[zac12345]

I just ran FarBar for the first time but don't know how to create a fix list - is there anything out there I can leverage to make one? (Or help here?) Many thanks in advance!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by Lou (administrator) on LOU-PC (19-01-2018 11:59:37)
Running from C:\Users\Lou\Desktop
Loaded Profiles: Lou (Available Profiles: Lou & Bec)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\Temp\msvcdvrsrv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Users\Lou\AppData\Local\lsacuxc\lsacuxc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
() C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
(BitTorrent Inc.) C:\Users\Lou\AppData\Local\Temp\HYD874B.tmp.1516379252_permissionsCopy\BitTorrent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [295512 2017-12-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-01] (AVAST Software)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3034223004-1617221123-39064544-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3034223004-1617221123-39064544-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-22]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-22]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-22]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E60803EC-3EF6-47A2-B5BA-0C14701C911B}: [NameServer] 82.163.142.8,95.211.158.136
Tcpip\..\Interfaces\{E60803EC-3EF6-47A2-B5BA-0C14701C911B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3034223004-1617221123-39064544-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-01] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-30] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-01] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-30] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default [2018-01-19]
CHR Extension: (Slides) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Docs) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-01]
CHR Extension: (YouTube) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-01]
CHR Extension: (AVG Secure Search) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2018-01-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-01]
CHR Extension: (Sheets) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
CHR Extension: (Gmail) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR HKU\S-1-5-21-3034223004-1617221123-39064544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3034223004-1617221123-39064544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\cgrctcgg <==== ATTENTION (Rootkit!)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-01] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-01] (AVAST Software)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [301720 2017-12-22] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7589200 2017-12-22] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]
S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [100688 2016-12-07] (Code Sector)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5618960 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-11-15] (AVG Technologies CZ, s.r.o.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-01] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-01] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-01] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-01] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-01] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-01] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-01] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-12] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-01] (AVAST Software)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [177536 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166624 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [315152 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193096 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337408 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51336 2017-12-22] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39424 2017-12-22] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139112 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102792 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76832 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1017624 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [449848 2017-12-22] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [196904 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [351128 2017-12-22] (AVG Technologies CZ, s.r.o.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2017-09-01] () [File not signed]
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-19 11:59 - 2018-01-19 12:00 - 000017956 _____ C:\Users\Lou\Desktop\FRST.txt
2018-01-19 11:58 - 2018-01-19 11:59 - 000000000 ____D C:\FRST
2018-01-19 11:58 - 2018-01-19 11:58 - 002393088 _____ (Farbar) C:\Users\Lou\Desktop\FRST64.exe
2018-01-19 11:58 - 2018-01-19 11:58 - 000000000 ____D C:\Users\Lou\Downloads\FRST-OlderVersion
2018-01-19 11:43 - 2018-01-19 11:43 - 000004942 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lou-PC-Lou Lou-PC
2018-01-19 11:34 - 2018-01-19 11:34 - 000006594 _____ C:\Users\Lou\Desktop\fixlist.txt
2018-01-19 11:20 - 2018-01-19 11:20 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-19 11:16 - 2018-01-19 11:16 - 000113488 _____ C:\Windows\system32\Drivers\winwzdgj.sys
2018-01-19 11:10 - 2018-01-19 11:16 - 000000000 ____D C:\AdwCleaner
2018-01-19 11:09 - 2018-01-19 11:09 - 008206624 _____ (Malwarebytes) C:\Users\Lou\Downloads\adwcleaner_7.0.7.0.exe
2018-01-19 11:02 - 2018-01-19 11:22 - 000000000 ____D C:\ProgramData\MCShield
2018-01-19 11:02 - 2018-01-19 11:02 - 002856736 _____ (MyCity) C:\Users\Lou\Downloads\MCShield-Setup.exe
2018-01-19 11:02 - 2018-01-19 11:02 - 000001076 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2018-01-19 11:02 - 2018-01-19 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2018-01-19 11:02 - 2018-01-19 11:02 - 000000000 ____D C:\Program Files (x86)\MCShield
2018-01-19 09:44 - 2018-01-19 09:44 - 000000000 ___HT C:\Windows\wusa.lock
2018-01-19 09:44 - 2018-01-19 09:44 - 000000000 ____D C:\c50d521370edaeae0fdb72bf1eff
2018-01-12 07:47 - 2018-01-19 11:26 - 000000000 ____D C:\Users\Lou\AppData\Roaming\BitTorrent
2018-01-12 07:47 - 2018-01-12 07:47 - 000000867 _____ C:\Users\Lou\Desktop\BitTorrent.lnk
2018-01-12 07:47 - 2018-01-12 07:47 - 000000847 _____ C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-01-12 07:46 - 2018-01-12 07:46 - 002870880 _____ (BitTorrent Inc.) C:\Users\Lou\Downloads\BitTorrent (1).exe
2018-01-06 10:09 - 2018-01-19 11:27 - 000000000 ____D C:\Users\Lou\AppData\LocalLow\BitTorrent
2018-01-05 21:49 - 2018-01-05 21:49 - 000000000 ____D C:\3979af9ab3fe48bef909
2018-01-01 15:57 - 2018-01-01 15:57 - 000000000 ____D C:\1a5e0f77ec97fc91c7f0ab
2018-01-01 15:41 - 2018-01-01 15:41 - 000000000 ____D C:\7e8be5e3042bcbe0fdffc5dd470306
2018-01-01 15:39 - 2018-01-01 15:39 - 002630064 _____ C:\Users\Lou\Downloads\Adaware_Installer.exe
2018-01-01 15:39 - 2018-01-01 15:39 - 000000000 ____D C:\ProgramData\adaware
2018-01-01 15:36 - 2018-01-01 15:36 - 000000000 ____D C:\Users\Lou\AppData\Roaming\AVAST Software
2018-01-01 15:35 - 2018-01-12 07:19 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-01 15:35 - 2018-01-12 07:19 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151575955558002
2018-01-01 15:35 - 2018-01-01 15:35 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-01 15:35 - 2018-01-01 15:35 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys.151575955558002
2018-01-01 15:35 - 2018-01-01 15:35 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-01 15:35 - 2018-01-01 15:35 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-01 15:35 - 2018-01-01 15:35 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-01 15:35 - 2018-01-01 15:35 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-01-01 15:35 - 2018-01-01 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-01-01 15:35 - 2018-01-01 15:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-01 15:33 - 2018-01-05 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-01 15:33 - 2018-01-01 15:33 - 006654960 _____ (AVAST Software) C:\Users\Lou\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2018-01-01 15:33 - 2018-01-01 15:33 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-31 10:07 - 2018-01-19 12:00 - 015466496 _____ C:\Windows\system32\config\HARDWARE
2017-12-31 10:07 - 2018-01-19 11:17 - 014884864 _____ C:\Windows\system32\config\SYSTEM
2017-12-22 10:08 - 2017-12-22 10:08 - 000366800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-19 11:57 - 2017-09-01 08:01 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-01-19 11:30 - 2017-09-01 14:45 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-01-19 11:30 - 2009-07-13 23:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-19 11:30 - 2009-07-13 23:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-19 11:27 - 2016-12-28 18:24 - 000000000 ___SD C:\Users\Lou\AppData\LocalLow\Temp
2018-01-19 11:25 - 2017-11-11 15:04 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-19 11:24 - 2017-09-01 08:07 - 000000000 ____D C:\Users\Lou\AppData\Local\lsacuxc
2018-01-19 11:18 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-19 10:02 - 2017-09-02 19:16 - 000000000 ____D C:\Users\Lou\AppData\Local\ElevatedDiagnostics
2018-01-05 11:43 - 2017-09-01 16:37 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-05 11:43 - 2017-09-01 16:37 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-22 10:15 - 2016-12-25 12:25 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-12-22 10:08 - 2017-11-19 11:00 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-12-22 10:08 - 2017-11-11 14:25 - 000177536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2017-12-22 10:08 - 2017-09-02 20:45 - 000196904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000449848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000351128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-12-22 10:07 - 2017-06-10 14:03 - 001017624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000337408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000315152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000193096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys

==================== Files in the root of some directories =======

2017-09-22 19:14 - 2017-09-22 19:14 - 000003584 _____ () C:\Users\Lou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-01 07:54 - 2017-09-01 07:54 - 000014848 _____ () C:\Users\Lou\AppData\Local\s64prt.dll

Some files in TEMP:
====================
2017-09-22 20:31 - 2017-09-22 20:31 - 034589584 _____ (Ellora Assets Corporation                                   ) C:\Users\Lou\AppData\Local\Temp\FreemakeVideoConverterFull.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-24 03:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Lou (19-01-2018 12:00:41)
Running from C:\Users\Lou\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-12-24 03:42:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3034223004-1617221123-39064544-500 - Administrator - Disabled)
Bec (S-1-5-21-3034223004-1617221123-39064544-1003 - Limited - Enabled) => C:\Users\Bec
Guest (S-1-5-21-3034223004-1617221123-39064544-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3034223004-1617221123-39064544-1002 - Limited - Enabled)
Lou (S-1-5-21-3034223004-1617221123-39064544-1000 - Administrator - Enabled) => C:\Users\Lou

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{82B9AF2D-4254-428A-9D1E-7714BA91A4B0}) (Version: 16.76.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
AVStoDVD 2.8.6 (HKLM-x32\...\AVStoDVD) (Version: 2.8.6 - MrC)
BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version:  - )
BitTorrent (HKU\S-1-5-21-3034223004-1617221123-39064544-1000\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VSDC Free Video Editor version 5.7.3.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.3.644 - Flash-Integro LLC)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3034223004-1617221123-39064544-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-01] (AVAST Software)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.)
ContextMenuHandlers2_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File
ContextMenuHandlers6_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B5EF319-DDF8-4648-9371-D9C7522E810E} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-13] (WinZip)
Task: {0EBA541F-7DA7-4918-8C32-73A70D11B83D} - System32\Tasks\k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe
Task: {10529AB3-1ACE-44B2-9369-20127414DCDF} - System32\Tasks\Sak49614734k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe
Task: {117CCEB6-6D04-4E5F-9D45-9A43276EA826} - \57792256 -> No File <==== ATTENTION
Task: {1350C5D9-9415-4067-A8BE-1599031C2B78} - System32\Tasks\{D7EC4CB2-A619-400C-A8D8-3F2B68A4E41C} => C:\Windows\system32\pcalua.exe -a I:\Lou\Network\sp60242.exe -d I:\Lou\Network
Task: {1E23A938-BBE4-4299-A054-7676F254CA99} - \Sa4961473449614734 -> No File <==== ATTENTION
Task: {28E21E50-C250-43C3-B813-825A0C8032C6} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-13] (WinZip Computing, S.L.)
Task: {38D76EE3-ECFD-4224-826D-9C83747E5DFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {3E38009B-C6C0-4374-89AA-CAE8D764C4FA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-12-22] (AVG Technologies CZ, s.r.o.)
Task: {44D8106A-E789-4989-946E-56ECCDCB20EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {450C89C2-C2E2-4D9B-9458-9A167D7EDA48} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {45C4EB2F-32E9-4ABA-AD56-376E2F4B0379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4935C88A-208D-4FC9-9476-98E3EA235A69} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {54D4806C-DDCF-4A6B-B2E8-70E6BF5B424D} - \49614734 -> No File <==== ATTENTION
Task: {64302A05-8856-4B13-BA4D-0B59C29CE6A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.)
Task: {64877FFD-5C4E-4395-92F4-C67441754D17} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {698D2ADD-325D-4E5B-B6FA-6B872C1C1162} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {789179FD-574D-4106-9283-D0DF561448AC} - System32\Tasks\7412240 => C:\Program Files (x86)\Semites\sarto.exe <==== ATTENTION
Task: {7B41D227-83B5-473B-A2FF-03D39176215D} - System32\Tasks\sc0ObBznDTuC => sc0obbzndtuc.exe
Task: {8DEB2FC8-20CE-45C6-A4E9-09876D3A1CA0} - System32\Tasks\Sa74122407412240 => C:\Program Files (x86)\Semites\sarto.exe
Task: {944EB060-DA78-47DA-8CAF-ABD97D98A705} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-01] (AVAST Software)
Task: {BD957673-8DFB-4A66-A6E6-D10620D465AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-01] (Adobe Systems Incorporated)
Task: {D4A6F8BF-FE19-4F4C-B6F8-80FB04BB0EF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.)
Task: {DD575BAA-993D-4370-9C88-79FB64C232D6} - \Sa5779225657792256 -> No File <==== ATTENTION
Task: {E31366CD-A082-4764-B8A6-55F20C22D05A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Lou-PC-Lou Lou-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {E9D9E81E-03F6-4A0C-B794-D8DA168121A6} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.)
Task: {FCC0E94D-2F8F-4DF9-90CC-D027538E8D20} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2016-12-04] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-01 15:35 - 2018-01-01 15:35 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2014-01-23 08:05 - 2014-01-23 08:05 - 008878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-12-25 13:00 - 2016-12-07 16:40 - 003681104 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2016-12-25 13:00 - 2015-04-21 23:10 - 001736192 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2017-08-20 14:57 - 2017-08-20 14:57 - 000885760 _____ () C:\Users\Lou\AppData\Local\lsacuxc\lsacuxc.exe
2017-08-20 11:38 - 2017-08-20 11:38 - 001087488 _____ () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
2018-01-05 11:42 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-05 11:42 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-19 09:41 - 2018-01-19 09:41 - 005779600 _____ () C:\Program Files\AVAST Software\Avast\defs\18011900\algo.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-01 15:35 - 2018-01-01 15:35 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\Lou\AppData\Local\lsacuxc\libegl.dll
2017-12-22 10:07 - 2017-12-22 10:07 - 000059136 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-12-22 10:07 - 2017-12-22 10:07 - 000207272 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\Lou\AppData\Local\lsacuxc\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-09-01 08:01 - 000001282 _____ C:\Windows\system32\Drivers\etc\hosts

162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3034223004-1617221123-39064544-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.142.8 - 95.211.158.136
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{555026F6-B90E-4DED-8F2E-41F00C913140}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{20D7B379-521F-44A4-BD9D-FB5416828C35}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{40560992-C981-474C-BAF7-28C62134FA5D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{031A52E4-D2BB-48E4-B6BC-70E43E772581}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{BB7E3242-33AC-4079-B9B6-BB3BE5124DFB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4F079ACE-74DD-480B-8AE3-4432C8E11E0E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3440DA5E-0EBA-477A-AF5E-C454CA9132F4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B7EA92AB-2656-40ED-9462-0BD9B95A39C2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9AA45ABA-1251-486C-A8E1-D72BC6B2542C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{D3BEABAE-01CC-4717-967A-63B64A9722A5}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{F5989675-1CC1-49A2-A26C-168B729C43FD}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{755E7A13-130D-4739-BCA1-162149347393}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{FFB18940-DB52-4C17-B55C-EE3966B50B98}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{C1E5F4DE-D714-42E6-9207-AC3124EE3DDF}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{040ED177-8A2F-484C-8F15-6A6FE6832492}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{4CD511A3-F8DC-4FAD-BE2D-DBC49D7B6934}] => (Allow) C:\Program Files (x86)\Lola\sarto.exe
FirewallRules: [{A7ECC88C-BF8B-42D8-9FC6-499BD772BAD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC67C5D0-DDC6-4F4D-A372-34C400A857BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19FA2CAD-BC40-448C-A984-A85FE763F26F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{41E3C948-B6D1-42EB-B484-5B9B8C35363E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2060E859-83B8-4958-B571-46EE26DAD3FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{DEC6CADD-6348-418B-B430-E5A3C9C7F2E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{33FCEEB2-20BB-40B0-8AA7-16C852AD84F4}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{E007FBF9-95B9-44CE-A189-D8C83E856483}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{9096CE1C-4D43-40B2-A919-9ACC5D892F9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{63D6C5A5-CD06-456E-9A5D-93C8F43284FC}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B2F60DF0-2B62-4094-8E4D-672240EDAE81}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe

==================== Restore Points =========================

11-11-2017 19:48:58 Installed DirectX
01-01-2018 15:40:25 AA11
01-01-2018 15:51:18 AA11
01-01-2018 15:57:02 AA11
05-01-2018 21:47:48 AA11
19-01-2018 09:42:40 AA11

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2018 11:46:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1014

Start Time: 01d391447d472934

Termination Time: 5

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 431ff243-fd38-11e7-8ee2-78e3b5bc5285

Error: (01/19/2018 11:42:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4b0

Start Time: 01d3914449256009

Termination Time: 7

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: ad117bf3-fd37-11e7-8ee2-78e3b5bc5285

Error: (01/19/2018 10:02:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitTorrent.exe version 7.10.0.44091 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b4

Start Time: 01d3913648f2a55c

Termination Time: 0

Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe

Report Id: bf739c60-fd29-11e7-83b6-78e3b5bc5285

Error: (01/12/2018 12:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x00000000000532d0
Faulting process id: 0x980
Faulting application start time: 0x01d38bc2b4f88a45
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1b7f60ae-f7bc-11e7-9fe8-78e3b5bc5285

Error: (01/12/2018 11:46:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitTorrent.exe version 7.10.0.44091 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 518

Start Time: 01d38bc4c256e532

Termination Time: 16

Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe

Report Id: 1dc3bfb1-f7b8-11e7-9fe8-78e3b5bc5285

Error: (01/12/2018 08:35:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitTorrent.exe version 7.10.0.44091 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bf4

Start Time: 01d38ba3866abcff

Termination Time: 12

Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe

Report Id: 6c8b4e48-f79d-11e7-bbd5-78e3b5bc5285

Error: (01/12/2018 08:33:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winbidy.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x3b4
Faulting application start time: 0x01d38ba49ca41830
Faulting application path: C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
Faulting module path: unknown
Report Id: 3e65ff04-f79d-11e7-bbd5-78e3b5bc5285

Error: (01/06/2018 12:00:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitTorrent.exe version 7.10.0.43917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 468

Start Time: 01d3870fdb93b0eb

Termination Time: 18

Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe

Report Id: 1f58714e-f303-11e7-a8ab-78e3b5bc5285

Error: (01/06/2018 10:10:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitTorrent.exe version 7.10.0.43917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 888

Start Time: 01d387006a0432be

Termination Time: 0

Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe

Report Id: ace7115b-f2f3-11e7-a8ab-78e3b5bc5285

Error: (01/06/2018 10:09:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitTorrent.exe version 7.10.0.43917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1914

Start Time: 01d3870059960b39

Termination Time: 7

Application Path: C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe

Report Id: a1e3e72c-f2f3-11e7-a8ab-78e3b5bc5285


System errors:
=============
Error: (01/19/2018 11:21:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2018 11:19:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG PC TuneUp Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/19/2018 11:19:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (01/19/2018 11:18:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/19/2018 11:18:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Antivirus service failed to start due to the following error:
The requested resource is in use.

Error: (01/19/2018 11:16:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (01/19/2018 11:16:51 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/19/2018 11:16:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (01/19/2018 11:16:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll

Error: (01/19/2018 11:16:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\RAIHV.dll


CodeIntegrity:
===================================
  Date: 2018-01-19 09:44:17.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-05 21:48:36.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-01 15:57:26.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-01 15:51:39.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-01 15:40:53.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.2.889.11556\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A8-5500 APU with Radeon™ HD Graphics
Percentage of memory in use: 86%
Total physical RAM: 7575.3 MB
Available physical RAM: 1014.64 MB
Total Virtual: 15148.79 MB
Available Virtual: 7871.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1558.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2396A167)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files

•  FRST.txt   28.16KB   194 downloads
•  Addition.txt   34.52KB   198 downloads

[Advertisements]

FRST says you have a rootkit so this is going to take several tries.

 

First uninstall the stuff that got you in trouble & AVG since you have Avast and one Anti-Virus is all you want.:

 

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)

BitTorrent

MCShield ::Anti-Malware Tool:

Steam
TeraCopy 3.0

WinZip 21.0

 

Now boot into Safe Mode with Networking:

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

 

Now

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that.

PC will reboot.

Open Avast.   Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours so I usually let it run while I sleep.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 

Also try MBAR:

 

https://www.malwareb...om/antirootkit/

 

Just click on the download button and follow instructions.
 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

[RKinner]

FRST says you have a rootkit so this is going to take several tries.

 

First uninstall the stuff that got you in trouble & AVG since you have Avast and one Anti-Virus is all you want.:

 

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)

BitTorrent

MCShield ::Anti-Malware Tool:

Steam
TeraCopy 3.0

WinZip 21.0

 

Now boot into Safe Mode with Networking:

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

 

Now

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that.

PC will reboot.

Open Avast.   Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours so I usually let it run while I sleep.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 

Also try MBAR:

 

https://www.malwareb...om/antirootkit/

 

Just click on the download button and follow instructions.
 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

[zac12345]

First and foremost, THANK YOU for taking the time to look at this. I greatly appreciate it.  I inadvertently uninstalled Avast when removing the list of programs, i re-installed bu can't get the interface to open (this is no different than how it performed prior to my accidental uninstall).

 

In any event, I was able to follow the other instructions, here are the updated logs - thanks again; i attached all the FRST files saved

Attached Files

•  FRST.txt   18.59KB   232 downloads
•  Addition.txt   28.49KB   217 downloads
•  Fixlog.txt   19.67KB   196 downloads
•  fixlist.txt   13.17KB   274 downloads

[RKinner]

Appears this one is not going to go easily.

 

Can you boot into Safe Mode with Networking?

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

Then run another FRST scan with Addition.txt checked?

 

Also:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.