Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017 Ran by axioo (01-02-2017 12:51:48) Running from C:\Users\axioo\Desktop Microsoft Windows 10 Home Single Language Version 1511 (X86) (2017-01-18 03:25:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4294006291-3268964387-4160186193-500 - Administrator - Disabled) axioo (S-1-5-21-4294006291-3268964387-4160186193-1001 - Administrator - Enabled) => C:\Users\axioo DefaultAccount (S-1-5-21-4294006291-3268964387-4160186193-503 - Limited - Disabled) Guest (S-1-5-21-4294006291-3268964387-4160186193-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.) AOMEI Partition Assistant Unlimited Edition 6.0 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version: - AOMEI Technology Co., Ltd.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) EverQuest (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\DG0-EverQuest) (Version: - Sony Online Entertainment) EverQuest (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\DGC-EverQuest) (Version: 1.0.3.192 - Daybreak Game Company) Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.) Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.) LifeBeg (HKLM\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifeBeg (Version: 1.0 - UNKNOWN) Hidden LifeElem (HKLM\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifeElem (Version: 1.0 - UNKNOWN) Hidden LifePreInt (HKLM\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifePreInt (Version: 1.0 - UNKNOWN) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.) REALTEK Bluetooth (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.) RogueKiller version 12.9.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.6.0 - Adlice Software) WinDirStat 1.1.2 (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\WinDirStat) (Version: - ) Windows Driver Package - Kionix (WUDFRd) Sensor (07/30/2015 1.0.0.6) (HKLM\...\382C168E514F6CE64FDCF21159DD6ECEC5449121) (Version: 07/30/2015 1.0.0.6 - Kionix) WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.591 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {93E3C633-BC18-4B11-8DB7-F1CD82395AD6} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {B070BF4E-F288-43D7-B524-0411E9239310} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 12:44 - 2015-10-30 12:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-20 07:01 - 2015-07-16 20:40 - 00147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe 2016-01-26 10:47 - 2016-01-26 10:47 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 02365952 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-26 10:47 - 2016-01-26 10:47 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 12:48 - 2015-10-30 12:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\OEMBackground.jpg DNS Servers: 192.168.42.129 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{BA359AF1-E542-4C45-A433-B7B2762D2A3A}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BFA29102-4425-43DB-8542-EA7E038A21B2}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FF79700D-F0AD-4A92-B112-02D80B70B995}] => D:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{118A8F0A-E81E-452B-B105-91A06A5321C2}] => D:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{193BCBEB-B5C7-4A2B-B080-E8D42B653622}] => D:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{433E17CF-3B95-419F-8343-5293DDA3AF37}] => D:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CECB334B-2BA0-4F01-A156-C9004C4DDF23}] => D:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-01-2017 23:33:51 help me ahhhh 31-01-2017 09:08:17 Installed SharpKeys ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2017 12:52:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:43Z. Error Code: 0x80070002. Error: (02/01/2017 12:52:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:13Z. Error Code: 0x80070002. Error: (02/01/2017 12:51:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:43Z. Error Code: 0x80070002. Error: (02/01/2017 12:51:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:13Z. Error Code: 0x80070002. Error: (02/01/2017 12:46:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:31Z. Error Code: 0x80070002. Error: (02/01/2017 12:46:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:01Z. Error Code: 0x80070002. Error: (02/01/2017 12:45:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:31Z. Error Code: 0x80070002. Error: (02/01/2017 12:45:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:01Z. Error Code: 0x80070002. Error: (02/01/2017 12:44:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:31Z. Error Code: 0x80070002. Error: (02/01/2017 12:44:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:01Z. Error Code: 0x80070002. System errors: ============= Error: (02/01/2017 12:46:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (02/01/2017 12:46:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (02/01/2017 12:46:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WWAN AutoConfig service terminated with the following error: Overlapped I/O operation is in progress. Error: (02/01/2017 12:46:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (02/01/2017 12:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_1e0c2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2017 12:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_1e0c2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2017 12:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_1e0c2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2017 12:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_1e0c2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2017 12:46:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz Percentage of memory in use: 45% Total physical RAM: 1985.14 MB Available physical RAM: 1091.59 MB Total Virtual: 2689.14 MB Available Virtual: 1646.36 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:28.73 GB) (Free:16.82 GB) NTFS Drive d: (Superdisk) (Removable) (Total:119.26 GB) (Free:84.37 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 28.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 119.3 GB) (Disk ID: 9E1247B5) Partition 1: (Not Active) - (Size=119.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================