Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018 Ran by Lou (26-01-2018 08:45:42) Running from C:\Users\Lou\Desktop Windows 7 Professional Service Pack 1 (X64) (2016-12-24 03:42:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3034223004-1617221123-39064544-500 - Administrator - Disabled) Bec (S-1-5-21-3034223004-1617221123-39064544-1003 - Limited - Enabled) => C:\Users\Bec Guest (S-1-5-21-3034223004-1617221123-39064544-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3034223004-1617221123-39064544-1002 - Limited - Enabled) Lou (S-1-5-21-3034223004-1617221123-39064544-1000 - Administrator - Enabled) => C:\Users\Lou ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software) AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\{82B9AF2D-4254-428A-9D1E-7714BA91A4B0}) (Version: 16.76.2 - AVG Technologies) Hidden AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.) AVStoDVD 2.8.6 (HKLM-x32\...\AVStoDVD) (Version: 2.8.6 - MrC) BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version: - ) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) VSDC Free Video Editor version 5.7.3.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.3.644 - Flash-Integro LLC) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-26] (AVAST Software) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-26] (AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-26] (AVAST Software) ContextMenuHandlers1-x32: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2017-12-22] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-26] (AVAST Software) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-26] (AVAST Software) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-26] (AVAST Software) ContextMenuHandlers2_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ContextMenuHandlers4_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ContextMenuHandlers5_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ContextMenuHandlers6_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0EBA541F-7DA7-4918-8C32-73A70D11B83D} - System32\Tasks\k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe Task: {10529AB3-1ACE-44B2-9369-20127414DCDF} - System32\Tasks\Sak49614734k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe Task: {117CCEB6-6D04-4E5F-9D45-9A43276EA826} - \57792256 -> No File <==== ATTENTION Task: {1350C5D9-9415-4067-A8BE-1599031C2B78} - System32\Tasks\{D7EC4CB2-A619-400C-A8D8-3F2B68A4E41C} => C:\Windows\system32\pcalua.exe -a I:\Lou\Network\sp60242.exe -d I:\Lou\Network Task: {1E23A938-BBE4-4299-A054-7676F254CA99} - \Sa4961473449614734 -> No File <==== ATTENTION Task: {38D76EE3-ECFD-4224-826D-9C83747E5DFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {3E38009B-C6C0-4374-89AA-CAE8D764C4FA} - \Antivirus Emergency Update -> No File <==== ATTENTION Task: {44D8106A-E789-4989-946E-56ECCDCB20EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {45C4EB2F-32E9-4ABA-AD56-376E2F4B0379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4935C88A-208D-4FC9-9476-98E3EA235A69} - \AVG EUpdate Task -> No File <==== ATTENTION Task: {54D4806C-DDCF-4A6B-B2E8-70E6BF5B424D} - \49614734 -> No File <==== ATTENTION Task: {64302A05-8856-4B13-BA4D-0B59C29CE6A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.) Task: {64877FFD-5C4E-4395-92F4-C67441754D17} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation) Task: {698D2ADD-325D-4E5B-B6FA-6B872C1C1162} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {789179FD-574D-4106-9283-D0DF561448AC} - System32\Tasks\7412240 => C:\Program Files (x86)\Semites\sarto.exe <==== ATTENTION Task: {7B41D227-83B5-473B-A2FF-03D39176215D} - System32\Tasks\sc0ObBznDTuC => sc0obbzndtuc.exe Task: {8DEB2FC8-20CE-45C6-A4E9-09876D3A1CA0} - System32\Tasks\Sa74122407412240 => C:\Program Files (x86)\Semites\sarto.exe Task: {BD957673-8DFB-4A66-A6E6-D10620D465AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-01] (Adobe Systems Incorporated) Task: {D4A6F8BF-FE19-4F4C-B6F8-80FB04BB0EF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.) Task: {DD575BAA-993D-4370-9C88-79FB64C232D6} - \Sa5779225657792256 -> No File <==== ATTENTION Task: {E31366CD-A082-4764-B8A6-55F20C22D05A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Lou-PC-Lou Lou-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation) Task: {E9D9E81E-03F6-4A0C-B794-D8DA168121A6} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.) Task: {FCC0E94D-2F8F-4DF9-90CC-D027538E8D20} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2016-12-04] (Advanced Micro Devices, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-01-23 08:05 - 2014-01-23 08:05 - 008878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2017-08-20 14:57 - 2017-08-20 14:57 - 000885760 _____ () C:\Users\Lou\AppData\Local\lsacuxc\lsacuxc.exe 2017-08-20 11:38 - 2017-08-20 11:38 - 001087488 _____ () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe 2018-01-26 08:10 - 2018-01-26 08:10 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2018-01-26 08:10 - 2018-01-26 08:10 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2018-01-26 08:10 - 2018-01-26 08:10 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll 2018-01-26 08:10 - 2018-01-26 08:10 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-01-26 08:10 - 2018-01-26 08:10 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2018-01-26 08:10 - 2018-01-26 08:10 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libcef.dll 2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libglesv2.dll 2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libegl.dll 2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\Lou\AppData\Local\lsacuxc\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2017-09-01 08:01 - 000001282 _____ C:\Windows\system32\Drivers\etc\hosts 162.222.193.86 aoaomo.tremorhub.com 188.95.50.62 bobomo.tremorhub.com 162.222.193.86 www.howcast.com 162.222.193.86 howcast.com 162.222.193.86 www.ustream.tv 162.222.193.86 ustream.tv 162.222.193.86 www.livestream.com 162.222.193.86 livestream.com 162.222.193.86 www.dailymotion.com 162.222.193.86 dailymotion.com 192.192.3.8 www.virustotal.com 192.192.3.8 virustotal.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3034223004-1617221123-39064544-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{555026F6-B90E-4DED-8F2E-41F00C913140}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{20D7B379-521F-44A4-BD9D-FB5416828C35}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{40560992-C981-474C-BAF7-28C62134FA5D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{031A52E4-D2BB-48E4-B6BC-70E43E772581}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{BB7E3242-33AC-4079-B9B6-BB3BE5124DFB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4F079ACE-74DD-480B-8AE3-4432C8E11E0E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{3440DA5E-0EBA-477A-AF5E-C454CA9132F4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B7EA92AB-2656-40ED-9462-0BD9B95A39C2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{9AA45ABA-1251-486C-A8E1-D72BC6B2542C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{D3BEABAE-01CC-4717-967A-63B64A9722A5}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{F5989675-1CC1-49A2-A26C-168B729C43FD}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{755E7A13-130D-4739-BCA1-162149347393}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{FFB18940-DB52-4C17-B55C-EE3966B50B98}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{C1E5F4DE-D714-42E6-9207-AC3124EE3DDF}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{040ED177-8A2F-484C-8F15-6A6FE6832492}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{4CD511A3-F8DC-4FAD-BE2D-DBC49D7B6934}] => (Allow) C:\Program Files (x86)\Lola\sarto.exe FirewallRules: [{A7ECC88C-BF8B-42D8-9FC6-499BD772BAD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CC67C5D0-DDC6-4F4D-A372-34C400A857BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{19FA2CAD-BC40-448C-A984-A85FE763F26F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{41E3C948-B6D1-42EB-B484-5B9B8C35363E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{2060E859-83B8-4958-B571-46EE26DAD3FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{DEC6CADD-6348-418B-B430-E5A3C9C7F2E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [TCP Query User{33FCEEB2-20BB-40B0-8AA7-16C852AD84F4}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [UDP Query User{E007FBF9-95B9-44CE-A189-D8C83E856483}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{9096CE1C-4D43-40B2-A919-9ACC5D892F9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{63D6C5A5-CD06-456E-9A5D-93C8F43284FC}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B2F60DF0-2B62-4094-8E4D-672240EDAE81}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe ==================== Restore Points ========================= 01-01-2018 15:40:25 AA11 01-01-2018 15:51:18 AA11 01-01-2018 15:57:02 AA11 05-01-2018 21:47:48 AA11 19-01-2018 09:42:40 AA11 26-01-2018 08:00:55 Removed WinZip 21.0 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/26/2018 08:11:35 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswVmm. System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSnx. System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswRvrt. System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswRdr. System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt. System Error: The system cannot find the file specified. . Error: (01/26/2018 08:00:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswHdsKe. System Error: The system cannot find the file specified. . System errors: ============= Error: (01/26/2018 08:40:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/26/2018 08:40:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. Error: (01/26/2018 08:38:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (01/26/2018 08:38:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (01/26/2018 08:37:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AVG PC TuneUp Service service failed to start due to the following error: The requested resource is in use. Error: (01/26/2018 08:37:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (01/26/2018 08:33:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/26/2018 08:33:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. Error: (01/26/2018 08:32:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (01/26/2018 08:31:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2018-01-19 09:44:17.431 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-05 21:48:36.692 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-01 15:57:26.744 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-01 15:51:39.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. Date: 2018-01-01 15:40:53.638 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 60% Total physical RAM: 7575.3 MB Available physical RAM: 2993.23 MB Total Virtual: 15148.79 MB Available Virtual: 10661.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:1566.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2396A167) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================