Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by Arkadius13 (10-11-2017 02:45:41) Running from C:\Users\Arkadius13\Desktop\FRST64 Windows 7 Home Premium Service Pack 1 (X64) (2017-09-18 13:49:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1244120915-4039251266-820905754-500 - Administrator - Disabled) Arkadius13 (S-1-5-21-1244120915-4039251266-820905754-1000 - Administrator - Enabled) => C:\Users\Arkadius13 Guest (S-1-5-21-1244120915-4039251266-820905754-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1244120915-4039251266-820905754-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated) Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) ASUS Gamer OSD (HKLM-x32\...\{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}) (Version: 3.03.1130 - ASUSTeK COMPUTER INC.) ASUS nVidia Driver (HKLM-x32\...\{2DD388FF-6422-43C9-86A1-C7A99C83E946}) (Version: 5.00.0000 - Nazwa firmy) Hidden ASUS Utilities (HKLM-x32\...\{1BA7B068-4719-42A3-B553-D4ED97434F92}) (Version: 1.00.0000 - Nazwa firmy) Hidden ATI AVIVO64 Codecs (HKLM\...\{ABCF7983-3860-318E-EB24-E89E8AEC1967}) (Version: 11.6.0.50825 - ATI Technologies Inc.) Hidden Atom (HKU\S-1-5-21-1244120915-4039251266-820905754-1000\...\atom) (Version: 1.21.1 - GitHub Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software) Backup and Sync from Google (HKLM-x32\...\{604582EB-8259-4ED6-9B1B-6F2494D4B640}) (Version: 3.37.7411.4599 - Google, Inc.) BitComet 1.47 (HKLM-x32\...\BitComet_x64) (Version: 1.47 - CometNetwork) CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Detektor Winampa (HKU\S-1-5-21-1244120915-4039251266-820905754-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Free MKV to AVI Converter (32-bit) 1.7 (HKLM-x32\...\{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1) (Version: 1.7 - Jacek Pazera) Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.58.912 - Digital Wave Ltd) Git version 2.14.3 (HKLM\...\Git_is1) (Version: 2.14.3 - The Git Development Community) GitHub Desktop (HKU\S-1-5-21-1244120915-4039251266-820905754-1000\...\GitHubDesktop) (Version: 1.0.5 - GitHub, Inc.) GitHub Desktop Machine-Wide Installer (HKLM-x32\...\{0FC12B67-D1B1-47CD-9A5D-ED54FE3ED5C4}) (Version: 1.0.5 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.) Google Cloud SDK (HKU\S-1-5-21-1244120915-4039251266-820905754-1000\...\Google Cloud SDK) (Version: - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HydraVision (HKLM-x32\...\{DA54D3F7-4915-1A37-7EA8-2741F05B77AC}) (Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) K-Lite Mega Codec Pack 11.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.5 - ) Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LiveReload (HKU\S-1-5-21-1244120915-4039251266-820905754-1000\...\7ec527eb7361b1c2) (Version: 0.9.4.0 - LiveReload) Malwarebytes Anti-Exploit version 1.10.2.41 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.2.41 - Malwarebytes) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Mozilla Firefox 56.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 56.0.2 (x64 pl)) (Version: 56.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.4.0 - Mozilla) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) SmartFTP Client (HKLM\...\{225FCD14-238A-4C7F-98ED-A33C40AA0A1F}) (Version: 8.0.2353.0 - SmartSoft Ltd.) Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) Telegram Desktop version 1.1.23 (HKU\S-1-5-21-1244120915-4039251266-820905754-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP) Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC) Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC) Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC) Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC) Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC) Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC) Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC) Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC) Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.0 - Topaz Labs, LLC) Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC) Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WordPress.com (HKLM-x32\...\WordPress.com) (Version: - Automattic, Inc.) XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - XviD Development Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software) ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-10-17] (SmartSoft Ltd.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google) ContextMenuHandlers1: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-10-17] (SmartSoft Ltd.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google) ContextMenuHandlers4: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-10-17] (SmartSoft Ltd.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-29] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AA565BC-0FD2-496D-B8BF-D99C16DA4B67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd) Task: {23C5501C-4F94-4965-9DAA-5994A3969199} - System32\Tasks\{8FD0006B-67AC-4D6E-8062-23377D49D6E0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsUpdInstaller.exe" -d "C:\Program Files (x86)\Wondershare\WAF\2.4.2.223" Task: {28BCCF59-AD59-4126-B07C-08C64BA4F881} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: ) Task: {39476EE7-407E-4B71-8ADA-B0E8C35A8AD2} - System32\Tasks\WinThruster64-Arkadius13-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION Task: {3E94C0B4-C632-459E-A4C5-44D5406C4063} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-27] (Google Inc.) Task: {4E005BF8-A2A2-41AE-863D-90FD1BB14EBE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) Task: {66C1997E-28FA-4295-88C3-2E8C25DAC158} - System32\Tasks\{D4D4AF06-9CF1-4A95-911A-D3894148878B} => C:\Windows\system32\pcalua.exe -a C:\Users\Arkadius13\Desktop\fo-fs112\fo-fs112.exe -d C:\Users\Arkadius13\Desktop\fo-fs112 Task: {8231271E-47FB-4424-96D7-A07A9F4AD6C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-27] (Google Inc.) Task: {87668741-C5C8-462E-96E5-ABE3CC249C79} - System32\Tasks\WinThruster64-Arkadius13-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION Task: {903E6C59-F1A5-49F8-B086-90B855C42AC7} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2010-08-31] () Task: {9F5A4746-94A2-443E-83EA-94622902C92D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-29] (Adobe Systems Incorporated) Task: {A3D03595-E2B3-4227-B472-70218BBEEF5F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-09] (AVAST Software) Task: {FEC0972A-8ED8-4AD4-8FDE-338CD4B0836C} - System32\Tasks\update-S-1-5-21-1244120915-4039251266-820905754-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: ) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-1244120915-4039251266-820905754-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\WinThruster64-Arkadius13-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION Task: C:\Windows\Tasks\WinThruster64-Arkadius13-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Arkadius13\Desktop\PROCODER\Google Cloud SDK Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Arkadius13\AppData\Local\Google\Cloud SDK\cloud_env.bat"" ShortcutWithArgument: C:\Users\Arkadius13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Cloud SDK\Google Cloud SDK Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Arkadius13\AppData\Local\Google\Cloud SDK\cloud_env.bat"" ShortcutWithArgument: C:\Users\Arkadius13\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" ShortcutWithArgument: C:\Users\Arkadius13\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============== 2010-08-31 04:04 - 2010-08-31 04:04 - 000355640 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2017-11-09 22:51 - 2017-11-09 22:51 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2010-08-31 04:04 - 2010-08-31 04:04 - 000113976 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe 2013-04-29 22:25 - 2013-04-29 22:25 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-06-18 14:49 - 2013-06-18 14:49 - 000016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-04-29 22:08 - 2013-04-29 22:08 - 000369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll 2017-11-09 22:48 - 2017-11-09 22:48 - 005883064 _____ () C:\Program Files\AVAST Software\Avast\defs\17110902\algo.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2017-09-22 01:04 - 2017-08-28 08:11 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll 2017-09-22 01:05 - 2017-08-28 08:11 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll 2017-09-22 01:05 - 2017-08-28 08:11 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll 2017-09-22 01:05 - 2017-08-28 08:11 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll 2010-08-30 11:13 - 2010-08-30 11:13 - 000061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2010-08-30 08:24 - 2010-08-30 08:24 - 000061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2010-08-30 08:24 - 2010-08-30 08:24 - 000229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2010-08-30 08:24 - 2010-08-30 08:24 - 000139264 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2010-08-30 08:25 - 2010-08-30 08:25 - 000262144 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2010-07-27 06:37 - 2010-07-27 06:37 - 000013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll 2010-05-28 08:32 - 2010-05-28 08:32 - 000069632 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll 2017-09-22 01:05 - 2017-09-12 16:22 - 000042984 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\jansson.dll 2017-11-05 03:44 - 2017-11-05 03:44 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-11-09 22:51 - 2017-11-09 22:51 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2010-05-28 08:32 - 2010-05-28 08:32 - 000061440 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll 2010-05-28 08:32 - 2010-05-28 08:32 - 000135168 _____ () C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll 2012-11-16 13:59 - 2012-11-16 13:59 - 000090112 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPlk.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1244120915-4039251266-820905754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Arkadius13\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{935A20CF-BD56-464C-B8E4-7C3EF0FF3CBC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F725906B-F1AE-4299-BCB6-070E58A948EC}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{C9C612E1-C0EC-4D77-8710-7F7F9E60CCD8}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{F2449DEB-B101-4A8E-A76D-1D22D3ED247D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{97A2E3F7-149E-4516-B6D7-36CF953D2E3E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{36D7FBDB-1DD1-49A6-A104-6E1BF3CC5BA0}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{F17754CF-8D29-426A-A141-63E2B8CA9C8A}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [TCP Query User{72FBACA0-74E3-452B-9698-078F472FD651}C:\program files (x86)\asus\gamerosd\sbs.exe] => (Block) C:\program files (x86)\asus\gamerosd\sbs.exe FirewallRules: [UDP Query User{D6003EF8-7B9A-47CF-920C-D4C530C173DC}C:\program files (x86)\asus\gamerosd\sbs.exe] => (Block) C:\program files (x86)\asus\gamerosd\sbs.exe FirewallRules: [{69A9F6D8-0295-448A-A760-753F812A8961}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{40012F69-6B24-4D08-942B-0C3CB9486763}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{3938D43B-0F4C-43BF-BFDF-4BAB4047FF72}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{2D4AF9A3-D180-4537-BB62-81F2722C1424}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{99D55D03-DD9E-45BC-8EE9-74581314AF02}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{A56DE1AC-F871-4B86-80A8-5F5B2A0F7EB4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [TCP Query User{F1BEBC16-C3D5-4932-B3F7-2F0A827D7BC9}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe FirewallRules: [UDP Query User{869F925C-B9D7-4FFC-B748-F500B2B1A034}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe FirewallRules: [TCP Query User{507DB4C2-1F5A-49A2-BCAF-C196F03D93EC}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe FirewallRules: [UDP Query User{C6C22CBD-52F0-4DBF-A981-8CEF7859291D}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe FirewallRules: [{FF2B53B5-DC36-4F99-B0EB-7FA8D1343189}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{8960A7AD-BD77-4F2D-BF6F-361F9D0811FC}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{9EDD9327-0AC8-464E-BDC9-DD2D2F513B78}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{8CB51544-687B-4876-88F5-39A740AA4762}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{13371FEE-05C1-4D30-A16C-A31DBC3AEA61}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{BD643EB1-E7B7-4825-9424-0F2D41E9928C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{EF7D60D8-7851-44B7-8176-9C998CA9F431}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe FirewallRules: [{871EBB42-4F31-4F5B-B4CE-E57DD70D5220}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{3632D010-72D3-42AA-A434-DCD827F98375}C:\users\arkadius13\appdata\local\apps\2.0\d7bm7dtp.6g2\r7w7d4e7.z4w\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe] => (Allow) C:\users\arkadius13\appdata\local\apps\2.0\d7bm7dtp.6g2\r7w7d4e7.z4w\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe FirewallRules: [UDP Query User{12AC19DF-75C5-4112-BD80-0516B5FF552D}C:\users\arkadius13\appdata\local\apps\2.0\d7bm7dtp.6g2\r7w7d4e7.z4w\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe] => (Allow) C:\users\arkadius13\appdata\local\apps\2.0\d7bm7dtp.6g2\r7w7d4e7.z4w\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe ==================== Restore Points ========================= 03-11-2017 11:01:44 Windows Update 05-11-2017 03:51:59 Removed AVG 05-11-2017 03:54:02 Removed AVG 2016 07-11-2017 03:00:12 Windows Update 08-11-2017 02:50:36 Removed Backup and Sync from Google ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/10/2017 01:17:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/10/2017 12:37:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2017 10:47:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2017 09:39:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2017 02:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/09/2017 02:25:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ATKFUSService.exe, version: 7.14.10.303, time stamp: 0x46e903da Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0x320 Faulting application start time: 0x01d3595e34d5aa71 Faulting application path: C:\Windows\system32\ATKFUSService.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7a15bb70-c551-11e7-a771-001fc6d54725 Error: (11/08/2017 08:21:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/08/2017 05:46:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WinRAR.exe, version: 5.50.0.0, time stamp: 0x598db6d0 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4 Exception code: 0xc000000d Fault offset: 0x00000000000ca4e5 Faulting process id: 0x141c Faulting application start time: 0x01d3584c7d29aec2 Faulting application path: C:\Program Files\WinRAR\WinRAR.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: cb650a44-c43f-11e7-9e1d-001fc6d54725 Error: (11/08/2017 02:49:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/08/2017 02:47:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ATKFUSService.exe, version: 7.14.10.303, time stamp: 0x46e903da Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0x31c Faulting application start time: 0x01d358338b92d3e0 Faulting application path: C:\Windows\system32\ATKFUSService.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: d12d4a2b-c426-11e7-9e1d-001fc6d54725 System errors: ============= Error: (11/10/2017 01:17:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ATK Fast User Switch Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/10/2017 01:17:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare Driver Install Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/10/2017 12:36:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ATK Fast User Switch Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/10/2017 12:36:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare Driver Install Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/09/2017 10:46:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ATK Fast User Switch Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/09/2017 10:46:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare Driver Install Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/09/2017 09:38:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ATK Fast User Switch Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/09/2017 09:38:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare Driver Install Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/09/2017 02:25:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ATK Fast User Switch Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/09/2017 02:25:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare Driver Install Service service failed to start due to the following error: The system cannot find the file specified. ==================== Memory info =========================== Processor: AMD Athlon(tm) Dual Core Processor 4450e Percentage of memory in use: 25% Total physical RAM: 7167.24 MB Available physical RAM: 5325.05 MB Total Virtual: 14332.66 MB Available Virtual: 12407.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:416.39 GB) (Free:235.89 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Lokale schijf (D:)) (Fixed) (Total:48.83 GB) (Free:6.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DF0413F9) Partition 1: (Active) - (Size=416.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) Partition 3: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================