API tools faq
paste
Guest User

Untitled

a guest
Aug 12th, 2017
429
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.90 KB | None | 0 0
raw download clone embed print report
  1. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
  2. Ran by User (12-08-2017 13:38:28)
  3. Running from C:\Users\User\Desktop
  4. Windows 10 Pro Version 1703 (X64) (2017-05-08 23:04:45)
  5. Boot Mode: Normal
  6. ==========================================================
  7.  
  8.  
  9. ==================== Accounts: =============================
  10.  
  11. Administrator (S-1-5-21-73300378-2398947947-2795111270-500 - Administrator - Disabled)
  12. DefaultAccount (S-1-5-21-73300378-2398947947-2795111270-503 - Limited - Disabled)
  13. defaultuser0 (S-1-5-21-73300378-2398947947-2795111270-1000 - Limited - Disabled)
  14. Guest (S-1-5-21-73300378-2398947947-2795111270-501 - Limited - Disabled)
  15. User (S-1-5-21-73300378-2398947947-2795111270-1001 - Administrator - Enabled) => C:\Users\User
  16.  
  17. ==================== Security Center ========================
  18.  
  19. (If an entry is included in the fixlist, it will be removed.)
  20.  
  21. AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  22. AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
  23. AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
  24. AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
  25. AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  26. AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
  27. FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
  28.  
  29. ==================== Installed Programs ======================
  30.  
  31. (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
  32.  
  33. 7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
  34. Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
  35. Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
  36. Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
  37. AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1897, 26.06.2017 - AIMP DevTeam)
  38. AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
  39. AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
  40. CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
  41. Convertilla 0.6 (HKLM-x32\...\Convertilla_is1) (Version: 0.6.1.33 - Convertilla)
  42. CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
  43. D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
  44. FMW 1 (HKLM\...\{1DA9CD4A-687F-4075-A828-0A3ACB901438}) (Version: 1.222.1 - AVG Technologies) Hidden
  45. FormatFactory 4.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.1.0.0 - Free Time)
  46. Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
  47. Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
  48. Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
  49. HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
  50. iCare Data Recovery Pro Free Edition (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 8.0.0 - iCareAll Inc.)
  51. Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
  52. Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
  53. Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
  54. K-Lite Codec Pack 10.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
  55. Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
  56. Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
  57. Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
  58. Microsoft OneDrive (HKU\S-1-5-21-73300378-2398947947-2795111270-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
  59. Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
  60. Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
  61. Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
  62. Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
  63. Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
  64. Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
  65. Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
  66. Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
  67. Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
  68. oCam version 414.0 (HKLM-x32\...\oCam_is1) (Version: 414.0 - hxxp://ohsoft.net/)
  69. Opera Stable 47.0.2631.39 (HKLM-x32\...\Opera 47.0.2631.39) (Version: 47.0.2631.39 - Opera Software)
  70. PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
  71. Potplayer (HKLM-x32\...\PotPlayer) (Version: - Daum Kakao Corp.)
  72. Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
  73. Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
  74. Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
  75. TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
  76. Viber (HKLM-x32\...\{A2493BD0-D9CC-4818-BA08-23A1D61D5083}) (Version: 6.8.5.1318 - Viber Media Inc.) Hidden
  77. Viber (HKU\S-1-5-21-73300378-2398947947-2795111270-1001\...\{91f70fae-0d33-4d99-9dc6-82bc860c483d}) (Version: 6.8.5.1318 - Viber Media Inc.)
  78. Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
  79. WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
  80. Wondershare Filmora(Build 7.8.9) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
  81. Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
  82. Wondershare Video Converter Pro(Build 9.0.2.1) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 9.0.2.1 - Wondershare Software)
  83.  
  84. ==================== Custom CLSID (Whitelisted): ==========================
  85.  
  86. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  87.  
  88. ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
  89. ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
  90. ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
  91. ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-08-10] (AVG Technologies CZ, s.r.o.)
  92. ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-03-15] ()
  93. ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-03-15] ()
  94. ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] ()
  95. ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
  96. ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
  97. ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
  98. ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
  99. ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-03-15] ()
  100. ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-03-15] ()
  101. ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
  102. ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxDTCM.dll [2016-11-01] (Intel Corporation)
  103. ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
  104. ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-08-10] (AVG Technologies CZ, s.r.o.)
  105. ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
  106. ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-03-15] ()
  107. ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-03-15] ()
  108.  
  109. ==================== Scheduled Tasks (Whitelisted) =============
  110.  
  111. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  112.  
  113. Task: {07BAD3D0-9C03-4601-B0B2-EDAB5D1036F8} - \uuxHwpnMkRCRpJh -> No File <==== ATTENTION
  114. Task: {0BA53C46-50B0-4A4F-8F74-636753888E29} - System32\Tasks\update-S-1-5-21-73300378-2398947947-2795111270-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
  115. Task: {2358B6FD-A589-478C-BE41-04BBD298E838} - System32\Tasks\HealthStom Poker Agent => C:\Windows\system32\rundll32.exe "C:\Program Files\HealthStom Poker Agent\HealthStom Poker Agent.dll",eulBHMVX <==== ATTENTION
  116. Task: {2487FDC2-AF18-43E8-B710-2E838BCF755A} - System32\Tasks\PuralFudget => C:\Windows\system32\rundll32.exe "C:\Program Files\PuralFudget\PuralFudget.dll",sNnZezkNg <==== ATTENTION
  117. Task: {36BF1409-30C2-4FB4-A79F-F5622AAE9001} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-07] (Google Inc.)
  118. Task: {47ABBE67-CE42-4B93-BE33-19E4E359E1D1} - \uuxHwpnMkRCRpJh2 -> No File <==== ATTENTION
  119. Task: {4EC84E24-3B02-49B7-A3E4-29D0B4EEBFD3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-17] (Adobe Systems Incorporated)
  120. Task: {6B9FD216-9A2D-4EFF-AC6C-C244BB3B37FB} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
  121. Task: {829DD5B6-FC29-403A-8839-330C4170A423} - \TnqpiRJoXWMCwN -> No File <==== ATTENTION
  122. Task: {BCB0C7C3-F65E-4091-88F4-E01423F9153E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-07] (Google Inc.)
  123. Task: {C13ACABC-D5C8-416D-89EE-8EFE87247A0E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
  124. Task: {C5217DE4-6490-4BAD-B284-EBB347B35701} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcTrigger
  125. Task: {CF6F291E-DD19-410B-AD46-7A89DD46B63F} - System32\Tasks\Opera scheduled Autoupdate 1499449117 => C:\Program Files\Opera\launcher.exe [2017-08-08] (Opera Software)
  126. Task: {E1DFF08E-BFE2-4B49-A1FC-E4E35D2EC746} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
  127. Task: {EACB2495-5CAA-4338-ABB4-A03C0C3E6FB7} - System32\Tasks\S-1-5-21-73300378-2398947947-2795111270-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
  128. Task: {F099DC74-1B63-4355-8132-C5F7D97783CF} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-08-10] (AVG Technologies CZ, s.r.o.)
  129. Task: {FD68F42E-FB1A-4E63-A212-65013C4B15C0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
  130.  
  131. (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
  132.  
  133. Task: C:\Windows\Tasks\update-S-1-5-21-73300378-2398947947-2795111270-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
  134. Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
  135. Task: C:\Windows\Tasks\uuxHwpnMkRCRpJh.job => C:\Program Files (x86)\thzXuJvjU\W94vVKR.dll
  136.  
  137. ==================== Shortcuts & WMI ========================
  138.  
  139. (The entries could be listed to be restored or removed.)
  140.  
  141.  
  142. ==================== Loaded Modules (Whitelisted) ==============
  143.  
  144. 2017-07-16 18:51 - 2014-04-16 10:22 - 000029184 _____ () C:\Windows\System32\usp01l.dll
  145. 2017-08-10 17:29 - 2017-08-10 17:58 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
  146. 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
  147. 2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
  148. 2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
  149. 2017-07-12 02:59 - 2015-02-27 14:38 - 000721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
  150. 2017-07-07 19:05 - 2010-03-15 11:28 - 000052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
  151. 2017-03-18 22:59 - 2017-03-19 04:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
  152. 2017-03-19 04:32 - 2017-03-19 04:32 - 000071680 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe
  153. 2017-03-19 04:32 - 2017-03-19 04:32 - 000176640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
  154. 2017-03-19 04:32 - 2017-03-19 04:32 - 035234304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkyWrap.dll
  155. 2017-08-10 17:27 - 2017-08-10 17:27 - 090048088 _____ () C:\Program Files\Opera\47.0.2631.39\opera_browser.dll
  156. 2017-08-10 17:27 - 2017-08-10 17:26 - 003972696 _____ () C:\Program Files\Opera\47.0.2631.39\libglesv2.dll
  157. 2017-08-10 17:27 - 2017-08-10 17:26 - 000100440 _____ () C:\Program Files\Opera\47.0.2631.39\libegl.dll
  158. 2017-04-07 09:41 - 2017-04-07 09:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
  159. 2017-07-17 03:09 - 2017-07-17 03:09 - 031133696 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer64_26_0_0_137.dll
  160. 2017-08-10 18:16 - 2017-08-10 18:15 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
  161. 2017-08-10 18:19 - 2017-08-10 18:19 - 000171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
  162. 2017-08-10 18:19 - 2017-08-10 18:19 - 001067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
  163. 2017-08-10 18:19 - 2017-08-10 18:19 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
  164. 2017-08-10 18:19 - 2017-08-10 18:19 - 000193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
  165. 2017-08-10 18:19 - 2017-08-10 18:19 - 000225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
  166. 2017-08-10 18:19 - 2017-08-10 18:19 - 000690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
  167. 2017-08-07 22:26 - 2017-08-03 14:54 - 000041040 _____ () C:\Users\User\AppData\Local\Viber\qrencode.dll
  168. 2017-08-07 22:26 - 2017-08-03 14:55 - 000391760 _____ () C:\Users\User\AppData\Local\Viber\imageformats\qsvg.dll
  169. 2016-10-05 21:17 - 2016-10-05 21:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
  170.  
  171. ==================== Alternate Data Streams (Whitelisted) =========
  172.  
  173. (If an entry is included in the fixlist, only the ADS will be removed.)
  174.  
  175.  
  176. ==================== Safe Mode (Whitelisted) ===================
  177.  
  178. (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
  179.  
  180. HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
  181. HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
  182.  
  183. ==================== Association (Whitelisted) ===============
  184.  
  185. (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
  186.  
  187.  
  188. ==================== Internet Explorer trusted/restricted ===============
  189.  
  190. (If an entry is included in the fixlist, it will be removed from the registry.)
  191.  
  192.  
  193. ==================== Hosts content: ===============================
  194.  
  195. (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
  196.  
  197. 2017-03-18 23:03 - 2017-08-10 17:17 - 000000861 _____ C:\Windows\system32\Drivers\etc\hosts
  198.  
  199. 127.0.0.1 platform.wondershare.com
  200.  
  201. ==================== Other Areas ============================
  202.  
  203. (Currently there is no automatic fix for this section.)
  204.  
  205. HKU\S-1-5-21-73300378-2398947947-2795111270-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
  206. DNS Servers: 192.168.8.1
  207. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
  208. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
  209. Windows Firewall is enabled.
  210.  
  211. ==================== MSCONFIG/TASK MANAGER disabled items ==
  212.  
  213. HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
  214. HKLM\...\StartupApproved\Run: => "BCSSync"
  215. HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
  216. HKLM\...\StartupApproved\Run32: => "SwitchBoard"
  217. HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
  218. HKU\S-1-5-21-73300378-2398947947-2795111270-1001\...\StartupApproved\Run: => "Skype"
  219.  
  220. ==================== FirewallRules (Whitelisted) ===============
  221.  
  222. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  223.  
  224. FirewallRules: [{4797A5BF-07C9-4A5B-B2B2-D75984F5B380}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
  225. FirewallRules: [{830636CE-2706-4882-B791-213AAF1ED202}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
  226. FirewallRules: [{C72D66FD-6865-4717-B0EE-D795746E2C76}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
  227. FirewallRules: [{45E7C202-7BD5-4EB7-83FF-DA6927EA2F81}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
  228. FirewallRules: [{58BD108F-63A8-4F9C-8480-3526FC5EF24A}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
  229. FirewallRules: [{318CDF40-5B0E-4F13-8FF8-96A55ED2F865}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
  230. FirewallRules: [{84EFDC9A-2D2E-4879-971B-9090FA92B8B9}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
  231. FirewallRules: [{4F7971B1-9CED-4129-8FDA-AB300BA87316}] => (Allow) C:\Program Files\Opera\46.0.2597.57\opera.exe
  232. FirewallRules: [{AD6B8BB2-447C-4F62-93C4-8176BDA26301}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  233. FirewallRules: [{DF8FB19F-CADB-46CF-961C-EF6AF3C69508}] => (Allow) C:\Windows\system32\rundll32.exe
  234. FirewallRules: [{92C9FE7D-D7B2-454A-8323-8DA62019DE43}] => (Allow) C:\Program Files\Opera\47.0.2631.39\opera.exe
  235. FirewallRules: [{8719FBEF-9E91-4812-A40C-77C985A0D6FD}] => (Allow) C:\Windows\System32\rundll32.exe
  236. FirewallRules: [{D99E7546-99C9-46EF-A5D7-25D40384CF00}] => (Allow) C:\Windows\System32\rundll32.exe
  237.  
  238. ==================== Restore Points =========================
  239.  
  240.  
  241. ==================== Faulty Device Manager Devices =============
  242.  
  243.  
  244. ==================== Event log errors: =========================
  245.  
  246. Application errors:
  247. ==================
  248. Error: (08/12/2017 12:44:36 AM) (Source: System Restore) (EventID: 8193) (User: )
  249. Description: Failed to create restore point (Process = C:\Users\User\AppData\Local\Temp\scoped_dir5892_27765\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8004230f).
  250.  
  251. Error: (08/12/2017 12:44:31 AM) (Source: VSS) (EventID: 12293) (User: )
  252. Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Catastrophic failure
  253. ].
  254.  
  255.  
  256. Operation:
  257. Check If Volume Is Supported by Provider
  258. Add a Volume to a Shadow Copy Set
  259.  
  260. Context:
  261. Execution Context: Coordinator
  262. Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  263. Volume Name: \\?\Volume{9228a519-0000-0000-0000-501f00000000}\
  264. Execution Context: Coordinator
  265.  
  266. Error: (08/12/2017 12:44:21 AM) (Source: VSS) (EventID: 12293) (User: )
  267. Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Catastrophic failure
  268. ].
  269.  
  270.  
  271. Operation:
  272. Check If Volume Is Supported by Provider
  273. Add a Volume to a Shadow Copy Set
  274.  
  275. Context:
  276. Execution Context: Coordinator
  277. Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  278. Volume Name: \\?\Volume{9228a519-0000-0000-0000-501f00000000}\
  279. Execution Context: Coordinator
  280.  
  281. Error: (08/12/2017 12:44:11 AM) (Source: VSS) (EventID: 12293) (User: )
  282. Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Catastrophic failure
  283. ].
  284.  
  285.  
  286. Operation:
  287. Check If Volume Is Supported by Provider
  288. Add a Volume to a Shadow Copy Set
  289.  
  290. Context:
  291. Execution Context: Coordinator
  292. Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  293. Volume Name: \\?\Volume{9228a519-0000-0000-0000-501f00000000}\
  294. Execution Context: Coordinator
  295.  
  296. Error: (08/12/2017 12:44:00 AM) (Source: VSS) (EventID: 12293) (User: )
  297. Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Catastrophic failure
  298. ].
  299.  
  300.  
  301. Operation:
  302. Check If Volume Is Supported by Provider
  303. Add a Volume to a Shadow Copy Set
  304.  
  305. Context:
  306. Execution Context: Coordinator
  307. Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  308. Volume Name: \\?\Volume{9228a519-0000-0000-0000-501f00000000}\
  309. Execution Context: Coordinator
  310.  
  311. Error: (08/12/2017 12:43:49 AM) (Source: VSS) (EventID: 12293) (User: )
  312. Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Catastrophic failure
  313. ].
  314.  
  315.  
  316. Operation:
  317. Check If Volume Is Supported by Provider
  318. Add a Volume to a Shadow Copy Set
  319.  
  320. Context:
  321. Execution Context: Coordinator
  322. Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  323. Volume Name: \\?\Volume{9228a519-0000-0000-0000-501f00000000}\
  324. Execution Context: Coordinator
  325.  
  326. Error: (08/12/2017 12:43:45 AM) (Source: VSS) (EventID: 8194) (User: )
  327. Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
  328. .
  329. This is often caused by incorrect security settings in either the writer or requestor process.
  330.  
  331.  
  332. Operation:
  333. Gathering Writer Data
  334.  
  335. Context:
  336. Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  337. Writer Name: System Writer
  338. Writer Instance ID: {d32012cf-4ada-4beb-ba5a-809c39336c95}
  339.  
  340. Error: (08/12/2017 12:43:06 AM) (Source: System Restore) (EventID: 8193) (User: )
  341. Description: Failed to create restore point (Process = C:\Users\User\AppData\Local\Temp\scoped_dir5892_27765\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8004230f).
  342.  
  343. Error: (08/12/2017 12:43:01 AM) (Source: VSS) (EventID: 12293) (User: )
  344. Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Catastrophic failure
  345. ].
  346.  
  347.  
  348. Operation:
  349. Check If Volume Is Supported by Provider
  350. Add a Volume to a Shadow Copy Set
  351.  
  352. Context:
  353. Execution Context: Coordinator
  354. Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  355. Volume Name: \\?\Volume{9228a519-0000-0000-0000-501f00000000}\
  356. Execution Context: Coordinator
  357.  
  358. Error: (08/12/2017 12:42:51 AM) (Source: VSS) (EventID: 12293) (User: )
  359. Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff, Catastrophic failure
  360. ].
  361.  
  362.  
  363. Operation:
  364. Check If Volume Is Supported by Provider
  365. Add a Volume to a Shadow Copy Set
  366.  
  367. Context:
  368. Execution Context: Coordinator
  369. Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  370. Volume Name: \\?\Volume{9228a519-0000-0000-0000-501f00000000}\
  371. Execution Context: Coordinator
  372.  
  373.  
  374. System errors:
  375. =============
  376. Error: (08/12/2017 01:35:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
  377. Description: The CldFlt service failed to start due to the following error:
  378. The request is not supported.
  379.  
  380. Error: (08/12/2017 12:57:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
  381. Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).
  382.  
  383. Error: (08/11/2017 04:19:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
  384. Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  385. {D63B10C5-BB46-4990-A94F-E40B9D520160}
  386. and APPID
  387. {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
  388. to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
  389.  
  390. Error: (08/10/2017 07:38:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
  391. Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  392. {D63B10C5-BB46-4990-A94F-E40B9D520160}
  393. and APPID
  394. {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
  395. to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
  396.  
  397. Error: (08/10/2017 07:24:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
  398. Description: The CldFlt service failed to start due to the following error:
  399. The request is not supported.
  400.  
  401. Error: (08/10/2017 07:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
  402. Description: The CldFlt service failed to start due to the following error:
  403. The request is not supported.
  404.  
  405. Error: (08/10/2017 07:09:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
  406. Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  407. {D63B10C5-BB46-4990-A94F-E40B9D520160}
  408. and APPID
  409. {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
  410. to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
  411.  
  412. Error: (08/10/2017 06:13:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
  413. Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
  414.  
  415. Error: (08/10/2017 06:12:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
  416. Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  417. {D63B10C5-BB46-4990-A94F-E40B9D520160}
  418. and APPID
  419. {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
  420. to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
  421.  
  422. Error: (08/10/2017 06:12:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
  423. Description: The CldFlt service failed to start due to the following error:
  424. The request is not supported.
  425.  
  426.  
  427. CodeIntegrity:
  428. ===================================
  429. Date: 2017-08-12 00:33:05.635
  430. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  431.  
  432. Date: 2017-08-12 00:33:05.175
  433. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  434.  
  435. Date: 2017-08-12 00:33:05.001
  436. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  437.  
  438. Date: 2017-08-08 01:24:46.310
  439. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  440.  
  441. Date: 2017-08-05 03:07:43.527
  442. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  443.  
  444. Date: 2017-07-28 15:58:04.364
  445. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  446.  
  447. Date: 2017-07-21 01:42:13.540
  448. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  449.  
  450. Date: 2017-07-20 01:32:55.273
  451. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  452.  
  453. Date: 2017-07-11 02:14:24.248
  454. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  455.  
  456. Date: 2017-07-08 01:30:54.311
  457. Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  458.  
  459.  
  460. ==================== Memory info ===========================
  461.  
  462. Processor: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz
  463. Percentage of memory in use: 44%
  464. Total physical RAM: 7887.95 MB
  465. Available physical RAM: 4350.23 MB
  466. Total Virtual: 8911.95 MB
  467. Available Virtual: 5320.87 MB
  468.  
  469. ==================== Drives ================================
  470.  
  471. Drive c: () (Fixed) (Total:232.39 GB) (Free:38.12 GB) NTFS
  472. Drive d: (VECI) (Removable) (Total:7.45 GB) (Free:2.18 GB) FAT32
  473.  
  474. ==================== MBR & Partition Table ==================
  475.  
  476. ========================================================
  477. Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9228A519)
  478. Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
  479. Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
  480.  
  481. ========================================================
  482. Disk: 1 (Size: 7.5 GB) (Disk ID: DC1833A3)
  483. Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
  484.  
  485. ==================== End of Addition.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!