Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017 Ran by axioo (31-01-2017 14:04:44) Running from C:\Users\axioo\Desktop Microsoft Windows 10 Home Single Language Version 1511 (X86) (2017-01-18 03:25:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4294006291-3268964387-4160186193-500 - Administrator - Disabled) axioo (S-1-5-21-4294006291-3268964387-4160186193-1001 - Administrator - Enabled) => C:\Users\axioo DefaultAccount (S-1-5-21-4294006291-3268964387-4160186193-503 - Limited - Disabled) Guest (S-1-5-21-4294006291-3268964387-4160186193-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.) AOMEI Partition Assistant Unlimited Edition 6.0 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version: - AOMEI Technology Co., Ltd.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) EverQuest (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\DG0-EverQuest) (Version: - Sony Online Entertainment) EverQuest (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\DGC-EverQuest) (Version: 1.0.3.192 - Daybreak Game Company) Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.) Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.) LifeBeg (HKLM\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifeBeg (Version: 1.0 - UNKNOWN) Hidden LifeElem (HKLM\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifeElem (Version: 1.0 - UNKNOWN) Hidden LifePreInt (HKLM\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifePreInt (Version: 1.0 - UNKNOWN) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.) REALTEK Bluetooth (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.) WinDirStat 1.1.2 (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\WinDirStat) (Version: - ) Windows Driver Package - Kionix (WUDFRd) Sensor (07/30/2015 1.0.0.6) (HKLM\...\382C168E514F6CE64FDCF21159DD6ECEC5449121) (Version: 07/30/2015 1.0.0.6 - Kionix) WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.591 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\axioo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\axioo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll => No File CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\axioo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1520FF60-C188-4467-BB74-D410F220E326} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-01-30] () Task: {3C7F824F-12D2-4D93-BD71-389BA80CD543} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files\Common Files\InstallShield\Update\ISUSPM.exe [2017-01-18] (InstallShield®) Task: {93E3C633-BC18-4B11-8DB7-F1CD82395AD6} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {A838CE2E-1147-4532-B4A2-8E33135979AF} - System32\Tasks\Optimize Thumbnail Cache Files => Wscript.exe //nologo //E:jscript //B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION Task: {B070BF4E-F288-43D7-B524-0411E9239310} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 12:44 - 2015-10-30 12:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-01-20 07:01 - 2015-07-16 20:40 - 00147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe 2017-01-31 08:42 - 2017-01-25 13:56 - 01870168 _____ () D:\Program Files\Google\Chrome\Application\56.0.2924.76\libglesv2.dll 2017-01-31 08:42 - 2017-01-25 13:56 - 00085848 _____ () D:\Program Files\Google\Chrome\Application\56.0.2924.76\libegl.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-01-31 10:56 - 2017-01-31 10:56 - 00129392 _____ () D:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 02365952 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-10-30 12:45 - 2015-10-30 12:45 - 00164224 _____ () c:\windows\system32\WerEtw.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 12:48 - 2015-10-30 12:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\OEMBackground.jpg DNS Servers: 192.168.42.129 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{BA359AF1-E542-4C45-A433-B7B2762D2A3A}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BFA29102-4425-43DB-8542-EA7E038A21B2}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FF79700D-F0AD-4A92-B112-02D80B70B995}] => D:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{118A8F0A-E81E-452B-B105-91A06A5321C2}] => D:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{193BCBEB-B5C7-4A2B-B080-E8D42B653622}] => D:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{433E17CF-3B95-419F-8343-5293DDA3AF37}] => D:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CECB334B-2BA0-4F01-A156-C9004C4DDF23}] => D:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-01-2017 23:33:51 help me ahhhh 31-01-2017 09:08:17 Installed SharpKeys ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/31/2017 02:04:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002. Error: (01/31/2017 02:04:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002. Error: (01/31/2017 02:03:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002. Error: (01/31/2017 02:03:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002. Error: (01/31/2017 02:03:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST.exe version 29.1.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: a0c Start Time: 01d27b9007a40829 Termination Time: 27 Application Path: C:\Users\axioo\Desktop\FRST.exe Report Id: 4f8e9bbd-e783-11e6-a145-02005f553036 Faulting package full name: Faulting package-relative application ID: Error: (01/31/2017 02:02:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002. Error: (01/31/2017 02:02:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002. Error: (01/31/2017 02:01:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002. Error: (01/31/2017 02:01:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002. Error: (01/31/2017 02:00:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002. System errors: ============= Error: (01/31/2017 12:16:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WWAN AutoConfig service terminated with the following error: Overlapped I/O operation is in progress. Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/31/2017 12:16:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/31/2017 11:37:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not start due to a logon failure. Error: (01/31/2017 11:37:31 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (01/31/2017 11:37:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (01/31/2017 11:37:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll CodeIntegrity: =================================== Date: 2017-01-31 10:03:39.039 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-31 08:58:59.573 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-30 12:40:53.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-29 23:59:01.971 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-29 22:57:51.545 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-29 22:50:23.453 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-29 21:28:43.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-26 14:57:28.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-18 10:25:20.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-20 07:47:02.169 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz Percentage of memory in use: 77% Total physical RAM: 1985.14 MB Available physical RAM: 443.48 MB Total Virtual: 2689.14 MB Available Virtual: 788.02 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:28.73 GB) (Free:16.88 GB) NTFS Drive d: (Superdisk) (Removable) (Total:119.26 GB) (Free:84.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 28.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 119.3 GB) (Disk ID: 9E1247B5) Partition 1: (Not Active) - (Size=119.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================