Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01 Ran by Lou (19-01-2018 12:00:41) Running from C:\Users\Lou\Desktop Windows 7 Professional Service Pack 1 (X64) (2016-12-24 03:42:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3034223004-1617221123-39064544-500 - Administrator - Disabled) Bec (S-1-5-21-3034223004-1617221123-39064544-1003 - Limited - Enabled) => C:\Users\Bec Guest (S-1-5-21-3034223004-1617221123-39064544-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3034223004-1617221123-39064544-1002 - Limited - Enabled) Lou (S-1-5-21-3034223004-1617221123-39064544-1000 - Administrator - Enabled) => C:\Users\Lou ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software) AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies) AVG PC TuneUp (HKLM-x32\...\{82B9AF2D-4254-428A-9D1E-7714BA91A4B0}) (Version: 16.76.2 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies) AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.) AVStoDVD 2.8.6 (HKLM-x32\...\AVStoDVD) (Version: 2.8.6 - MrC) BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version: - ) BitTorrent (HKU\S-1-5-21-3034223004-1617221123-39064544-1000\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version: - Code Sector) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) VSDC Free Video Editor version 5.7.3.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.3.644 - Flash-Integro LLC) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3034223004-1617221123-39064544-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-22] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] () ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.) ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] () ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] () ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-22] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] () ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.) ContextMenuHandlers2_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ContextMenuHandlers4_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ContextMenuHandlers5_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ContextMenuHandlers6_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B5EF319-DDF8-4648-9371-D9C7522E810E} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-13] (WinZip) Task: {0EBA541F-7DA7-4918-8C32-73A70D11B83D} - System32\Tasks\k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe Task: {10529AB3-1ACE-44B2-9369-20127414DCDF} - System32\Tasks\Sak49614734k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe Task: {117CCEB6-6D04-4E5F-9D45-9A43276EA826} - \57792256 -> No File <==== ATTENTION Task: {1350C5D9-9415-4067-A8BE-1599031C2B78} - System32\Tasks\{D7EC4CB2-A619-400C-A8D8-3F2B68A4E41C} => C:\Windows\system32\pcalua.exe -a I:\Lou\Network\sp60242.exe -d I:\Lou\Network Task: {1E23A938-BBE4-4299-A054-7676F254CA99} - \Sa4961473449614734 -> No File <==== ATTENTION Task: {28E21E50-C250-43C3-B813-825A0C8032C6} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-13] (WinZip Computing, S.L.) Task: {38D76EE3-ECFD-4224-826D-9C83747E5DFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {3E38009B-C6C0-4374-89AA-CAE8D764C4FA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-12-22] (AVG Technologies CZ, s.r.o.) Task: {44D8106A-E789-4989-946E-56ECCDCB20EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {450C89C2-C2E2-4D9B-9458-9A167D7EDA48} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software) Task: {45C4EB2F-32E9-4ABA-AD56-376E2F4B0379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4935C88A-208D-4FC9-9476-98E3EA235A69} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {54D4806C-DDCF-4A6B-B2E8-70E6BF5B424D} - \49614734 -> No File <==== ATTENTION Task: {64302A05-8856-4B13-BA4D-0B59C29CE6A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.) Task: {64877FFD-5C4E-4395-92F4-C67441754D17} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation) Task: {698D2ADD-325D-4E5B-B6FA-6B872C1C1162} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {789179FD-574D-4106-9283-D0DF561448AC} - System32\Tasks\7412240 => C:\Program Files (x86)\Semites\sarto.exe <==== ATTENTION Task: {7B41D227-83B5-473B-A2FF-03D39176215D} - System32\Tasks\sc0ObBznDTuC => sc0obbzndtuc.exe Task: {8DEB2FC8-20CE-45C6-A4E9-09876D3A1CA0} - System32\Tasks\Sa74122407412240 => C:\Program Files (x86)\Semites\sarto.exe Task: {944EB060-DA78-47DA-8CAF-ABD97D98A705} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-01] (AVAST Software) Task: {BD957673-8DFB-4A66-A6E6-D10620D465AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-01] (Adobe Systems Incorporated) Task: {D4A6F8BF-FE19-4F4C-B6F8-80FB04BB0EF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.) Task: {DD575BAA-993D-4370-9C88-79FB64C232D6} - \Sa5779225657792256 -> No File <==== ATTENTION Task: {E31366CD-A082-4764-B8A6-55F20C22D05A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Lou-PC-Lou Lou-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation) Task: {E9D9E81E-03F6-4A0C-B794-D8DA168121A6} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.) Task: {FCC0E94D-2F8F-4DF9-90CC-D027538E8D20} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2016-12-04] (Advanced Micro Devices, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-01-01 15:35 - 2018-01-01 15:35 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2014-01-23 08:05 - 2014-01-23 08:05 - 008878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-12-25 13:00 - 2016-12-07 16:40 - 003681104 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll 2016-12-25 13:00 - 2015-04-21 23:10 - 001736192 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll 2017-08-20 14:57 - 2017-08-20 14:57 - 000885760 _____ () C:\Users\Lou\AppData\Local\lsacuxc\lsacuxc.exe 2017-08-20 11:38 - 2017-08-20 11:38 - 001087488 _____ () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe 2018-01-05 11:42 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll 2018-01-05 11:42 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll 2018-01-19 09:41 - 2018-01-19 09:41 - 005779600 _____ () C:\Program Files\AVAST Software\Avast\defs\18011900\algo.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-01-01 15:35 - 2018-01-01 15:35 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libcef.dll 2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libglesv2.dll 2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libegl.dll 2017-12-22 10:07 - 2017-12-22 10:07 - 000059136 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll 2017-12-22 10:07 - 2017-12-22 10:07 - 000207272 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\Lou\AppData\Local\lsacuxc\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2017-09-01 08:01 - 000001282 _____ C:\Windows\system32\Drivers\etc\hosts 162.222.193.86 aoaomo.tremorhub.com 188.95.50.62 bobomo.tremorhub.com 162.222.193.86 www.howcast.com 162.222.193.86 howcast.com 162.222.193.86 www.ustream.tv 162.222.193.86 ustream.tv 162.222.193.86 www.livestream.com 162.222.193.86 livestream.com 162.222.193.86 www.dailymotion.com 162.222.193.86 dailymotion.com 192.192.3.8 www.virustotal.com 192.192.3.8 virustotal.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3034223004-1617221123-39064544-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 82.163.142.8 - 95.211.158.136 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{555026F6-B90E-4DED-8F2E-41F00C913140}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{20D7B379-521F-44A4-BD9D-FB5416828C35}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{40560992-C981-474C-BAF7-28C62134FA5D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{031A52E4-D2BB-48E4-B6BC-70E43E772581}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{BB7E3242-33AC-4079-B9B6-BB3BE5124DFB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4F079ACE-74DD-480B-8AE3-4432C8E11E0E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{3440DA5E-0EBA-477A-AF5E-C454CA9132F4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B7EA92AB-2656-40ED-9462-0BD9B95A39C2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{9AA45ABA-1251-486C-A8E1-D72BC6B2542C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{D3BEABAE-01CC-4717-967A-63B64A9722A5}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{F5989675-1CC1-49A2-A26C-168B729C43FD}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{755E7A13-130D-4739-BCA1-162149347393}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{FFB18940-DB52-4C17-B55C-EE3966B50B98}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{C1E5F4DE-D714-42E6-9207-AC3124EE3DDF}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{040ED177-8A2F-484C-8F15-6A6FE6832492}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{4CD511A3-F8DC-4FAD-BE2D-DBC49D7B6934}] => (Allow) C:\Program Files (x86)\Lola\sarto.exe FirewallRules: [{A7ECC88C-BF8B-42D8-9FC6-499BD772BAD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CC67C5D0-DDC6-4F4D-A372-34C400A857BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{19FA2CAD-BC40-448C-A984-A85FE763F26F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{41E3C948-B6D1-42EB-B484-5B9B8C35363E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{2060E859-83B8-4958-B571-46EE26DAD3FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{DEC6CADD-6348-418B-B430-E5A3C9C7F2E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [TCP Query User{33FCEEB2-20BB-40B0-8AA7-16C852AD84F4}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [UDP Query User{E007FBF9-95B9-44CE-A189-D8C83E856483}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{9096CE1C-4D43-40B2-A919-9ACC5D892F9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{63D6C5A5-CD06-456E-9A5D-93C8F43284FC}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B2F60DF0-2B62-4094-8E4D-672240EDAE81}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe ==================== Restore Points ========================= 11-11-2017 19:48:58 Installed DirectX 01-01-2018 15:40:25 AA11 01-01-2018 15:51:18 AA11 01-01-2018 15:57:02 AA11 05-01-2018 21:47:48 AA11 19-01-2018 09:42:40 AA11 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/19/2018 11:46:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1014 Start Time: 01d391447d472934 Termination Time: 5 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 431ff243-fd38-11e7-8ee2-78e3b5bc5285 Error: (01/19/2018 11:42:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4b0 Start Time: 01d3914449256009 Termination Time: 7 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: ad117bf3-fd37-11e7-8ee2-78e3b5bc5285 Error: (01/19/2018 10:02:48 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BitTorrent.exe version 7.10.0.44091 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 13b4 Start Time: 01d3913648f2a55c Termination Time: 0 Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe Report Id: bf739c60-fd29-11e7-83b6-78e3b5bc5285 Error: (01/12/2018 12:14:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000532d0 Faulting process id: 0x980 Faulting application start time: 0x01d38bc2b4f88a45 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 1b7f60ae-f7bc-11e7-9fe8-78e3b5bc5285 Error: (01/12/2018 11:46:48 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BitTorrent.exe version 7.10.0.44091 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 518 Start Time: 01d38bc4c256e532 Termination Time: 16 Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe Report Id: 1dc3bfb1-f7b8-11e7-9fe8-78e3b5bc5285 Error: (01/12/2018 08:35:19 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BitTorrent.exe version 7.10.0.44091 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bf4 Start Time: 01d38ba3866abcff Termination Time: 12 Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe Report Id: 6c8b4e48-f79d-11e7-bbd5-78e3b5bc5285 Error: (01/12/2018 08:33:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: winbidy.exe, version: 1.0.1.5, time stamp: 0x59991256 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x3b4 Faulting application start time: 0x01d38ba49ca41830 Faulting application path: C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe Faulting module path: unknown Report Id: 3e65ff04-f79d-11e7-bbd5-78e3b5bc5285 Error: (01/06/2018 12:00:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BitTorrent.exe version 7.10.0.43917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 468 Start Time: 01d3870fdb93b0eb Termination Time: 18 Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe Report Id: 1f58714e-f303-11e7-a8ab-78e3b5bc5285 Error: (01/06/2018 10:10:07 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BitTorrent.exe version 7.10.0.43917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 888 Start Time: 01d387006a0432be Termination Time: 0 Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe Report Id: ace7115b-f2f3-11e7-a8ab-78e3b5bc5285 Error: (01/06/2018 10:09:49 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BitTorrent.exe version 7.10.0.43917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1914 Start Time: 01d3870059960b39 Termination Time: 7 Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe Report Id: a1e3e72c-f2f3-11e7-a8ab-78e3b5bc5285 System errors: ============= Error: (01/19/2018 11:21:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (01/19/2018 11:19:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AVG PC TuneUp Service service failed to start due to the following error: The requested resource is in use. Error: (01/19/2018 11:19:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (01/19/2018 11:18:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AVG Service service failed to start due to the following error: The requested resource is in use. Error: (01/19/2018 11:18:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AVG Antivirus service failed to start due to the following error: The requested resource is in use. Error: (01/19/2018 11:16:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure. Error: (01/19/2018 11:16:51 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (01/19/2018 11:16:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\RAIHV.dll Error: (01/19/2018 11:16:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\RAIHV.dll Error: (01/19/2018 11:16:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\RAIHV.dll CodeIntegrity: =================================== Date: 2018-01-19 09:44:17.431 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-05 21:48:36.692 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-01 15:57:26.744 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-01 15:51:39.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-01 15:40:53.638 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 86% Total physical RAM: 7575.3 MB Available physical RAM: 1014.64 MB Total Virtual: 15148.79 MB Available Virtual: 7871.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:1558.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2396A167) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================