Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2017 Ran by ro (16-12-2017 19:21:19) Running from C:\Users\ro\Documents\Desktop Windows 10 Home Version 1709 16299.125 (X64) (2017-12-08 15:31:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2842588528-1966890766-1193954180-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2842588528-1966890766-1193954180-503 - Limited - Disabled) Guest (S-1-5-21-2842588528-1966890766-1193954180-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2842588528-1966890766-1193954180-1002 - Limited - Enabled) ro (S-1-5-21-2842588528-1966890766-1193954180-1000 - Administrator - Enabled) => C:\Users\ro WDAGUtilityAccount (S-1-5-21-2842588528-1966890766-1193954180-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated) ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden Microsoft OneDrive (HKU\S-1-5-21-2842588528-1966890766-1193954180-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 57.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 57.0.2 (x64 fr)) (Version: 57.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla) OpenOffice 4.1.4 (HKLM-x32\...\{EFD59811-3264-427C-AF22-E96E700FAD83}) (Version: 4.14.9787 - Apache Software Foundation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) SharkScope Desktop 1.56 (HKLM-x32\...\1016-6073-5515-0204) (Version: 1.56 - Barbary Software) Winamax Installer (HKU\S-1-5-21-2842588528-1966890766-1193954180-1000\...\Winamax Installer 2.0) (Version: 2.0 - Winamax) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {AE793D78-7C9F-46E1-AD18-76571499C841} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated) Task: {CFB02F26-977D-45BE-8B64-1EBAC65460D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-12-09 00:39 - 2017-12-09 00:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-09 00:39 - 2017-12-09 00:39 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-12-12 12:02 - 2017-12-12 12:03 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-12-12 12:02 - 2017-12-12 12:03 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-12-12 12:02 - 2017-12-12 12:03 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-12-12 12:02 - 2017-12-12 12:03 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll 2017-12-12 12:02 - 2017-12-12 12:03 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2017-12-06 17:24 - 2017-12-06 17:24 - 000102088 _____ () C:\Users\ro\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-11-07 23:34 - 2017-11-25 10:49 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2842588528-1966890766-1193954180-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ro\Pictures\DSCN1083.JPG DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{A23F7C78-081A-41CC-BB87-4FC6AE2AB60B}C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe] => (Allow) C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe FirewallRules: [TCP Query User{4B1190F2-8F1C-4C15-B3CD-75BF5DF37320}C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe] => (Allow) C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe FirewallRules: [{72947CCC-F38D-47EC-93BC-A1ED57B0738A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{7B85635F-28C7-4F1A-A8B2-B0C9DD97C009}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{6B598E89-C9FA-44D3-8753-C33DC496D38D}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe FirewallRules: [{096F9A79-27A4-49A6-9D3B-E29FA84C4A3C}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe FirewallRules: [{C47FE26F-66A2-4B1A-A400-3435267E5ED6}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{34137849-461E-47B3-9B73-D091C327CA1B}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe ==================== Restore Points ========================= 09-12-2017 17:09:03 Windows Update 13-12-2017 15:30:27 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2017 01:44:14 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (12/16/2017 01:43:57 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (12/16/2017 01:29:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC) Description: Package microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail was terminated because it took too long to suspend. Error: (12/16/2017 02:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC) Description: Package Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/16/2017 12:23:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/15/2017 11:51:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/15/2017 11:50:43 PM) (Source: ESENT) (EventID: 489) (User: ) Description: taskhostw (5096,G,0) An attempt to open the file "C:\Users\ro\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (12/15/2017 11:12:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/15/2017 10:51:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/15/2017 10:40:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. System errors: ============= Error: (12/16/2017 07:06:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/16/2017 07:06:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/16/2017 07:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/16/2017 07:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Elan Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/16/2017 06:22:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/16/2017 06:22:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect. Error: (12/16/2017 06:21:04 PM) (Source: DCOM) (EventID: 10010) (User: ro-PC) Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout. Error: (12/16/2017 06:17:17 PM) (Source: DCOM) (EventID: 10010) (User: ro-PC) Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout. Error: (12/16/2017 06:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/16/2017 06:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-12-16 15:00:59.174 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2017-12-16 15:00:58.524 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2017-12-16 15:00:48.962 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2017-12-16 15:00:48.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 56% Total physical RAM: 3932.36 MB Available physical RAM: 1722.7 MB Total Virtual: 5212.36 MB Available Virtual: 3017.44 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:448.66 GB) (Free:258.59 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F06BDB55) Partition 1: (Not Active) - (Size=17 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================