Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01 Ran by Lou (administrator) on LOU-PC (19-01-2018 11:59:37) Running from C:\Users\Lou\Desktop Loaded Profiles: Lou (Available Profiles: Lou & Bec) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\Temp\msvcdvrsrv.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Users\Lou\AppData\Local\lsacuxc\lsacuxc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe (BitTorrent Inc.) C:\Users\Lou\AppData\Local\Temp\HYD874B.tmp.1516379252_permissionsCopy\BitTorrent.exe (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\msdt.exe (Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard ) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [295512 2017-12-22] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-01] (AVAST Software) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3034223004-1617221123-39064544-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-3034223004-1617221123-39064544-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-22] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-22] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-22] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E60803EC-3EF6-47A2-B5BA-0C14701C911B}: [NameServer] 82.163.142.8,95.211.158.136 Tcpip\..\Interfaces\{E60803EC-3EF6-47A2-B5BA-0C14701C911B}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3034223004-1617221123-39064544-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-30] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-01] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-30] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-01] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-30] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> mysearch.avg.com CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms} CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR Profile: C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default [2018-01-19] CHR Extension: (Slides) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19] CHR Extension: (Docs) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19] CHR Extension: (Google Drive) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-01] CHR Extension: (YouTube) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-01] CHR Extension: (AVG Secure Search) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2018-01-19] CHR Extension: (Adobe Acrobat) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-01] CHR Extension: (Sheets) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19] CHR Extension: (Google Docs Offline) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01] CHR Extension: (Gmail) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-01] CHR Extension: (Chrome Media Router) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] CHR HKU\S-1-5-21-3034223004-1617221123-39064544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3034223004-1617221123-39064544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\cgrctcgg <==== ATTENTION (Rootkit!) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-01] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-01] (AVAST Software) S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [301720 2017-12-22] (AVG Technologies CZ, s.r.o.) S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7589200 2017-12-22] (AVG Technologies CZ, s.r.o.) S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed] S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed] S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [100688 2016-12-07] (Code Sector) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5618960 2017-11-15] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-11-15] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-11-15] (AVG Technologies CZ, s.r.o.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-01] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-01] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-01] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-01] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-01] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-01] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-01] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-12] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-01] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-01] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-01] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-12] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-01] (AVAST Software) R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [177536 2017-12-22] (AVG Technologies CZ, s.r.o.) R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166624 2017-12-22] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [315152 2017-12-22] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193096 2017-12-22] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337408 2017-12-22] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51336 2017-12-22] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39424 2017-12-22] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139112 2017-12-22] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102792 2017-12-22] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76832 2017-12-22] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1017624 2017-12-22] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [449848 2017-12-22] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [196904 2017-12-22] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [351128 2017-12-22] (AVG Technologies CZ, s.r.o.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.) S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2017-09-01] () [File not signed] R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.) U1 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-19 11:59 - 2018-01-19 12:00 - 000017956 _____ C:\Users\Lou\Desktop\FRST.txt 2018-01-19 11:58 - 2018-01-19 11:59 - 000000000 ____D C:\FRST 2018-01-19 11:58 - 2018-01-19 11:58 - 002393088 _____ (Farbar) C:\Users\Lou\Desktop\FRST64.exe 2018-01-19 11:58 - 2018-01-19 11:58 - 000000000 ____D C:\Users\Lou\Downloads\FRST-OlderVersion 2018-01-19 11:43 - 2018-01-19 11:43 - 000004942 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lou-PC-Lou Lou-PC 2018-01-19 11:34 - 2018-01-19 11:34 - 000006594 _____ C:\Users\Lou\Desktop\fixlist.txt 2018-01-19 11:20 - 2018-01-19 11:20 - 000000000 ____D C:\ProgramData\SWCUTemp 2018-01-19 11:16 - 2018-01-19 11:16 - 000113488 _____ C:\Windows\system32\Drivers\winwzdgj.sys 2018-01-19 11:10 - 2018-01-19 11:16 - 000000000 ____D C:\AdwCleaner 2018-01-19 11:09 - 2018-01-19 11:09 - 008206624 _____ (Malwarebytes) C:\Users\Lou\Downloads\adwcleaner_7.0.7.0.exe 2018-01-19 11:02 - 2018-01-19 11:22 - 000000000 ____D C:\ProgramData\MCShield 2018-01-19 11:02 - 2018-01-19 11:02 - 002856736 _____ (MyCity) C:\Users\Lou\Downloads\MCShield-Setup.exe 2018-01-19 11:02 - 2018-01-19 11:02 - 000001076 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk 2018-01-19 11:02 - 2018-01-19 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield 2018-01-19 11:02 - 2018-01-19 11:02 - 000000000 ____D C:\Program Files (x86)\MCShield 2018-01-19 09:44 - 2018-01-19 09:44 - 000000000 ___HT C:\Windows\wusa.lock 2018-01-19 09:44 - 2018-01-19 09:44 - 000000000 ____D C:\c50d521370edaeae0fdb72bf1eff 2018-01-12 07:47 - 2018-01-19 11:26 - 000000000 ____D C:\Users\Lou\AppData\Roaming\BitTorrent 2018-01-12 07:47 - 2018-01-12 07:47 - 000000867 _____ C:\Users\Lou\Desktop\BitTorrent.lnk 2018-01-12 07:47 - 2018-01-12 07:47 - 000000847 _____ C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2018-01-12 07:46 - 2018-01-12 07:46 - 002870880 _____ (BitTorrent Inc.) C:\Users\Lou\Downloads\BitTorrent (1).exe 2018-01-06 10:09 - 2018-01-19 11:27 - 000000000 ____D C:\Users\Lou\AppData\LocalLow\BitTorrent 2018-01-05 21:49 - 2018-01-05 21:49 - 000000000 ____D C:\3979af9ab3fe48bef909 2018-01-01 15:57 - 2018-01-01 15:57 - 000000000 ____D C:\1a5e0f77ec97fc91c7f0ab 2018-01-01 15:41 - 2018-01-01 15:41 - 000000000 ____D C:\7e8be5e3042bcbe0fdffc5dd470306 2018-01-01 15:39 - 2018-01-01 15:39 - 002630064 _____ C:\Users\Lou\Downloads\Adaware_Installer.exe 2018-01-01 15:39 - 2018-01-01 15:39 - 000000000 ____D C:\ProgramData\adaware 2018-01-01 15:36 - 2018-01-01 15:36 - 000000000 ____D C:\Users\Lou\AppData\Roaming\AVAST Software 2018-01-01 15:35 - 2018-01-12 07:19 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-01-01 15:35 - 2018-01-12 07:19 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151575955558002 2018-01-01 15:35 - 2018-01-01 15:35 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-01-01 15:35 - 2018-01-01 15:35 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys.151575955558002 2018-01-01 15:35 - 2018-01-01 15:35 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-01-01 15:35 - 2018-01-01 15:35 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-01-01 15:35 - 2018-01-01 15:35 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2018-01-01 15:35 - 2018-01-01 15:35 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-01-01 15:35 - 2018-01-01 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2018-01-01 15:35 - 2018-01-01 15:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2018-01-01 15:33 - 2018-01-05 16:15 - 000000000 ____D C:\ProgramData\AVAST Software 2018-01-01 15:33 - 2018-01-01 15:33 - 006654960 _____ (AVAST Software) C:\Users\Lou\Downloads\avast_free_antivirus_setup_online_cnet2.exe 2018-01-01 15:33 - 2018-01-01 15:33 - 000000000 ____D C:\Program Files\AVAST Software 2017-12-31 10:07 - 2018-01-19 12:00 - 015466496 _____ C:\Windows\system32\config\HARDWARE 2017-12-31 10:07 - 2018-01-19 11:17 - 014884864 _____ C:\Windows\system32\config\SYSTEM 2017-12-22 10:08 - 2017-12-22 10:08 - 000366800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-19 11:57 - 2017-09-01 08:01 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2018-01-19 11:30 - 2017-09-01 14:45 - 000000000 _____ C:\Windows\SysWOW64\last.dump 2018-01-19 11:30 - 2009-07-13 23:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-01-19 11:30 - 2009-07-13 23:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-01-19 11:27 - 2016-12-28 18:24 - 000000000 ___SD C:\Users\Lou\AppData\LocalLow\Temp 2018-01-19 11:25 - 2017-11-11 15:04 - 000000000 ____D C:\Program Files (x86)\Steam 2018-01-19 11:24 - 2017-09-01 08:07 - 000000000 ____D C:\Users\Lou\AppData\Local\lsacuxc 2018-01-19 11:18 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-19 10:02 - 2017-09-02 19:16 - 000000000 ____D C:\Users\Lou\AppData\Local\ElevatedDiagnostics 2018-01-05 11:43 - 2017-09-01 16:37 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-05 11:43 - 2017-09-01 16:37 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-12-22 10:15 - 2016-12-25 12:25 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-12-22 10:08 - 2017-11-19 11:00 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys 2017-12-22 10:08 - 2017-11-11 14:25 - 000177536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys 2017-12-22 10:08 - 2017-09-02 20:45 - 000196904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys 2017-12-22 10:08 - 2017-06-10 14:03 - 000449848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys 2017-12-22 10:08 - 2017-06-10 14:03 - 000351128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys 2017-12-22 10:08 - 2017-06-10 14:03 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys 2017-12-22 10:08 - 2017-06-10 14:03 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys 2017-12-22 10:08 - 2017-06-10 14:03 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys 2017-12-22 10:08 - 2017-06-10 14:03 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update 2017-12-22 10:07 - 2017-06-10 14:03 - 001017624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys 2017-12-22 10:06 - 2017-06-10 14:03 - 000337408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys 2017-12-22 10:06 - 2017-06-10 14:03 - 000315152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys 2017-12-22 10:06 - 2017-06-10 14:03 - 000193096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys 2017-12-22 10:06 - 2017-06-10 14:03 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys 2017-12-22 10:06 - 2017-06-10 14:03 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys ==================== Files in the root of some directories ======= 2017-09-22 19:14 - 2017-09-22 19:14 - 000003584 _____ () C:\Users\Lou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-09-01 07:54 - 2017-09-01 07:54 - 000014848 _____ () C:\Users\Lou\AppData\Local\s64prt.dll Some files in TEMP: ==================== 2017-09-22 20:31 - 2017-09-22 20:31 - 034589584 _____ (Ellora Assets Corporation ) C:\Users\Lou\AppData\Local\Temp\FreemakeVideoConverterFull.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-24 03:14 ==================== End of FRST.txt ============================