       WdiServiceHost, WinHttpAutoProxySvc         
    svchost.exe                   1144 AeLookupSvc, Appinfo, BITS, Browser,        
                                       EapHost, IKEEXT, iphlpsvc, LanmanServer,    
                                       MMCSS, ProfSvc, Schedule, SENS,             
                                       ShellHWDetection, Themes, Winmgmt, wuauserv
    audiodg.exe                   1212 N/A                                         
    svchost.exe                   1256 gpsvc                                       
    svchost.exe                   1352 CryptSvc, Dnscache, LanmanWorkstation,      
                                       NlaSvc                                      
    wlanext.exe                   1464 N/A                                         
    conhost.exe                   1472 N/A                                         
    spoolsv.exe                   1520 Spooler                                     
    svchost.exe                   1576 BFE, DPS, MpsSvc                            
    armsvc.exe                    1724 AdobeARMservice                             
    AERTSr64.exe                  1744 AERTFilters                                 
    AppleMobileDeviceService.     1772 Apple Mobile Device Service                 
    AdminService.exe              1812 AtherosSvc                                  
    mDNSResponder.exe             1848 Bonjour Service                             
    CarboniteService.exe          1888 CarboniteService                            
    svchost.exe                   1920 DiagTrack                                   
    svchost.exe                   1952 FDResPub, SSDPSRV, upnphost                 
    GarminService.exe             2040 Garmin Device Interaction Service           
    dwm.exe                       2352 N/A                                         
    explorer.exe                  2420 N/A                                         
    HeciServer.exe                2692 Intel® Capability Licensing Service Interf
                                       ace                                         
    NOBuAgent.exe                 2728 NOBU                                        
    SftService.exe                2792 SftService                                  
    svchost.exe                   2860 stisvc                                      
    WLIDSVC.EXE                   2908 wlidsvc                                     
    WLIDSVCM.EXE                  3120 N/A                                         
    WsAppService.exe              3144 WsAppService                                
    Ath_CoexAgent.exe             3448 ZAtheros Bt&Wlan Coex Agent                 
    Ath_WlanAgent.exe             3484 ZAtheros Wlan Agent                         
    GoogleCrashHandler.exe        3588 N/A                                         
    GoogleCrashHandler64.exe      3680 N/A                                         
    svchost.exe                   3796 bthserv                                     
    svchost.exe                   4020 PolicyAgent                                 
    WUDFHost.exe                  1972 N/A                                         
    msseces.exe                   4112 N/A                                         
    iPodService.exe               4708 iPod Service                                
    SearchIndexer.exe             4240 WSearch                                     
    IAStorIcon.exe                4064 N/A                                         
    PresentationFontCache.exe     4836 FontCache3.0.0.0                            
    IAStorDataMgrSvc.exe           588 IAStorDataMgrSvc                            
    LMS.exe                       2172 LMS                                         
    wmpnetwk.exe                  4208 WMPNetworkSvc                               
    UNS.exe                       7160 UNS                                         
    TrustedInstaller.exe          6808 TrustedInstaller                            
    svchost.exe                   5520 swprv                                       
    firefox.exe                   6020 N/A                                         
    taskeng.exe                   7000 N/A                                         
    NisSrv.exe                    5856 NisSrv                                      
    procexp.exe                   4796 N/A                                         
    procexp64.exe                 4268 N/A                                         
    WmiPrvSE.exe                  1028 N/A                                         
    dllhost.exe                   2248 N/A                                         
    cmd.exe                       5084 N/A                                         
    conhost.exe                   5076 N/A                                         
    tasklist.exe                  1120 N/A                                         
    WmiPrvSE.exe                  4356 N/A                                         
     

    Attached Files


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP


    Error: (02/09/2017 06:58:13 AM) (Source: Ntfs) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume Aukerman.

     

     

    Above error is why FRST failed.  Run a disk check:
     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     

    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
    If you do not see the "The file system structure on the disk is corrupt and unusable." error in VEW system then try FRST again.
     
     
     

     


    • 0

    #5
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    2017-02-11 07:30:38, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:38, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:40, Info                  CSI    0000000c [SR] Verify complete
    2017-02-11 07:30:41, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:41, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:42, Info                  CSI    00000010 [SR] Verify complete
    2017-02-11 07:30:43, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:43, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:44, Info                  CSI    00000014 [SR] Verify complete
    2017-02-11 07:30:46, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:46, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:47, Info                  CSI    00000018 [SR] Verify complete
    2017-02-11 07:30:48, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:48, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:50, Info                  CSI    0000001c [SR] Verify complete
    2017-02-11 07:30:51, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:51, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:52, Info                  CSI    00000020 [SR] Verify complete
    2017-02-11 07:30:53, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:53, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:55, Info                  CSI    00000024 [SR] Verify complete
    2017-02-11 07:30:56, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:56, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:30:57, Info                  CSI    00000028 [SR] Verify complete
    2017-02-11 07:30:58, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:30:58, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:00, Info                  CSI    0000002c [SR] Verify complete
    2017-02-11 07:31:01, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:01, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:02, Info                  CSI    00000030 [SR] Verify complete
    2017-02-11 07:31:03, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:03, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:04, Info                  CSI    00000034 [SR] Verify complete
    2017-02-11 07:31:05, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:05, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:07, Info                  CSI    00000038 [SR] Verify complete
    2017-02-11 07:31:08, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:08, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:09, Info                  CSI    0000003c [SR] Verify complete
    2017-02-11 07:31:11, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:11, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:14, Info                  CSI    00000040 [SR] Verify complete
    2017-02-11 07:31:15, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:15, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:17, Info                  CSI    00000044 [SR] Verify complete
    2017-02-11 07:31:17, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:17, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:19, Info                  CSI    00000048 [SR] Verify complete
    2017-02-11 07:31:20, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:20, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:22, Info                  CSI    0000004c [SR] Verify complete
    2017-02-11 07:31:24, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:24, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:27, Info                  CSI    00000050 [SR] Verify complete
    2017-02-11 07:31:28, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:28, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:29, Info                  CSI    00000054 [SR] Verify complete
    2017-02-11 07:31:30, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:30, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:32, Info                  CSI    00000058 [SR] Verify complete
    2017-02-11 07:31:33, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:33, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:34, Info                  CSI    0000005c [SR] Verify complete
    2017-02-11 07:31:35, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:35, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:36, Info                  CSI    00000060 [SR] Verify complete
    2017-02-11 07:31:37, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:37, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:38, Info                  CSI    00000064 [SR] Verify complete
    2017-02-11 07:31:39, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:39, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:40, Info                  CSI    00000068 [SR] Verify complete
    2017-02-11 07:31:41, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:41, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:43, Info                  CSI    0000006c [SR] Verify complete
    2017-02-11 07:31:43, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:43, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:45, Info                  CSI    00000070 [SR] Verify complete
    2017-02-11 07:31:46, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:46, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:47, Info                  CSI    00000074 [SR] Verify complete
    2017-02-11 07:31:48, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:48, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:50, Info                  CSI    00000078 [SR] Verify complete
    2017-02-11 07:31:50, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:50, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:52, Info                  CSI    0000007c [SR] Verify complete
    2017-02-11 07:31:53, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:53, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:54, Info                  CSI    00000080 [SR] Verify complete
    2017-02-11 07:31:55, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:55, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:57, Info                  CSI    00000084 [SR] Verify complete
    2017-02-11 07:31:58, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:31:58, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:31:59, Info                  CSI    00000088 [SR] Verify complete
    2017-02-11 07:32:00, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:00, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:02, Info                  CSI    0000008c [SR] Verify complete
    2017-02-11 07:32:02, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:02, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:04, Info                  CSI    00000090 [SR] Verify complete
    2017-02-11 07:32:04, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:04, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:06, Info                  CSI    00000094 [SR] Verify complete
    2017-02-11 07:32:07, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:07, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:09, Info                  CSI    00000098 [SR] Verify complete
    2017-02-11 07:32:10, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:10, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:11, Info                  CSI    0000009c [SR] Verify complete
    2017-02-11 07:32:12, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:12, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:13, Info                  CSI    000000a0 [SR] Verify complete
    2017-02-11 07:32:14, Info                  CSI    000000a1 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:14, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:15, Info                  CSI    000000a4 [SR] Verify complete
    2017-02-11 07:32:16, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:16, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:18, Info                  CSI    000000a8 [SR] Verify complete
    2017-02-11 07:32:18, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:18, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:20, Info                  CSI    000000ac [SR] Verify complete
    2017-02-11 07:32:21, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:21, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:22, Info                  CSI    000000b0 [SR] Verify complete
    2017-02-11 07:32:23, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:23, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:24, Info                  CSI    000000b4 [SR] Verify complete
    2017-02-11 07:32:25, Info                  CSI    000000b5 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:25, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:26, Info                  CSI    000000b8 [SR] Verify complete
    2017-02-11 07:32:27, Info                  CSI    000000b9 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:27, Info                  CSI    000000ba [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:28, Info                  CSI    000000bc [SR] Verify complete
    2017-02-11 07:32:29, Info                  CSI    000000bd [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:29, Info                  CSI    000000be [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:30, Info                  CSI    000000c0 [SR] Verify complete
    2017-02-11 07:32:31, Info                  CSI    000000c1 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:31, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:33, Info                  CSI    000000c4 [SR] Verify complete
    2017-02-11 07:32:33, Info                  CSI    000000c5 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:33, Info                  CSI    000000c6 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:36, Info                  CSI    000000c8 [SR] Verify complete
    2017-02-11 07:32:36, Info                  CSI    000000c9 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:36, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:38, Info                  CSI    000000cc [SR] Verify complete
    2017-02-11 07:32:38, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:38, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:43, Info                  CSI    000000d1 [SR] Verify complete
    2017-02-11 07:32:43, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:43, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:51, Info                  CSI    000000d6 [SR] Verify complete
    2017-02-11 07:32:51, Info                  CSI    000000d7 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:51, Info                  CSI    000000d8 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:32:56, Info                  CSI    000000dc [SR] Verify complete
    2017-02-11 07:32:57, Info                  CSI    000000dd [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:32:57, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:05, Info                  CSI    000000e1 [SR] Verify complete
    2017-02-11 07:33:06, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:06, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:19, Info                  CSI    000000e5 [SR] Verify complete
    2017-02-11 07:33:20, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:20, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:28, Info                  CSI    00000109 [SR] Verify complete
    2017-02-11 07:33:29, Info                  CSI    0000010a [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:29, Info                  CSI    0000010b [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:34, Info                  CSI    00000110 [SR] Verify complete
    2017-02-11 07:33:35, Info                  CSI    00000111 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:35, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:41, Info                  CSI    00000114 [SR] Verify complete
    2017-02-11 07:33:41, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:41, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:46, Info                  CSI    00000118 [SR] Verify complete
    2017-02-11 07:33:46, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:46, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:51, Info                  CSI    0000011c [SR] Verify complete
    2017-02-11 07:33:52, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:52, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:33:56, Info                  CSI    00000120 [SR] Verify complete
    2017-02-11 07:33:57, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:33:57, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:00, Info                  CSI    00000124 [SR] Verify complete
    2017-02-11 07:34:01, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:01, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:07, Info                  CSI    0000012a [SR] Verify complete
    2017-02-11 07:34:08, Info                  CSI    0000012b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:08, Info                  CSI    0000012c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:15, Info                  CSI    0000014d [SR] Verify complete
    2017-02-11 07:34:16, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:16, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:23, Info                  CSI    00000151 [SR] Verify complete
    2017-02-11 07:34:24, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:24, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:35, Info                  CSI    00000155 [SR] Verify complete
    2017-02-11 07:34:35, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:35, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:37, Info                  CSI    0000015b [SR] Verify complete
    2017-02-11 07:34:38, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:38, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:40, Info                  CSI    0000015f [SR] Verify complete
    2017-02-11 07:34:40, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:40, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:41, Info                  CSI    00000163 [SR] Verify complete
    2017-02-11 07:34:41, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:41, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:45, Info                  CSI    00000167 [SR] Verify complete
    2017-02-11 07:34:45, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:45, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:50, Info                  CSI    0000017c [SR] Verify complete
    2017-02-11 07:34:50, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:50, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:52, Info                  CSI    00000180 [SR] Verify complete
    2017-02-11 07:34:53, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:53, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:56, Info                  CSI    00000184 [SR] Verify complete
    2017-02-11 07:34:57, Info                  CSI    00000185 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:34:57, Info                  CSI    00000186 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:34:59, Info                  CSI    00000188 [SR] Verify complete
    2017-02-11 07:35:00, Info                  CSI    00000189 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:00, Info                  CSI    0000018a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:09, Info                  CSI    0000018d [SR] Verify complete
    2017-02-11 07:35:10, Info                  CSI    0000018e [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:10, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:20, Info                  CSI    00000192 [SR] Verify complete
    2017-02-11 07:35:20, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:20, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:22, Info                  CSI    00000196 [SR] Verify complete
    2017-02-11 07:35:22, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:22, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:23, Info                  CSI    0000019a [SR] Verify complete
    2017-02-11 07:35:23, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:23, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:29, Info                  CSI    0000019e [SR] Verify complete
    2017-02-11 07:35:29, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:29, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:34, Info                  CSI    000001a2 [SR] Verify complete
    2017-02-11 07:35:35, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:35, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:39, Info                  CSI    000001a6 [SR] Verify complete
    2017-02-11 07:35:39, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:39, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:49, Info                  CSI    000001c0 [SR] Verify complete
    2017-02-11 07:35:49, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:49, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:35:53, Info                  CSI    000001c4 [SR] Verify complete
    2017-02-11 07:35:53, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:35:53, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:03, Info                  CSI    000001c8 [SR] Verify complete
    2017-02-11 07:36:04, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:04, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:10, Info                  CSI    000001cd [SR] Verify complete
    2017-02-11 07:36:10, Info                  CSI    000001ce [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:10, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:17, Info                  CSI    000001d1 [SR] Verify complete
    2017-02-11 07:36:17, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:17, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:23, Info                  CSI    000001d5 [SR] Verify complete
    2017-02-11 07:36:23, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:23, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:28, Info                  CSI    000001d9 [SR] Verify complete
    2017-02-11 07:36:29, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:29, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:33, Info                  CSI    000001dd [SR] Verify complete
    2017-02-11 07:36:33, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:33, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:37, Info                  CSI    000001e3 [SR] Verify complete
    2017-02-11 07:36:37, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:37, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:41, Info                  CSI    000001e7 [SR] Verify complete
    2017-02-11 07:36:42, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:42, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:36:53, Info                  CSI    000001eb [SR] Verify complete
    2017-02-11 07:36:54, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:36:54, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:00, Info                  CSI    000001f0 [SR] Verify complete
    2017-02-11 07:37:00, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:00, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:04, Info                  CSI    000001f4 [SR] Verify complete
    2017-02-11 07:37:05, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:05, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:10, Info                  CSI    000001f9 [SR] Verify complete
    2017-02-11 07:37:10, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:10, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:19, Info                  CSI    000001fe [SR] Verify complete
    2017-02-11 07:37:19, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:19, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:23, Info                  CSI    00000202 [SR] Verify complete
    2017-02-11 07:37:24, Info                  CSI    00000203 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:24, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:27, Info                  CSI    00000206 [SR] Verify complete
    2017-02-11 07:37:28, Info                  CSI    00000207 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:28, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:32, Info                  CSI    0000020a [SR] Verify complete
    2017-02-11 07:37:32, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:32, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:36, Info                  CSI    0000020f [SR] Verify complete
    2017-02-11 07:37:36, Info                  CSI    00000210 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:36, Info                  CSI    00000211 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:41, Info                  CSI    00000213 [SR] Verify complete
    2017-02-11 07:37:41, Info                  CSI    00000214 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:41, Info                  CSI    00000215 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:44, Info                  CSI    00000218 [SR] Verify complete
    2017-02-11 07:37:44, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:44, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:52, Info                  CSI    0000021c [SR] Verify complete
    2017-02-11 07:37:52, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:52, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:37:59, Info                  CSI    00000220 [SR] Verify complete
    2017-02-11 07:37:59, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:37:59, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:04, Info                  CSI    00000224 [SR] Verify complete
    2017-02-11 07:38:05, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:05, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:10, Info                  CSI    00000229 [SR] Verify complete
    2017-02-11 07:38:10, Info                  CSI    0000022a [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:10, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:15, Info                  CSI    0000022d [SR] Verify complete
    2017-02-11 07:38:16, Info                  CSI    0000022e [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:16, Info                  CSI    0000022f [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:21, Info                  CSI    00000233 [SR] Verify complete
    2017-02-11 07:38:22, Info                  CSI    00000234 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:22, Info                  CSI    00000235 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:30, Info                  CSI    00000237 [SR] Verify complete
    2017-02-11 07:38:31, Info                  CSI    00000238 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:31, Info                  CSI    00000239 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:43, Info                  CSI    0000023c [SR] Verify complete
    2017-02-11 07:38:44, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:44, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:48, Info                  CSI    00000240 [SR] Verify complete
    2017-02-11 07:38:48, Info                  CSI    00000241 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:48, Info                  CSI    00000242 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:49, Info                  CSI    00000244 [SR] Verify complete
    2017-02-11 07:38:49, Info                  CSI    00000245 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:49, Info                  CSI    00000246 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:52, Info                  CSI    00000248 [SR] Verify complete
    2017-02-11 07:38:53, Info                  CSI    00000249 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:53, Info                  CSI    0000024a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:38:58, Info                  CSI    0000024c [SR] Verify complete
    2017-02-11 07:38:59, Info                  CSI    0000024d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:38:59, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:05, Info                  CSI    00000250 [SR] Verify complete
    2017-02-11 07:39:05, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:05, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:09, Info                  CSI    00000254 [SR] Verify complete
    2017-02-11 07:39:09, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:09, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:12, Info                  CSI    00000258 [SR] Verify complete
    2017-02-11 07:39:12, Info                  CSI    00000259 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:12, Info                  CSI    0000025a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:18, Info                  CSI    0000025c [SR] Verify complete
    2017-02-11 07:39:18, Info                  CSI    0000025d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:18, Info                  CSI    0000025e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:28, Info                  CSI    00000260 [SR] Verify complete
    2017-02-11 07:39:29, Info                  CSI    00000261 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:29, Info                  CSI    00000262 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:31, Info                  CSI    00000264 [SR] Verify complete
    2017-02-11 07:39:32, Info                  CSI    00000265 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:32, Info                  CSI    00000266 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:35, Info                  CSI    00000268 [SR] Verify complete
    2017-02-11 07:39:35, Info                  CSI    00000269 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:35, Info                  CSI    0000026a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:36, Info                  CSI    0000026c [SR] Verify complete
    2017-02-11 07:39:37, Info                  CSI    0000026d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:37, Info                  CSI    0000026e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:40, Info                  CSI    00000270 [SR] Verify complete
    2017-02-11 07:39:41, Info                  CSI    00000271 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:41, Info                  CSI    00000272 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:44, Info                  CSI    00000274 [SR] Verify complete
    2017-02-11 07:39:45, Info                  CSI    00000275 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:45, Info                  CSI    00000276 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:48, Info                  CSI    00000278 [SR] Verify complete
    2017-02-11 07:39:48, Info                  CSI    00000279 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:48, Info                  CSI    0000027a [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:50, Info                  CSI    0000027c [SR] Verify complete
    2017-02-11 07:39:50, Info                  CSI    0000027d [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:50, Info                  CSI    0000027e [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:51, Info                  CSI    00000280 [SR] Verify complete
    2017-02-11 07:39:51, Info                  CSI    00000281 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:51, Info                  CSI    00000282 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:54, Info                  CSI    0000028a [SR] Verify complete
    2017-02-11 07:39:55, Info                  CSI    0000028b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:55, Info                  CSI    0000028c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:39:58, Info                  CSI    0000028e [SR] Verify complete
    2017-02-11 07:39:58, Info                  CSI    0000028f [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:39:58, Info                  CSI    00000290 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:02, Info                  CSI    00000292 [SR] Verify complete
    2017-02-11 07:40:03, Info                  CSI    00000293 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:03, Info                  CSI    00000294 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:05, Info                  CSI    00000296 [SR] Verify complete
    2017-02-11 07:40:06, Info                  CSI    00000297 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:06, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:09, Info                  CSI    0000029a [SR] Verify complete
    2017-02-11 07:40:10, Info                  CSI    0000029b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:10, Info                  CSI    0000029c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:14, Info                  CSI    0000029e [SR] Verify complete
    2017-02-11 07:40:14, Info                  CSI    0000029f [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:14, Info                  CSI    000002a0 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:20, Info                  CSI    000002a3 [SR] Verify complete
    2017-02-11 07:40:20, Info                  CSI    000002a4 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:20, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:23, Info                  CSI    000002a7 [SR] Verify complete
    2017-02-11 07:40:23, Info                  CSI    000002a8 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:23, Info                  CSI    000002a9 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:24, Info                  CSI    000002ab [SR] Verify complete
    2017-02-11 07:40:25, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:25, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:33, Info                  CSI    000002b0 [SR] Verify complete
    2017-02-11 07:40:33, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:33, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:43, Info                  CSI    000002b6 [SR] Verify complete
    2017-02-11 07:40:43, Info                  CSI    000002b7 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:43, Info                  CSI    000002b8 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:49, Info                  CSI    000002bd [SR] Verify complete
    2017-02-11 07:40:49, Info                  CSI    000002be [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:49, Info                  CSI    000002bf [SR] Beginning Verify and Repair transaction
    2017-02-11 07:40:54, Info                  CSI    000002c5 [SR] Verify complete
    2017-02-11 07:40:55, Info                  CSI    000002c6 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:40:55, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:01, Info                  CSI    000002d1 [SR] Verify complete
    2017-02-11 07:41:01, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:01, Info                  CSI    000002d3 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:07, Info                  CSI    000002d9 [SR] Verify complete
    2017-02-11 07:41:07, Info                  CSI    000002da [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:07, Info                  CSI    000002db [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:11, Info                  CSI    000002dd [SR] Verify complete
    2017-02-11 07:41:11, Info                  CSI    000002de [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:11, Info                  CSI    000002df [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:14, Info                  CSI    000002e3 [SR] Verify complete
    2017-02-11 07:41:14, Info                  CSI    000002e4 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:14, Info                  CSI    000002e5 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:16, Info                  CSI    000002e7 [SR] Verify complete
    2017-02-11 07:41:17, Info                  CSI    000002e8 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:17, Info                  CSI    000002e9 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:22, Info                  CSI    0000030e [SR] Verify complete
    2017-02-11 07:41:23, Info                  CSI    0000030f [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:23, Info                  CSI    00000310 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:29, Info                  CSI    00000312 [SR] Verify complete
    2017-02-11 07:41:29, Info                  CSI    00000313 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:29, Info                  CSI    00000314 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:36, Info                  CSI    00000316 [SR] Verify complete
    2017-02-11 07:41:36, Info                  CSI    00000317 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:36, Info                  CSI    00000318 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:42, Info                  CSI    0000031a [SR] Verify complete
    2017-02-11 07:41:43, Info                  CSI    0000031b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:43, Info                  CSI    0000031c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:48, Info                  CSI    0000032a [SR] Verify complete
    2017-02-11 07:41:48, Info                  CSI    0000032b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:48, Info                  CSI    0000032c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:41:56, Info                  CSI    0000032e [SR] Verify complete
    2017-02-11 07:41:56, Info                  CSI    0000032f [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:41:56, Info                  CSI    00000330 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:02, Info                  CSI    0000033e [SR] Verify complete
    2017-02-11 07:42:02, Info                  CSI    0000033f [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:02, Info                  CSI    00000340 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:05, Info                  CSI    00000342 [SR] Verify complete
    2017-02-11 07:42:06, Info                  CSI    00000343 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:06, Info                  CSI    00000344 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:12, Info                  CSI    00000346 [SR] Verify complete
    2017-02-11 07:42:13, Info                  CSI    00000347 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:13, Info                  CSI    00000348 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:19, Info                  CSI    0000034b [SR] Verify complete
    2017-02-11 07:42:19, Info                  CSI    0000034c [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:19, Info                  CSI    0000034d [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:21, Info                  CSI    0000034f [SR] Verify complete
    2017-02-11 07:42:21, Info                  CSI    00000350 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:21, Info                  CSI    00000351 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:26, Info                  CSI    00000353 [SR] Verify complete
    2017-02-11 07:42:26, Info                  CSI    00000354 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:26, Info                  CSI    00000355 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:30, Info                  CSI    00000357 [SR] Verify complete
    2017-02-11 07:42:30, Info                  CSI    00000358 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:30, Info                  CSI    00000359 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:36, Info                  CSI    0000035d [SR] Verify complete
    2017-02-11 07:42:37, Info                  CSI    0000035e [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:37, Info                  CSI    0000035f [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:42, Info                  CSI    00000377 [SR] Verify complete
    2017-02-11 07:42:42, Info                  CSI    00000378 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:42, Info                  CSI    00000379 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:54, Info                  CSI    0000037b [SR] Verify complete
    2017-02-11 07:42:55, Info                  CSI    0000037c [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:55, Info                  CSI    0000037d [SR] Beginning Verify and Repair transaction
    2017-02-11 07:42:58, Info                  CSI    0000037f [SR] Verify complete
    2017-02-11 07:42:59, Info                  CSI    00000380 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:42:59, Info                  CSI    00000381 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:01, Info                  CSI    00000383 [SR] Verify complete
    2017-02-11 07:43:01, Info                  CSI    00000384 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:01, Info                  CSI    00000385 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:04, Info                  CSI    00000389 [SR] Verify complete
    2017-02-11 07:43:04, Info                  CSI    0000038a [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:04, Info                  CSI    0000038b [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:07, Info                  CSI    0000038d [SR] Verify complete
    2017-02-11 07:43:08, Info                  CSI    0000038e [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:08, Info                  CSI    0000038f [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:14, Info                  CSI    00000391 [SR] Verify complete
    2017-02-11 07:43:15, Info                  CSI    00000392 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:15, Info                  CSI    00000393 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:18, Info                  CSI    00000395 [SR] Verify complete
    2017-02-11 07:43:19, Info                  CSI    00000396 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:19, Info                  CSI    00000397 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:22, Info                  CSI    0000039a [SR] Verify complete
    2017-02-11 07:43:23, Info                  CSI    0000039b [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:23, Info                  CSI    0000039c [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:26, Info                  CSI    0000039e [SR] Verify complete
    2017-02-11 07:43:26, Info                  CSI    0000039f [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:26, Info                  CSI    000003a0 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:30, Info                  CSI    000003a2 [SR] Verify complete
    2017-02-11 07:43:30, Info                  CSI    000003a3 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:30, Info                  CSI    000003a4 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:35, Info                  CSI    000003a6 [SR] Verify complete
    2017-02-11 07:43:35, Info                  CSI    000003a7 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:35, Info                  CSI    000003a8 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:38, Info                  CSI    000003ab [SR] Verify complete
    2017-02-11 07:43:39, Info                  CSI    000003ac [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:39, Info                  CSI    000003ad [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:43, Info                  CSI    000003af [SR] Verify complete
    2017-02-11 07:43:44, Info                  CSI    000003b0 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:44, Info                  CSI    000003b1 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:49, Info                  CSI    000003b3 [SR] Verify complete
    2017-02-11 07:43:49, Info                  CSI    000003b4 [SR] Verifying 100 (0x0000000000000064) components
    2017-02-11 07:43:49, Info                  CSI    000003b5 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:55, Info                  CSI    000003b7 [SR] Verify complete
    2017-02-11 07:43:56, Info                  CSI    000003b8 [SR] Verifying 76 (0x000000000000004c) components
    2017-02-11 07:43:56, Info                  CSI    000003b9 [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:59, Info                  CSI    000003bb [SR] Verify complete
    2017-02-11 07:43:59, Info                  CSI    000003bc [SR] Repairing 0 components
    2017-02-11 07:43:59, Info                  CSI    000003bd [SR] Beginning Verify and Repair transaction
    2017-02-11 07:43:59, Info                  CSI    000003bf [SR] Repair complete
     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 11/02/2017 7:46:38 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 11/02/2017 12:27:30 PM
    Type: Error Category: 0
    Event: 36887 Source: Schannel
    The following fatal alert was received: 70.

    Log: 'System' Date/Time: 11/02/2017 12:25:51 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Garmin Device Interaction Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 11/02/2017 12:25:51 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

    Log: 'System' Date/Time: 11/02/2017 12:25:15 PM
    Type: Error Category: 0
    Event: 6008 Source: EventLog
    The previous system shutdown at 7:22:19 AM on ?2/?11/?2017 was unexpected.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 11/02/2017 12:26:51 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#.

    I followed all instructions and tried FRST again, but it still had the same problem, failed to complete the scan with a "No Disk in Drive" error message.


    • 0

    #6
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-02-2017
    Ran by Aukerman (administrator) on AUKERMAN-PC (11-02-2017 07:50:21)
    Running from C:\Users\Aukerman\Desktop
    Loaded Profiles: Aukerman (Available Profiles: Aukerman)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
    HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-07] (Google Inc.)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Google Update] => C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-15] (Google Inc.)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-09]
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2017-02-08]
    ShortcutTarget: Slack.lnk -> C:\Users\Aukerman\AppData\Local\slack\slack.exe (Slack Technologies)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{3132E1A3-4DDA-41F4-97CC-79FA274A0328}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default [2017-02-11]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
    FF Homepage: Mozilla\Firefox\Profiles\ujdi172x.default -> hxxps://www.facebook.com/
    hxxps://mail.google.com/mail/?shva=1#inbox
    hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=fiZNqzggyfCvyXfC0GF0iA
    FF Extension: (Clearly) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-01-16]
    FF Extension: (LastPass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-12-16]
    FF Extension: (webpass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-02-09]
    FF Extension: (Garmin Communicator) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-07] [not signed]
    FF Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-09] (LastPass)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-09] (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aukerman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
    FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/calendar/render?tab=mc#main_7"
    CHR Profile: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
    CHR Extension: (Google Slides) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
    CHR Extension: (Google Docs) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
    CHR Extension: (Google Drive) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
    CHR Extension: (Google Search) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Sheets) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
    CHR Extension: (Google Docs Offline) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (Chromebook Recovery Utility) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-07-01]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
    CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-07-01]
    CHR Extension: (Gmail) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
    CHR Extension: (Chrome Media Router) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
    CHR HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
    R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
    S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-08-03] (Wondershare)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-11 07:50 - 2017-02-11 07:52 - 00025979 _____ C:\Users\Aukerman\Desktop\FRST.txt
    2017-02-11 07:50 - 2017-02-11 07:50 - 00000000 ____D C:\Users\Aukerman\Desktop\FRST-OlderVersion
    2017-02-11 07:46 - 2017-02-11 07:48 - 00000913 _____ C:\VEW.txt
    2017-02-11 07:46 - 2017-02-11 07:46 - 00001624 _____ C:\Users\Aukerman\Desktop\VEW.txt
    2017-02-11 07:45 - 2017-02-11 07:45 - 00061440 _____ ( ) C:\Users\Aukerman\Desktop\VEW.exe
    2017-02-11 07:45 - 2017-02-11 07:45 - 00052248 _____ C:\Users\Aukerman\Desktop\junk.txt
    2017-02-11 07:25 - 2017-02-11 07:25 - 00000000 ___RD C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2017-02-10 11:44 - 2017-02-10 11:44 - 00002152 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2017-02-10 11:44 - 2017-02-10 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2017-02-10 07:38 - 2017-02-10 07:38 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
    2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\Program Files\Speccy
    2017-02-10 07:35 - 2017-02-10 07:35 - 00006644 _____ C:\junk.txt
    2017-02-10 07:30 - 2017-02-10 07:30 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Aukerman\Desktop\procexp.exe
    2017-02-10 07:23 - 2017-02-10 07:23 - 01663040 _____ (Malwarebytes) C:\Users\Aukerman\Desktop\JRT.exe
    2017-02-10 07:14 - 2017-02-10 07:17 - 00000000 ____D C:\AdwCleaner
    2017-02-10 07:09 - 2017-02-10 07:09 - 04015056 _____ C:\Users\Aukerman\Desktop\AdwCleaner.exe
    2017-02-10 07:06 - 2017-02-10 07:06 - 00892416 _____ (Farbar) C:\Users\Aukerman\Desktop\MiniToolBox.exe
    2017-02-08 10:18 - 2017-02-08 10:18 - 00008129 _____ C:\Users\Aukerman\Downloads\student-orgs.xlsx
    2017-02-08 10:10 - 2017-02-11 07:26 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Slack
    2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
    2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\SquirrelTemp
    2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\slack
    2017-02-07 08:51 - 2017-02-11 07:50 - 02421248 _____ (Farbar) C:\Users\Aukerman\Desktop\FRST64.exe
    2017-02-05 06:39 - 2017-02-05 06:40 - 00000000 ____D C:\FRST
    2017-02-03 15:48 - 2017-02-03 15:48 - 00134705 _____ C:\Users\Aukerman\asdf
    2017-02-03 06:50 - 2017-02-03 06:50 - 00074818 _____ C:\Users\Aukerman\Downloads\document.pdf
    2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iTunes
    2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iPod
    2017-01-16 07:46 - 2017-01-16 07:46 - 00047091 _____ C:\Users\Aukerman\Downloads\Sanctuary Remodel Financial Report.xls.xlsx

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-11 07:45 - 2012-09-26 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-02-11 07:35 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-02-11 07:35 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-02-11 07:31 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-11 07:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2017-02-11 07:27 - 2016-11-19 07:02 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\Mozilla
    2017-02-11 07:27 - 2012-10-06 07:54 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\LastPass
    2017-02-11 07:26 - 2012-12-22 07:36 - 00000000 ___RD C:\Users\Aukerman\Google Drive
    2017-02-11 07:26 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2017-02-11 07:26 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2017-02-11 07:26 - 2012-09-26 18:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2017-02-11 07:25 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-02-11 01:01 - 2012-10-27 06:50 - 00000000 ___RD C:\Users\Aukerman\Virtual Machines
    2017-02-11 00:59 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\Bren
    2017-02-10 14:46 - 2012-10-06 10:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
    2017-02-10 11:44 - 2012-10-07 16:33 - 00000000 ____D C:\Program Files (x86)\Google
    2017-02-09 08:49 - 2016-08-04 08:49 - 01446912 ___SH C:\Users\Aukerman\Desktop\Thumbs.db
    2017-02-08 23:42 - 2016-07-26 15:28 - 00000000 ____D C:\Users\Aukerman\Desktop\Lou Ann - Choruses
    2017-02-07 07:37 - 2016-09-14 22:55 - 08005632 _____ C:\Users\Aukerman\Desktop\Aukerman losses.xls
    2017-02-07 07:31 - 2009-07-14 00:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-02-06 22:19 - 2013-11-27 07:03 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-02-05 07:49 - 2016-12-23 07:30 - 00310395 _____ C:\Users\Aukerman\Documents\Untitled_3549.amj
    2017-02-03 15:48 - 2012-10-06 06:27 - 00000000 ____D C:\Users\Aukerman
    2017-02-01 07:40 - 2016-12-23 07:30 - 00310379 _____ C:\Users\Aukerman\Untitled_3549.amk
    2017-02-01 06:49 - 2012-10-06 07:25 - 00000000 ___RD C:\Users\Aukerman\Desktop\John
    2017-02-01 06:39 - 2012-10-06 07:47 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-01-28 06:37 - 2016-11-18 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-01-28 06:37 - 2012-10-06 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-01-27 08:07 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\John
    2017-01-21 21:17 - 2016-08-11 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-01-18 22:57 - 2013-08-02 23:52 - 00000000 ____D C:\Users\Aukerman\Documents\Outlook Files
    2017-01-18 22:57 - 2012-10-07 16:33 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Deployment
    2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\ProgramData\Package Cache
    2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\Program Files (x86)\Garmin
    2017-01-18 07:04 - 2014-04-13 05:29 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
    2017-01-18 07:04 - 2013-06-01 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2017-01-15 07:55 - 2012-10-06 16:27 - 00000000 ____D C:\Users\Aukerman\AppData\Local\ElevatedDiagnostics
    2017-01-12 17:23 - 2015-05-16 05:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

    ==================== Files in the root of some directories =======

    2003-11-10 15:27 - 2003-11-10 15:26 - 0376884 _____ () C:\Program Files\image001.bmp
    2013-11-09 08:25 - 2013-11-09 08:25 - 12767232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

    Files to move or delete:
    ====================
    C:\Users\Aukerman\jobq.dat


    Some files in TEMP:
    ====================
    2013-01-02 20:20 - 2013-01-02 20:20 - 0726016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.dll
    2013-01-02 20:20 - 2013-01-02 20:20 - 0150016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.exe
    2013-01-02 20:20 - 2013-01-02 20:20 - 0023477 _____ () C:\Users\Aukerman\AppData\Local\Temp\dtkill.exe
    2013-01-02 20:20 - 2013-01-02 20:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Aukerman\AppData\Local\Temp\Executor.exe
    2012-10-07 06:32 - 2012-10-07 06:32 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe-1.exe
    2012-10-07 06:29 - 2012-10-07 06:29 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe.exe
    2013-01-30 18:58 - 2013-01-30 18:58 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
    2013-03-01 15:00 - 2013-03-01 15:00 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    2013-06-13 10:36 - 2013-06-13 10:36 - 0903592 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    2013-12-19 12:06 - 2013-12-19 12:06 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    2014-04-15 15:50 - 2014-04-15 15:50 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    2014-07-11 16:12 - 2014-07-11 16:12 - 0918952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    2014-07-28 00:15 - 2014-07-28 00:15 - 0918440 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    2014-09-29 12:06 - 2014-09-29 12:06 - 0937896 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    2012-09-27 16:56 - 2012-09-27 16:56 - 0895464 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
    2014-12-18 12:29 - 2014-12-18 12:29 - 0641448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-8u31-windows-au.exe
    2014-07-25 06:17 - 2014-07-07 08:57 - 0150096 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\lowproc.exe
    2014-07-25 06:17 - 2014-07-07 08:57 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\stubhelper.dll
    2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
    2013-04-23 17:15 - 2013-04-23 17:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2010.exe
    2013-01-02 20:20 - 2013-01-02 20:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2012.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2017
    Ran by Aukerman (11-02-2017 07:53:05)
    Running from C:\Users\Aukerman\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2012-10-06 11:27:00)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3383977758-1919853078-1981122960-500 - Administrator - Disabled)
    Aukerman (S-1-5-21-3383977758-1919853078-1981122960-1001 - Administrator - Enabled) => C:\Users\Aukerman
    Guest (S-1-5-21-3383977758-1919853078-1981122960-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3383977758-1919853078-1981122960-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version:  - MechCAD Software)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
    Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
    Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version:  - )
    Canon MP970 series User Registration (HKLM-x32\...\Canon MP970 series User Registration) (Version:  - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
    Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
    Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
    Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
    Google Drive plug-in 1.6.13.0 (HKLM-x32\...\{BE9B9ACB-90BC-4F9D-8952-61B33AD3AFC4}) (Version: 1.6.13.0 - Google Inc)
    Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
    Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
    MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - GVOX)
    MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version:  - )
    MusicTime Deluxe 4.0.4 UpdateTest (HKLM-x32\...\MusicTime Deluxe 4.0.4 UpdateTest 1.1) (Version: 1.1 - GVOX)
    MusicTime Updater (HKLM-x32\...\MusicTime Updater ) (Version:  - Passport Music Software LLC)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
    RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version:  - RootsMagic, Inc.)
    RootsMagic 7.0.5.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
    Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Slack (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\slack) (Version: 2.4.1 - Slack Technologies)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    Synctunes Desktop (HKLM-x32\...\{E828D6D5-E46F-49CE-8EC8-8AA0CA852F2F}) (Version: 1.1.7 - The Bit Studio)
    TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0C6B48DD-71D2-382E-9179-C5F899B73D0D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0CD22449-F930-33EB-85B8-2E8676284ABF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2B6AE651-7A0F-3DF5-8BAF-3AD95C19EE54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2C047547-4685-3541-ACA4-CEA3622CDA46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{57030FCC-4D11-3303-8DCF-C72BB0D63403}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{5A63AFF1-DF22-334F-8403-C08018CF2F7E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{82186AB2-1881-42D6-B945-35087B680952}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{859E1D4B-62D3-3BC2-97C3-D7221D8D0B2C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{8C773506-862F-3B84-B219-1D439AEDBE10}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A127BC2E-6037-3719-B332-5E7C40B155F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{C124DB8B-34BE-3FBE-935B-DA807C9A42F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{EE6FC79B-08B9-3BC6-8508-E17566B152AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{FA446C14-194B-3964-B21D-D76C4B4951AD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    Odd. VEW doesn't show a problem with the disk any more so it should work.  Let's try aswMBR

     

     
    Download aswMBR.exe  to your desktop.
    The link is a direct download so the page won't change.
     
    Right click the aswMBR.exe and select Run As Administrator to run it
    Wait until the AV Scan shows up at the bottom left.
    Change AV Scan: from Quick Scan to  C:\
    Click the "Scan" button to start scan
    If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
    On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
     
    If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

    • 0

    #8
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    Completed. There is a button, FixMBR.

     

    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2017-02-11 10:04:01
    -----------------------------
    10:04:01.404    OS Version: Windows x64 6.1.7601 Service Pack 1
    10:04:01.404    Number of processors: 4 586 0x3A09
    10:04:01.404    ComputerName: AUKERMAN-PC  UserName: Aukerman
    10:04:09.447    Initialize success
    10:04:09.816    VM: initialized successfully
    10:04:09.817    VM: Intel CPU supported
    10:04:17.063    VM: supported disk I/O iaStor.sys
    10:06:05.554    AVAST engine defs: 17010903
    10:06:20.866    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    10:06:20.870    Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
    10:06:21.043    VM: Disk 0 MBR read successfully
    10:06:21.046    Disk 0 MBR scan
    10:06:21.108    Disk 0 Windows VISTA default MBR code
    10:06:24.189    Disk 0 Partition 1 00     DE   Dell Utility DELL 4.1       39 MB offset 63
    10:06:24.254    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS        26880 MB offset 81920
    10:06:24.262    Disk 0 Boot: NTFS     code=1
    10:06:24.330    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       926948 MB offset 55132160
    10:06:24.553    Disk 0 scanning C:\Windows\system32\drivers
    10:06:52.936    Service scanning
    10:07:24.969    Modules scanning
    10:07:24.972    Disk 0 trace - called modules:
    10:07:25.084    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    10:07:25.087    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009ab9060]
    10:07:25.089    3 CLASSPNP.SYS[fffff88001d0443f] -> nt!IofCallDriver -> [0xfffffa80071e50f0]
    10:07:25.092    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071ea050]
    10:07:32.889    AVAST engine scan C:\
    11:15:40.712    File: C:\Users\Aukerman\AppData\Local\Temp\DM\Installer_for_QKTM_mhicustaller772_exe_067312\WStest.exe  **INFECTED** Win32:GenMaliciousA-HPZ [Adw]
    18:05:59.842    Disk 0 statistics 70279649/0/23958 @ 1.70 MB/s
    18:05:59.850    Scan finished successfully
    19:50:10.308    Disk 0 MBR has been saved successfully to "C:\Users\Aukerman\Desktop\MBR.dat"
    19:50:10.331    The log file has been saved successfully to "C:\Users\Aukerman\Desktop\aswMBR.txt"


     


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    Looks like it found something but it's just adware.  Not a rootkit.  I don't think it removed it so let's use a fixlist to remove the file.

    Download the attached fixlist.txt to the same location as FRST

    Attached File  fixlist.txt   342bytes   17 downloads

    Run FRST and press Fix

    A fix log will be generated please post that 
     

    • 0

    #10
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    Same result. FRST did not complete.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
    Ran by Aukerman (administrator) on AUKERMAN-PC (12-02-2017 06:39:34)
    Running from C:\Users\Aukerman\Desktop
    Loaded Profiles: Aukerman (Available Profiles: Aukerman)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Slack Technologies) C:\Users\Aukerman\AppData\Local\slack\app-2.4.1\slack.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
    HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-07] (Google Inc.)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [Google Update] => C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-15] (Google Inc.)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\RunOnce: [Uninstall C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-09]
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2017-02-08]
    ShortcutTarget: Slack.lnk -> C:\Users\Aukerman\AppData\Local\slack\slack.exe (Slack Technologies)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{3132E1A3-4DDA-41F4-97CC-79FA274A0328}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0D978EE3-6717-4A58-AD18-8A9366F78ECC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default [2017-02-12]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ujdi172x.default -> Google
    FF Homepage: Mozilla\Firefox\Profiles\ujdi172x.default -> hxxps://www.facebook.com/
    hxxps://mail.google.com/mail/?shva=1#inbox
    hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=fiZNqzggyfCvyXfC0GF0iA
    FF Extension: (Clearly) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-01-16]
    FF Extension: (LastPass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2016-12-16]
    FF Extension: (webpass) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-02-09]
    FF Extension: (Garmin Communicator) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-07] [not signed]
    FF Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-09] (LastPass)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-09] (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-06] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aukerman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
    FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3383977758-1919853078-1981122960-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-15] (Google Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/calendar/render?tab=mc#main_7"
    CHR Profile: C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
    CHR Extension: (Google Slides) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
    CHR Extension: (Google Docs) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
    CHR Extension: (Google Drive) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Adblock Plus) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
    CHR Extension: (Google Search) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Sheets) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
    CHR Extension: (Google Docs Offline) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (Chromebook Recovery Utility) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-07-01]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
    CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-07-01]
    CHR Extension: (Gmail) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
    CHR Extension: (Chrome Media Router) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
    CHR HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
    R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
    S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-08-03] (Wondershare)
    S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-08-03] (Wondershare)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-12 06:39 - 2017-02-12 06:41 - 00026166 _____ C:\Users\Aukerman\Desktop\FRST.txt
    2017-02-12 06:39 - 2017-02-12 06:39 - 00000342 _____ C:\Users\Aukerman\Desktop\fixlist.txt
    2017-02-12 06:39 - 2017-02-12 06:39 - 00000000 ____D C:\Users\Aukerman\Desktop\FRST-OlderVersion
    2017-02-12 06:30 - 2017-02-12 06:30 - 00000000 ___RD C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2017-02-11 10:03 - 2017-02-11 10:03 - 05200384 _____ (AVAST Software) C:\Users\Aukerman\Desktop\aswmbr.exe
    2017-02-11 07:46 - 2017-02-11 07:48 - 00000913 _____ C:\VEW.txt
    2017-02-11 07:45 - 2017-02-11 07:45 - 00061440 _____ ( ) C:\Users\Aukerman\Desktop\VEW.exe
    2017-02-10 11:44 - 2017-02-10 11:44 - 00002152 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2017-02-10 11:44 - 2017-02-10 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2017-02-10 07:38 - 2017-02-10 07:38 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
    2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2017-02-10 07:38 - 2017-02-10 07:38 - 00000000 ____D C:\Program Files\Speccy
    2017-02-10 07:35 - 2017-02-10 07:35 - 00006644 _____ C:\junk.txt
    2017-02-10 07:30 - 2017-02-10 07:30 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Aukerman\Desktop\procexp.exe
    2017-02-10 07:23 - 2017-02-10 07:23 - 01663040 _____ (Malwarebytes) C:\Users\Aukerman\Desktop\JRT.exe
    2017-02-10 07:14 - 2017-02-10 07:17 - 00000000 ____D C:\AdwCleaner
    2017-02-10 07:09 - 2017-02-10 07:09 - 04015056 _____ C:\Users\Aukerman\Desktop\AdwCleaner.exe
    2017-02-10 07:06 - 2017-02-10 07:06 - 00892416 _____ (Farbar) C:\Users\Aukerman\Desktop\MiniToolBox.exe
    2017-02-08 10:18 - 2017-02-08 10:18 - 00008129 _____ C:\Users\Aukerman\Downloads\student-orgs.xlsx
    2017-02-08 10:10 - 2017-02-12 06:31 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Slack
    2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
    2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\SquirrelTemp
    2017-02-08 10:10 - 2017-02-08 10:10 - 00000000 ____D C:\Users\Aukerman\AppData\Local\slack
    2017-02-07 08:51 - 2017-02-12 06:39 - 02421248 _____ (Farbar) C:\Users\Aukerman\Desktop\FRST64.exe
    2017-02-05 06:39 - 2017-02-05 06:40 - 00000000 ____D C:\FRST
    2017-02-03 15:48 - 2017-02-03 15:48 - 00134705 _____ C:\Users\Aukerman\asdf
    2017-02-03 06:50 - 2017-02-03 06:50 - 00074818 _____ C:\Users\Aukerman\Downloads\document.pdf
    2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iTunes
    2017-02-01 06:39 - 2017-02-01 06:39 - 00000000 ____D C:\Program Files\iPod
    2017-01-16 07:46 - 2017-01-16 07:46 - 00047091 _____ C:\Users\Aukerman\Downloads\Sanctuary Remodel Financial Report.xls.xlsx

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-12 06:38 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-02-12 06:38 - 2009-07-13 23:45 - 00037040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-02-12 06:37 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-12 06:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2017-02-12 06:36 - 2016-11-19 07:02 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\Mozilla
    2017-02-12 06:36 - 2012-10-06 07:54 - 00000000 ____D C:\Users\Aukerman\AppData\LocalLow\LastPass
    2017-02-12 06:31 - 2012-12-22 07:36 - 00000000 ___RD C:\Users\Aukerman\Google Drive
    2017-02-12 06:31 - 2012-09-26 18:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2017-02-12 06:30 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2017-02-12 06:30 - 2012-09-26 18:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2017-02-12 06:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-02-12 01:15 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\Bren
    2017-02-12 00:45 - 2012-09-26 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-02-11 23:04 - 2016-08-04 08:49 - 01461248 ___SH C:\Users\Aukerman\Desktop\Thumbs.db
    2017-02-11 22:08 - 2012-10-27 06:50 - 00000000 ___RD C:\Users\Aukerman\Virtual Machines
    2017-02-11 16:34 - 2012-10-06 10:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
    2017-02-11 12:04 - 2016-09-14 22:55 - 08008192 _____ C:\Users\Aukerman\Desktop\Aukerman losses.xls
    2017-02-10 11:44 - 2012-10-07 16:33 - 00000000 ____D C:\Program Files (x86)\Google
    2017-02-08 23:42 - 2016-07-26 15:28 - 00000000 ____D C:\Users\Aukerman\Desktop\Lou Ann - Choruses
    2017-02-07 07:31 - 2009-07-14 00:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-02-06 22:19 - 2013-11-27 07:03 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-02-05 07:49 - 2016-12-23 07:30 - 00310395 _____ C:\Users\Aukerman\Documents\Untitled_3549.amj
    2017-02-03 15:48 - 2012-10-06 06:27 - 00000000 ____D C:\Users\Aukerman
    2017-02-01 07:40 - 2016-12-23 07:30 - 00310379 _____ C:\Users\Aukerman\Untitled_3549.amk
    2017-02-01 06:49 - 2012-10-06 07:25 - 00000000 ___RD C:\Users\Aukerman\Desktop\John
    2017-02-01 06:39 - 2012-10-06 07:47 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-01-28 06:37 - 2016-11-18 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-01-28 06:37 - 2012-10-06 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-01-27 08:07 - 2012-10-06 07:25 - 00000000 ____D C:\Users\Aukerman\Documents\John
    2017-01-21 21:17 - 2016-08-11 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-01-18 22:57 - 2013-08-02 23:52 - 00000000 ____D C:\Users\Aukerman\Documents\Outlook Files
    2017-01-18 22:57 - 2012-10-07 16:33 - 00000000 ____D C:\Users\Aukerman\AppData\Local\Deployment
    2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\ProgramData\Package Cache
    2017-01-18 07:05 - 2013-06-01 17:34 - 00000000 ____D C:\Program Files (x86)\Garmin
    2017-01-18 07:04 - 2014-04-13 05:29 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
    2017-01-18 07:04 - 2013-06-01 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2017-01-15 07:55 - 2012-10-06 16:27 - 00000000 ____D C:\Users\Aukerman\AppData\Local\ElevatedDiagnostics

    ==================== Files in the root of some directories =======

    2003-11-10 15:27 - 2003-11-10 15:26 - 0376884 _____ () C:\Program Files\image001.bmp
    2013-11-09 08:25 - 2013-11-09 08:25 - 12767232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

    Files to move or delete:
    ====================
    C:\Users\Aukerman\jobq.dat


    Some files in TEMP:
    ====================
    2013-01-02 20:20 - 2013-01-02 20:20 - 0726016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.dll
    2013-01-02 20:20 - 2013-01-02 20:20 - 0150016 _____ (Igor Pavlov) C:\Users\Aukerman\AppData\Local\Temp\7z.exe
    2013-01-02 20:20 - 2013-01-02 20:20 - 0023477 _____ () C:\Users\Aukerman\AppData\Local\Temp\dtkill.exe
    2013-01-02 20:20 - 2013-01-02 20:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Aukerman\AppData\Local\Temp\Executor.exe
    2012-10-07 06:32 - 2012-10-07 06:32 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe-1.exe
    2012-10-07 06:29 - 2012-10-07 06:29 - 0894952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\firefoxjre_exe.exe
    2013-01-30 18:58 - 2013-01-30 18:58 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
    2013-03-01 15:00 - 2013-03-01 15:00 - 0897448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    2013-06-13 10:36 - 2013-06-13 10:36 - 0903592 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    2013-12-19 12:06 - 2013-12-19 12:06 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    2014-04-15 15:50 - 2014-04-15 15:50 - 0921512 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    2014-07-11 16:12 - 2014-07-11 16:12 - 0918952 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    2014-07-28 00:15 - 2014-07-28 00:15 - 0918440 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    2014-09-29 12:06 - 2014-09-29 12:06 - 0937896 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    2012-09-27 16:56 - 2012-09-27 16:56 - 0895464 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
    2014-12-18 12:29 - 2014-12-18 12:29 - 0641448 _____ (Oracle Corporation) C:\Users\Aukerman\AppData\Local\Temp\jre-8u31-windows-au.exe
    2014-07-25 06:17 - 2014-07-07 08:57 - 0150096 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\lowproc.exe
    2014-07-25 06:17 - 2014-07-07 08:57 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Aukerman\AppData\Local\Temp\stubhelper.dll
    2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
    2013-04-23 17:15 - 2013-04-23 17:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2010.exe
    2013-01-02 20:20 - 2013-01-02 20:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Aukerman\AppData\Local\Temp\vcredist_x86-2012.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
    Ran by Aukerman (12-02-2017 06:41:25)
    Running from C:\Users\Aukerman\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2012-10-06 11:27:00)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3383977758-1919853078-1981122960-500 - Administrator - Disabled)
    Aukerman (S-1-5-21-3383977758-1919853078-1981122960-1001 - Administrator - Enabled) => C:\Users\Aukerman
    Guest (S-1-5-21-3383977758-1919853078-1981122960-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3383977758-1919853078-1981122960-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version:  - MechCAD Software)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
    Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
    Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version:  - )
    Canon MP970 series User Registration (HKLM-x32\...\Canon MP970 series User Registration) (Version:  - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
    Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
    Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
    Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
    Google Drive plug-in 1.6.13.0 (HKLM-x32\...\{BE9B9ACB-90BC-4F9D-8952-61B33AD3AFC4}) (Version: 1.6.13.0 - Google Inc)
    Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
    Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
    MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - GVOX)
    MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version:  - )
    MusicTime Deluxe 4.0.4 UpdateTest (HKLM-x32\...\MusicTime Deluxe 4.0.4 UpdateTest 1.1) (Version: 1.1 - GVOX)
    MusicTime Updater (HKLM-x32\...\MusicTime Updater ) (Version:  - Passport Music Software LLC)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
    RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version:  - RootsMagic, Inc.)
    RootsMagic 7.0.5.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
    Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Slack (HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\slack) (Version: 2.4.1 - Slack Technologies)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    Synctunes Desktop (HKLM-x32\...\{E828D6D5-E46F-49CE-8EC8-8AA0CA852F2F}) (Version: 1.1.7 - The Bit Studio)
    TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0C6B48DD-71D2-382E-9179-C5F899B73D0D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{0CD22449-F930-33EB-85B8-2E8676284ABF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2B6AE651-7A0F-3DF5-8BAF-3AD95C19EE54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{2C047547-4685-3541-ACA4-CEA3622CDA46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{57030FCC-4D11-3303-8DCF-C72BB0D63403}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{5A63AFF1-DF22-334F-8403-C08018CF2F7E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{82186AB2-1881-42D6-B945-35087B680952}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Drive plugin for Office\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{859E1D4B-62D3-3BC2-97C3-D7221D8D0B2C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{8C773506-862F-3B84-B219-1D439AEDBE10}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{A127BC2E-6037-3719-B332-5E7C40B155F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{C124DB8B-34BE-3FBE-935B-DA807C9A42F9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{EE6FC79B-08B9-3BC6-8508-E17566B152AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{FA446C14-194B-3964-B21D-D76C4B4951AD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    Did you forget and hit the SCAN button instead of the Fix button?


    • 0

    #12
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    Yep. So let's try that again......


    • 0

    #13
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
    Ran by Aukerman (12-02-2017 06:52:46) Run:1
    Running from C:\Users\Aukerman\Desktop
    Loaded Profiles: Aukerman (Available Profiles: Aukerman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    C:\Users\Aukerman\AppData\Local\Temp\DM\Installer_for_QKTM_mhicustaller772_exe_067312\WStest.exe
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    *****************

    C:\Users\Aukerman\AppData\Local\Temp\DM\Installer_for_QKTM_mhicustaller772_exe_067312\WStest.exe => moved successfully

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


    ========= End of CMD: =========


    ==== End of Fixlog 06:52:56 ====


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    Since we know that a fixlist will work let's just continue with another one:

     

    Attached File  fixlist.txt   5.88KB   18 downloads

     

    Then let's look at Process Explorer and Speccy

     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     
    Copy the next 2 lines:
     
    TASKLIST /SVC  > \junk.txt
    notepad \junk.txt
     
    Open an Elevated Command Prompt:
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
     
     
    Right click and Paste (or Edit then Paste) and the copied lines should appear.
    Hit Enter if notepad does not open.  Copy  and paste the text from notepad into a reply. 
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
     
    First click on More Reply Options
    Then scroll down to where you see
    Choose File and click on it.  Point it at the file and hit Open.
    Now click on Attach this file.
     

     


    • 0

    #15
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
    Ran by Aukerman (12-02-2017 07:23:33) Run:2
    Running from C:\Users\Aukerman\Desktop
    Loaded Profiles: Aukerman (Available Profiles: Aukerman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\...\Run: [FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
    URLSearchHook: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> {8FFE85F0-FBB5-4047-99DE-D4523975C336} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    Toolbar: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001 -> No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} -  No File
    FF Extension: (Amazon Assistant for Firefox) - C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] [2017-01-22]
    FF SearchPlugin: C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\searchplugins\taplika.xml [2015-04-05]
    CHR Extension: (Vid-Saver) - C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2015-06-18] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/3491.xml] <==== ATTENTION
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]
    2015-04-05 06:22 - 2015-04-05 06:22 - 0000064 _____ () C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00
    C:\Users\Aukerman\jobq.dat
    2016-08-04 06:22 - 2012-07-16 03:56 - 4451144 _____ (Conduit Ltd.) C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aukerman\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CMD: dir /a c:\Windows\System32\Tasks
    EmptyTemp:
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    *****************

    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Windows\CurrentVersion\Run\\FB8404DE58F489D58488BA786D20A8695FC3AD8C._service_run => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{462be121-2b54-4218-bf00-b9bf8135b23f} => value removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FFE85F0-FBB5-4047-99DE-D4523975C336} => key not found.
    HKCR\CLSID\{8FFE85F0-FBB5-4047-99DE-D4523975C336} => key not found.
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{462BE121-2B54-4218-BF00-B9BF8135B23F} => value not found.
    HKCR\CLSID\{462BE121-2B54-4218-BF00-B9BF8135B23F} => key not found.
    C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\Extensions\[email protected] => not found.
    "C:\Users\Aukerman\AppData\Roaming\Mozilla\Firefox\Profiles\ujdi172x.default\searchplugins\taplika.xml" => not found.
    C:\Users\Aukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc <==== ATTENTION => not found
    HKLM\System\CurrentControlSet\Services\WsDrvInst => key removed successfully
    WsDrvInst => service removed successfully
    "C:\Users\Aukerman\AppData\Local\51ac827e51ff6b11f34f94806af1cf00" => not found.
    C:\Users\Aukerman\jobq.dat => moved successfully
    C:\Users\Aukerman\AppData\Local\Temp\tbWhit.dll => moved successfully
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
    HKU\S-1-5-21-3383977758-1919853078-1981122960-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully

    ========= dir /a c:\Windows\System32\Tasks =========

     Volume in drive C is Aukerman
     Volume Serial Number is 8AC6-1EF5

     Directory of c:\Windows\System32\Tasks

    01/18/2017  07:04 AM    <DIR>          .
    01/18/2017  07:04 AM    <DIR>          ..
    01/12/2017  05:23 PM             4,476 Adobe Acrobat Update Task
    01/10/2017  09:45 AM             3,768 Adobe Flash Player Updater
    03/23/2016  06:41 AM    <DIR>          Apple
    01/18/2017  07:04 AM             3,554 GarminUpdaterTask
    12/16/2016  05:37 PM             3,202 GoogleUpdateTaskMachineCore
    12/16/2016  05:37 PM             3,330 GoogleUpdateTaskMachineUA
    12/15/2016  05:24 PM             3,242 GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001Core
    12/15/2016  05:24 PM             3,514 GoogleUpdateTaskUserS-1-5-21-3383977758-1919853078-1981122960-1001UA
    04/05/2015  10:44 AM    <DIR>          Microsoft
    10/06/2012  08:21 AM    <DIR>          OfficeSoftwareProtectionPlatform
    07/25/2014  06:24 AM             3,246 RealDownloaderRealUpgradeLogonTaskS-1-5-21-3383977758-1919853078-1981122960-1001
    07/25/2014  06:24 AM             3,374 RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3383977758-1919853078-1981122960-1001
    02/11/2017  04:34 PM             3,950 User_Feed_Synchronization-{48E3D334-6C7F-48C2-BC4A-39C7FE0FA17F}
    06/16/2015  08:36 AM    <DIR>          WPD
    10/06/2012  10:44 AM             2,996 {185B82C7-FEE3-4BCA-8125-F0C8727CD3BC}
    10/06/2012  10:45 AM             2,996 {2D67BB2B-BB93-4C34-946A-4BA1DF9A81F2}
    10/06/2012  10:42 AM             2,996 {430CBEB2-88FD-4060-BEA4-3D613B3D46D4}
    10/06/2012  10:43 AM             2,996 {4369632D-C058-4D1F-A979-A6B64250645A}
    09/29/2016  10:01 AM             4,132 {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
    10/06/2012  10:45 AM             2,996 {67E69D3E-EB55-4BBD-853A-D2C6352B22EB}
    10/06/2012  10:45 AM             2,996 {A3132638-413D-455F-8636-D7A6EEF56730}
    10/06/2012  10:43 AM             2,996 {C35110BA-3994-4C57-B97B-827AEF72CDEC}
    10/06/2012  10:43 AM             2,996 {E61F0FCD-915D-4FB0-8100-F5482FBD8351}
    02/16/2013  06:57 AM             3,158 {E8FC12DF-637C-4E5D-877F-D2322AFC2077}
                  20 File(s)         66,914 bytes
                   6 Dir(s)  630,490,132,480 bytes free

    ========= End of CMD: =========


    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 226956950 B
    Java, Flash, Steam htmlcache => 38322 B
    Windows/system/drivers => 3480821075 B
    Edge => 0 B
    Chrome => 1209004484 B
    Firefox => 447605550 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 128333 B
    systemprofile32 => 88810 B
    LocalService => 16384 B
    NetworkService => 21877271 B
     

     

    Process    CPU    Private Bytes    Working Set    PID    Verified Signer
    System Idle Process    94.37    0 K    24 K    0    
    FRST64.exe    2.37    20,312 K    31,748 K    3608    (No signature was present in the subject) Farbar
    procexp(1)64.exe    1.15    32,772 K    54,944 K    7836    (Verified) Microsoft Corporation
    googledrivesync.exe    0.63    106,904 K    119,256 K    3884    (Verified) Google Inc
    Interrupts    0.30    0 K    0 K    n/a    
    System    0.24    352 K    7,576 K    4    
    firefox.exe    0.22    354,732 K    363,596 K    6332    (Verified) Mozilla Corporation
    MsMpEng.exe    0.17    141,688 K    154,156 K    532    (Verified) Microsoft Corporation
    dwm.exe    0.16    39,836 K    41,232 K    2408    (Verified) Microsoft Windows
    CarboniteService.exe    0.08    17,864 K    37,176 K    1876    (No signature was present in the subject) Carbonite, Inc. (www.carbonite.com)
    explorer.exe    0.05    87,880 K    116,320 K    2448    (Verified) Microsoft Windows
    csrss.exe    0.05    3,572 K    9,252 K    684    (Verified) Microsoft Windows
    CarboniteUI.exe    0.03    14,328 K    33,000 K    1832    (No signature was present in the subject) Carbonite, Inc.
    Toaster.exe    0.03    58,600 K    49,980 K    1816    (Verified) Dell Inc
    LMS.exe    0.02    2,444 K    5,032 K    880    (Verified) Intel Corporation
    svchost.exe    0.02    202,924 K    202,648 K    1084    (Verified) Microsoft Windows
    svchost.exe    0.01    5,076 K    10,524 K    932    (Verified) Microsoft Windows
    CCC.exe    0.01    109,172 K    22,824 K    3500    (No signature was present in the subject) ATI Technologies Inc.
    IAStorDataMgrSvc.exe    0.01    23,100 K    21,152 K    404    (Verified) Intel Corporation
    iPodService.exe    0.01    2,480 K    6,948 K    5060    (Verified) Apple Inc.
    NOBuAgent.exe    < 0.01    2,572 K    5,948 K    3952    (Verified) Symantec Corporation
    MOM.exe    < 0.01    40,140 K    5,420 K    2128    (No signature was present in the subject) Advanced Micro Devices Inc.
    slack.exe    < 0.01    184,848 K    113,324 K    3404    (Verified) Slack Technologies Inc.
    svchost.exe    < 0.01    34,300 K    52,572 K    1160    (Verified) Microsoft Windows
    lsass.exe    < 0.01    7,080 K    14,380 K    800    (Verified) Microsoft Windows
    slack.exe    < 0.01    164,024 K    243,596 K    4752    (Verified) Slack Technologies Inc.
    slack.exe    < 0.01    147,488 K    184,100 K    5888    (Verified) Slack Technologies Inc.
    svchost.exe    < 0.01    5,428 K    9,280 K    160    (Verified) Microsoft Windows
    slack.exe    < 0.01    54,684 K    53,052 K    5744    (Verified) Slack Technologies Inc.
    AppleMobileDeviceService.exe    < 0.01    4,464 K    13,008 K    1756    (Verified) Apple Inc.
    VSSVC.exe    < 0.01    2,704 K    8,320 K    8372    (Verified) Microsoft Windows
    SearchIndexer.exe    < 0.01    33,828 K    17,304 K    3596    (Verified) Microsoft Windows
    taskhost.exe    < 0.01    14,428 K    15,668 K    2168    (Verified) Microsoft Windows
    chrome.exe    < 0.01    7,416 K    18,916 K    2540    (Verified) Google Inc
    svchost.exe    < 0.01    16,260 K    18,676 K    1344    (Verified) Microsoft Windows
    WLIDSVC.EXE    < 0.01    7,880 K    15,704 K    1980    (Verified) Microsoft Corporation
    IAStorIcon.exe    < 0.01    26,660 K    24,988 K    5616    (Verified) Intel Corporation
    svchost.exe    < 0.01    17,732 K    18,332 K    3556    (Verified) Microsoft Windows
    WsAppService.exe    < 0.01    37,400 K    30,812 K    4176    (Verified) Wondershare software CO.
    iTunesHelper.exe    < 0.01    5,192 K    14,668 K    2908    (Verified) Apple Inc.
    csrss.exe    < 0.01    2,404 K    5,428 K    584    (Verified) Microsoft Windows
    svchost.exe    < 0.01    13,552 K    15,304 K    1572    (Verified) Microsoft Windows
    BtvStack.exe    < 0.01    21,412 K    24,372 K    2640    (A certificate was explicitly revoked by its issuer) Atheros Commnucations
    WUDFHost.exe        2,292 K    6,504 K    5736    (Verified) Microsoft Windows
    wmpnetwk.exe        16,648 K    13,040 K    3236    (Verified) Microsoft Windows
    WmiPrvSE.exe        4,080 K    8,196 K    5472    (Verified) Microsoft Windows
    WmiPrvSE.exe        2,916 K    6,720 K    6228    (Verified) Microsoft Windows
    WLIDSVCM.EXE        1,484 K    3,672 K    4148    (Verified) Microsoft Corporation
    wlanext.exe        2,336 K    5,872 K    1456    (Verified) Microsoft Windows
    winlogon.exe        3,772 K    8,352 K    764    (Verified) Microsoft Windows
    wininit.exe        1,800 K    4,832 K    664    (Verified) Microsoft Windows
    UNS.exe        3,860 K    10,292 K    2340    (Verified) Intel Corporation
    svchost.exe        9,592 K    18,368 K    1128    (Verified) Microsoft Windows
    svchost.exe        6,920 K    13,220 K    1960    (Verified) Microsoft Windows
    svchost.exe        2,000 K    5,116 K    2092    (Verified) Microsoft Windows
    svchost.exe        34,580 K    31,804 K    1052    (Verified) Microsoft Windows
    svchost.exe        2,900 K    6,332 K    1244    (Verified) Microsoft Windows
    svchost.exe        2,152 K    5,924 K    2572    (Verified) Microsoft Windows
    svchost.exe        2,352 K    5,948 K    4664    (Verified) Microsoft Windows
    svchost.exe        5,960 K    11,932 K    1928    (Verified) Microsoft Windows
    STService.exe        3,664 K    11,536 K    2276    (Verified) Dell Inc
    spoolsv.exe        7,676 K    14,740 K    1520    (Verified) Microsoft Windows
    smss.exe        552 K    1,256 K    396    (Verified) Microsoft Windows
    slack.exe        78,984 K    117,888 K    5172    (Verified) Slack Technologies Inc.
    slack.exe        61,276 K    78,112 K    5456    (Verified) Slack Technologies Inc.
    slack.exe        5,484 K    9,208 K    5980    (Verified) Slack Technologies Inc.
    ShwiconXP9106.exe        2,024 K    6,768 K    2952    (No signature was present in the subject) Alcor Micro Corp.
    SftService.exe        4,404 K    8,484 K    2816    (Verified) Dell Inc
    services.exe        6,092 K    9,968 K    740    (Verified) Microsoft Windows
    RtkNGUI64.exe        14,160 K    11,172 K    2596    (Verified) Realtek Semiconductor Corp
    RAVBg64.exe        15,292 K    12,336 K    2604    (Verified) Realtek Semiconductor Corp
    procexp(1).exe        2,416 K    7,824 K    9092    (Verified) Microsoft Corporation
    PresentationFontCache.exe        32,348 K    26,384 K    5960    (Verified) Microsoft Corporation
    OSPPSVC.EXE        3,696 K    11,360 K    1116    (Verified) Microsoft Corporation
    OSE.EXE        2,504 K    6,288 K    8840    (Verified) Microsoft Corporation
    NisSrv.exe        17,848 K    11,752 K    4588    (Verified) Microsoft Corporation
    msseces.exe        6,528 K    14,936 K    2828    (Verified) Microsoft Corporation
    mDNSResponder.exe        2,356 K    6,012 K    1852    (Verified) Apple Inc.
    lsm.exe        2,988 K    4,768 K    812    (Verified) Microsoft Windows
    iusb3mon.exe        1,920 K    6,096 K    2256    (Verified) Intel Corporation
    HeciServer.exe        1,928 K    5,692 K    3908    (Verified) Intel® Upgrade Service
    googledrivesync.exe        1,432 K    3,760 K    2956    (Verified) Google Inc
    GoogleCrashHandler64.exe        1,640 K    756 K    4340    (Verified) Google Inc
    GoogleCrashHandler.exe        1,516 K    668 K    4320    (Verified) Google Inc
    DSUpd.exe        15,676 K    18,368 K    4248    (Verified) Dell Inc
    conhost.exe        1,088 K    2,996 K    1464    (Verified) Microsoft Windows
    BJMYPRT.EXE        2,420 K    5,820 K    2844    (Verified) Canon Inc.
    audiodg.exe        18,440 K    19,536 K    5836    (Verified) Microsoft Windows
    atiesrxx.exe        1,708 K    4,636 K    1012    (Verified) Microsoft Windows Hardware Compatibility Publisher
    atieclxx.exe        2,588 K    6,952 K    1528    (Verified) Microsoft Windows Hardware Compatibility Publisher
    AthBtTray.exe        5,540 K    14,452 K    2652    (A certificate was explicitly revoked by its issuer) Atheros Commnucations
    Ath_WlanAgent.exe        1,312 K    4,156 K    4500    (A certificate was explicitly revoked by its issuer) Atheros
    Ath_CoexAgent.exe        2,204 K    5,704 K    4452    (A certificate was explicitly revoked by its issuer) Atheros
    armsvc.exe        1,228 K    4,124 K    1704    (Verified) Adobe Systems
    AERTSr64.exe        1,252 K    3,068 K    1728    (Verified) Andrea Electronics
    AdminService.exe        2,540 K    6,836 K    1780    (A certificate was explicitly revoked by its issuer) Atheros Commnucations

     

     

    Image Name                     PID Services                                    
    ========================= ======== ============================================
    System Idle Process              0 N/A                                         
    System                           4 N/A                                         
    smss.exe                       396 N/A                                         
    csrss.exe                      584 N/A                                         
    wininit.exe                    664 N/A                                         
    csrss.exe                      684 N/A                                         
    services.exe                   740 N/A                                         
    winlogon.exe                   764 N/A                                         
    lsass.exe                      800 EFS, KeyIso, SamSs                          
    lsm.exe                        812 N/A                                         
    svchost.exe                    932 DcomLaunch, PlugPlay, Power                 
    svchost.exe                    160 RpcEptMapper, RpcSs                         
    MsMpEng.exe                    532 MsMpSvc                                     
    atiesrxx.exe                  1012 AMD External Events Utility                 
    svchost.exe                   1052 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
    svchost.exe                   1084 AudioEndpointBuilder, hidserv, Netman,      
                                       PcaSvc, SysMain, TrkWks, UxSms, Wlansvc,    
                                       WPDBusEnum, wudfsvc                         
    svchost.exe                   1128 EventSystem, FontCache, netprofm, nsi,      
                                       WdiServiceHost                              
    svchost.exe                   1160 AeLookupSvc, Appinfo, Browser, EapHost,     
                                       IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                       ProfSvc, Schedule, SENS, ShellHWDetection,  
                                       Themes, Winmgmt, wuauserv                   
    svchost.exe                   1244 gpsvc                                       
    svchost.exe                   1344 CryptSvc, Dnscache, LanmanWorkstation,      
                                       NlaSvc                                      
    wlanext.exe                   1456 N/A                                         
    conhost.exe                   1464 N/A                                         
    spoolsv.exe                   1520 Spooler                                     
    svchost.exe                   1572 BFE, DPS, MpsSvc                            
    armsvc.exe                    1704 AdobeARMservice                             
    AERTSr64.exe                  1728 AERTFilters                                 
    AppleMobileDeviceService.     1756 Apple Mobile Device Service                 
    AdminService.exe              1780 AtherosSvc                                  
    mDNSResponder.exe             1852 Bonjour Service                             
    CarboniteService.exe          1876 CarboniteService                            
    svchost.exe                   1928 DiagTrack                                   
    svchost.exe                   1960 FDResPub, SSDPSRV, upnphost                 
    atieclxx.exe                  1528 N/A                                         
    taskhost.exe                  2168 N/A                                         
    dwm.exe                       2408 N/A                                         
    explorer.exe                  2448 N/A                                         
    RtkNGUI64.exe                 2596 N/A                                         
    RAVBg64.exe                   2604 N/A                                         
    BtvStack.exe                  2640 N/A                                         
    AthBtTray.exe                 2652 N/A                                         
    msseces.exe                   2828 N/A                                         
    BJMYPRT.EXE                   2844 N/A                                         
    iTunesHelper.exe              2908 N/A                                         
    googledrivesync.exe           2956 N/A                                         
    iusb3mon.exe                  2256 N/A                                         
    ShwiconXP9106.exe             2952 N/A                                         
    MOM.exe                       2128 N/A                                         
    CarboniteUI.exe               1832 N/A                                         
    slack.exe                     3404 N/A                                         
    CCC.exe                       3500 N/A                                         
    googledrivesync.exe           3884 N/A                                         
    HeciServer.exe                3908 Intel® Capability Licensing Service Interf
                                       ace                                         
    NOBuAgent.exe                 3952 NOBU                                        
    SftService.exe                2816 SftService                                  
    svchost.exe                   3556 stisvc                                      
    WLIDSVC.EXE                   1980 wlidsvc                                     
    Toaster.exe                   1816 N/A                                         
    STService.exe                 2276 N/A                                         
    WLIDSVCM.EXE                  4148 N/A                                         
    WsAppService.exe              4176 WsAppService                                
    DSUpd.exe                     4248 N/A                                         
    GoogleCrashHandler.exe        4320 N/A                                         
    GoogleCrashHandler64.exe      4340 N/A                                         
    Ath_CoexAgent.exe             4452 ZAtheros Bt&Wlan Coex Agent                 
    Ath_WlanAgent.exe             4500 ZAtheros Wlan Agent                         
    iPodService.exe               5060 iPod Service                                
    NisSrv.exe                    4588 NisSrv                                      
    SearchIndexer.exe             3596 WSearch                                     
    svchost.exe                   2092 bthserv                                     
    svchost.exe                   4664 PolicyAgent                                 
    IAStorIcon.exe                5616 N/A                                         
    WUDFHost.exe                  5736 N/A                                         
    slack.exe                     5744 N/A                                         
    slack.exe                     5980 N/A                                         
    slack.exe                     5172 N/A                                         
    slack.exe                     5456 N/A                                         
    slack.exe                     4752 N/A                                         
    PresentationFontCache.exe     5960 FontCache3.0.0.0                            
    slack.exe                     5888 N/A                                         
    IAStorDataMgrSvc.exe           404 IAStorDataMgrSvc                            
    LMS.exe                        880 LMS                                         
    wmpnetwk.exe                  3236 WMPNetworkSvc                               
    UNS.exe                       2340 UNS                                         
    svchost.exe                   2572 swprv                                       
    OSPPSVC.EXE                   1116 osppsvc                                     
    OSE.EXE                       8840 ose64                                       
    audiodg.exe                   5836 N/A                                         
    VSSVC.exe                     8372 VSS                                         
    FRST64.exe                    3608 N/A                                         
    WmiPrvSE.exe                  6228 N/A                                         
    SearchProtocolHost.exe        8100 N/A                                         
    SearchFilterHost.exe          6972 N/A                                         
    cmd.exe                       7772 N/A                                         
    conhost.exe                   7336 N/A                                         
    firefox.exe                   7324 N/A                                         
    WmiPrvSE.exe                  6908 N/A                                         
    svchost.exe                   7456 WerSvc                                      
    tasklist.exe                  7392 N/A                                         
     

    Attached Files


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP