Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by DoAsnoPC (12-01-2017 16:48:36) Run:2
Running from C:\Users\DoAsnoPC\Desktop
Loaded Profiles: DoAsnoPC (Available Profiles: DoAsnoPC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\Windows\KMS-R@1nHook.exe
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-274241934-1915277421-3324831707-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2016-10-22 12:26 - 2016-10-22 12:26 - 00005120 _____ () C:\WINDOWS\KMS-R@1nHook.exe
2016-10-22 12:26 - 2016-10-22 12:26 - 00004096 _____ () C:\WINDOWS\KMS-R@1nHook.dll
2016-11-19 23:32 - 2016-11-19 23:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-12 08:18 - 2017-01-12 08:18 - 00098816 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32api.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00110080 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pywintypes27.dll
2017-01-12 08:18 - 2017-01-12 08:18 - 00364544 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pythoncom27.dll
2017-01-12 08:18 - 2017-01-12 08:18 - 00320512 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32com.shell.shell.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00914432 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_hashlib.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 01176576 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._core_.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00806400 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._gdi_.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00816128 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._windows_.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 01067008 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._controls_.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00733184 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._misc_.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00682496 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pysqlite2._sqlite.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00088064 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_ctypes.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00686080 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\unicodedata.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00119808 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32file.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00108544 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32security.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00007168 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\hashobjs_ext.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00017920 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\thumbnails_ext.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00088064 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\usb_ext.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00012800 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\common.time34.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00018432 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32event.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00167936 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32gui.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00046080 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_socket.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 01303552 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_ssl.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00128512 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_elementtree.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00127488 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pyexpat.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00038912 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32inet.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00036864 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_psutil_windows.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00524248 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\windows._lib_cacheinvalidation.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00011264 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32crypt.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00123392 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._wizard.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00077312 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._html2.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00027648 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_multiprocessing.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00020480 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_yappi.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00035840 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32process.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00078848 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._animate.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00024064 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32pipe.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00010240 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\select.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00025600 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32pdh.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00017408 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32profile.pyd
2017-01-12 08:18 - 2017-01-12 08:18 - 00022528 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32ts.pyd
Task: {305B3C47-ED8F-4D32-BAE1-15BC85731659} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6C5FA22C-6AA3-4F72-8EE6-750410E37584} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
FirewallRules: [{21EC2A81-DA35-4AC8-BE7C-9DDDAD47C8C1}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{8620A153-073C-4ABA-B65C-C71793135A3E}] => C:\Windows\KMS-R@1n.exe
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2770]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-10-22] () [File not signed]
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
CMD: sfc /scannow
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processes closed successfully.
"C:\Windows\KMS-R@1nHook.exe" => not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSppSvc.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => key not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKU\S-1-5-21-274241934-1915277421-3324831707-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
"C:\WINDOWS\KMS-R@1nHook.exe" => not found.
"C:\WINDOWS\KMS-R@1nHook.dll" => not found.
"C:\ProgramData\DP45977C.lfl" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32api.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pywintypes27.dll" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pythoncom27.dll" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32com.shell.shell.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_hashlib.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._core_.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._gdi_.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._windows_.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._controls_.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._misc_.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pysqlite2._sqlite.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_ctypes.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\unicodedata.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32file.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32security.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\hashobjs_ext.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\thumbnails_ext.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\usb_ext.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\common.time34.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32event.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32gui.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_socket.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_ssl.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_elementtree.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pyexpat.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32inet.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_psutil_windows.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\windows._lib_cacheinvalidation.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32crypt.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._wizard.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._html2.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_multiprocessing.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_yappi.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32process.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._animate.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32pipe.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\select.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32pdh.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32profile.pyd" => not found.
"C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32ts.pyd" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{305B3C47-ED8F-4D32-BAE1-15BC85731659} => key not found.
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C5FA22C-6AA3-4F72-8EE6-750410E37584} => key not found.
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21EC2A81-DA35-4AC8-BE7C-9DDDAD47C8C1} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8620A153-073C-4ABA-B65C-C71793135A3E} => value not found.
"C:\Program Files (x86)\GbPlugin" => ":IncompleteStartProcessProtection.cnt" ADS not found.
"C:\Program Files (x86)\GbPlugin" => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS not found.
"C:\WINDOWS\system32\Drivers\gbpddfac64.sys" => ":X5ZN8aGvT4" ADS not found.
"C:\WINDOWS\system32\Drivers\wsddfac.sys" => ":X5ZN8aGXs4" ADS not found.
"C:\ProgramData\GbPlugin" => ":IncompleteStartGbprcm.cnt" ADS not found.
KMS-R@1n => service not found.
KMSEmulator => service not found.
gbpddreg => service not found.

========= sfc /scannow =========


Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 0% complete.Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

========= End of CMD: =========

Error: (0) Failed to create a restore point.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32874057 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 7623958 B
Edge => 1291200 B
Chrome => 315793909 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 900 B
NetworkService => 140006 B
DoAsnoPC => 410802216 B

RecycleBin => 0 B
EmptyTemp: => 732.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:21:02 ====