Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016 Ran by DrH (2016-07-01 16:50:56) Running from C:\Users\DrH\Desktop Windows 10 Pro Version 1511 (X64) (2016-06-29 21:08:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2056519803-1839500514-3053012104-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2056519803-1839500514-3053012104-503 - Limited - Disabled) DrH (S-1-5-21-2056519803-1839500514-3053012104-1001 - Administrator - Enabled) => C:\Users\DrH Guest (S-1-5-21-2056519803-1839500514-3053012104-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Avast Premier (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.35.6237 - BlueStack Systems, Inc.) Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine) Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metin2 (HKLM-x32\...\Metin2_US_is1) (Version: - Gameforge 4D GmbH) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2056519803-1839500514-3053012104-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {25F9CB08-5899-4618-96FE-EAF7BB71629A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {5927CC47-BA0D-4903-8019-A17C13B9F6AE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor) Task: {905F40D3-FEC7-4C91-A732-26CDBA00A59E} - System32\Tasks\SafeZone scheduled Autoupdate 1467235451 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {AD3BD42F-7D4A-414F-B937-45F70AFB1D2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.) Task: {CC86E3DE-8FB1-436F-8ABD-D6161AC3AA15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.) Task: {EED27692-2A79-4527-83E8-B1A3C573203E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-30] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-06-30 02:58 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-06-30 01:15 - 2016-06-30 01:15 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-06-30 02:58 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-06-30 00:41 - 2016-06-30 00:41 - 00959168 _____ () C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-30 02:56 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-06-30 02:58 - 2016-04-23 07:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-19 01:08 - 2015-12-19 01:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe 2016-06-30 00:13 - 2016-06-23 16:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll 2016-06-30 00:13 - 2016-06-23 16:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll 2016-06-30 02:59 - 2016-05-28 06:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-30 02:57 - 2016-05-28 06:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-30 02:58 - 2016-05-28 06:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-30 02:58 - 2016-05-28 06:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-30 00:22 - 2016-06-30 00:22 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-30 00:22 - 2016-06-30 00:22 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-07-01 11:58 - 2016-07-01 11:58 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\16070101\algo.dll 2016-06-30 01:15 - 2016-06-30 01:15 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-06-30 01:15 - 2016-06-30 01:15 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-06-30 00:41 - 2016-06-30 00:41 - 00679624 _____ () C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-06-30 19:19 - 2016-03-09 09:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll 2016-06-30 00:22 - 2016-06-30 00:22 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2056519803-1839500514-3053012104-1001\Control Panel\Desktop\\Wallpaper -> c:\users\drh\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\background.jpg DNS Servers: 193.140.216.203 - 193.140.216.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{03CA4EB8-4EE3-4923-AAD1-2ED037FF41DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4708198A-F8F9-48E4-B408-77C5D41DE80E}] => (Allow) E:\GameforgeLive\gfl_client.exe FirewallRules: [{C0CD5CCB-0F1E-4A4D-A6F1-D4BA3DE7364F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (07/01/2016 02:39:32 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4 Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\Windows\system32\esentprf.dll4 Error: (07/01/2016 02:39:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=4 Error: (07/01/2016 02:38:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (07/01/2016 12:42:08 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (07/01/2016 12:42:07 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (07/01/2016 12:42:07 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4 System errors: ============= Error: (07/01/2016 04:50:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (07/01/2016 03:43:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (07/01/2016 03:10:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/01/2016 12:43:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/01/2016 12:04:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_140d1f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/01/2016 12:04:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_140d1f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-06-30 09:24:48.001 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-30 03:04:23.770 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-30 00:25:32.580 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-30 00:04:54.688 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Percentage of memory in use: 49% Total physical RAM: 8080.36 MB Available physical RAM: 4105.9 MB Total Virtual: 10000.36 MB Available Virtual: 5522.28 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.66 GB) (Free:73.93 GB) NTFS Drive e: () (Fixed) (Total:134.74 GB) (Free:130.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08B93E60) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=134.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================