Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Freezes, Shut Down Problems & Malware Scanners etc dont start up


  • Please log in to reply
4 replies to this topic

#1 InsanaTommy

InsanaTommy

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 27 January 2016 - 11:31 AM

Hello everyone,

 

My Name is Tommy from germany and I recently was asked from a Lybien colleague to fix his private PC. The topic gives you basically the problem description. The PC freezes suddenly and during shutdowns and Malware detectors dotn start. I suspect Malware or maybe something more exotic like corputed power management or windows installer. To rule out the Hardware I did a Intel burn test and the pc managed to run the test 20 times.

In save mode I was able to run ADWcleaner and removed some Programs, I also cleaned the registry with Auslogic registry cleaner and run FRST (I paste the output below) and removed following keys (also bellow).

Unfortunately the problem persists and I dont know how to go on. Setting up a new system is no option cause the data loss would be unbearable and to mention it - the sstem is general yin a very bad shape.  Any help is appreciated.

Thanks!

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Admin (administrator) on ABUBAKER-PC (27-01-2016 12:31:04)
Running from C:\Users\Admin\Desktop\repair
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Auslogics) C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(MicroWorld Technologies Inc.) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE
(MicroWorld Technologies Inc.) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TorchMedia Inc.) C:\Users\Tamim\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Auslogics) C:\Program Files (x86)\Auslogics\BoostSpeed\FrameAppletProxy.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2016-01-27] (Lavasoft)
HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\MountPoints2: {35e91892-9665-11e5-b10e-9cb70dddd79b} - G:\LaunchU3.exe -a
HKU\S-1-5-21-346539747-1066731453-2550681808-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Tamim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-11-13]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55187;https=127.0.0.1:55187;
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-27] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-27] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{98D5FA9D-08DE-4001-84CE-26C90526BAE3}: [DhcpNameServer] 192.168.2.2
Tcpip\..\Interfaces\{BDF15EA2-2110-4005-AACE-5AB0ABC9CDFA}: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{C89AE6A8-3A45-4429-B9AB-149E0877D17E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-tr-rhb-30__alt__ddc_dsssyc_bd_com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130848964791254428&GUID=E60CF51B-19C8-4474-A595-EFDC724B9E8D
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437603056&z=85ab5ecc2aaec7612285a0bgdz0c8m5qceec3e1g2w&from=wpc&uid=ST9250315AS_5VCC10P7XXXX5VCC10P7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437603056&z=85ab5ecc2aaec7612285a0bgdz0c8m5qceec3e1g2w&from=wpc&uid=ST9250315AS_5VCC10P7XXXX5VCC10P7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1437603056&z=85ab5ecc2aaec7612285a0bgdz0c8m5qceec3e1g2w&from=wpc&uid=ST9250315AS_5VCC10P7XXXX5VCC10P7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1437603056&z=85ab5ecc2aaec7612285a0bgdz0c8m5qceec3e1g2w&from=wpc&uid=ST9250315AS_5VCC10P7XXXX5VCC10P7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437603056&z=85ab5ecc2aaec7612285a0bgdz0c8m5qceec3e1g2w&from=wpc&uid=ST9250315AS_5VCC10P7XXXX5VCC10P7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437603056&z=85ab5ecc2aaec7612285a0bgdz0c8m5qceec3e1g2w&from=wpc&uid=ST9250315AS_5VCC10P7XXXX5VCC10P7&q={searchTerms}
HKU\S-1-5-21-346539747-1066731453-2550681808-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D012716-A7D4577D918&form=CONMHP&conlogo=CT3334486
HKU\S-1-5-21-346539747-1066731453-2550681808-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_29&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyE0B0D0FtCyC0C0A0C0AtN0D0Tzu0StCtBzyyEtN1L2XzutAtFtCtBtFyDtFyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzyyDtAtB0D0CtCtGtB0ByEtCtGtAtA0AtBtGyDzyyD0FtGyDtBtA0AyDtAtC0FyEzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztD0B0ByB0B0B0EtG0DyD0F0CtGyEtDzztBtGzz0A0ByDtGtDyDtD0F0EyE0D0FyE0ByB0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzzzyD%26cr%3D2077578675%26a%3Dwncy_pwrisofs_15_29%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-tr-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-346539747-1066731453-2550681808-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D012716-A7D4577D918&form=CONBDF&conlogo=CT3334486&q={searchTerms}
SearchScopes: HKU\S-1-5-21-346539747-1066731453-2550681808-1000 -> {120F54F0-6D84-487F-9826-2234621912B8} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-346539747-1066731453-2550681808-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-346539747-1066731453-2550681808-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1mnsmh6f.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D012716-A7D4577D918&form=CONMHP&conlogo=CT3334486
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D012716-A7D4577D918&form=CONMHP&conlogo=CT3334486
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll [2012-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2012-02-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1mnsmh6f.default\searchplugins\bing-lavasoft.xml [2016-01-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-01-06]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ancient History Encyclopedia) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2015-09-03]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-09-03]
CHR Extension: (PDF Converter) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgnkfgleaamgbhhojkfijjmjmngokkb [2015-12-12]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2015-09-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-01-06]
CHR Extension: (DictionaryBoss) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\epljggmdileomnkecfgpmcjodnikpdmm [2015-10-26]
CHR Extension: (Linkedin Styler) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flejfoljhielmbimlgkdlnolbjlbffhn [2015-11-27]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-20]
CHR Extension: (Gantter for Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo [2015-09-03]
CHR Extension: (Lakeside Sunrise Theme) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgdnkapcadpkfhpeljgdnoebcppgean [2015-09-03]
CHR Extension: (PDF To Word Converter) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijcidehmghliocaelamimgiaiogcjal [2015-09-03]
CHR Extension: (Twoo Notifications) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggafhpkgkfebnjfbiefbbbicikgchlf [2015-09-03]
CHR Extension: (English vocabulary) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj [2015-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-03]
CHR Extension: (MURAL) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf [2016-01-06]
CHR Extension: (TOEFL Exam: Vocabulary) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohimbonnfmkmlgnhbmgcbcfoffckpohp [2015-09-03]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-01-06] (Kaspersky Lab ZAO)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-01-27] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MWAgent; C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE [859432 2012-10-04] (MicroWorld Technologies Inc.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2016-01-27] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S2 TheScreenSnapshotService; C:\Program Files (x86)\ScreenSnapshotTool\1.1.0.10921\ScreenShotServ.exe [152016 2015-09-17] ()
R2 TorchCrashHandler; C:\Users\Tamim\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-07-16] (TorchMedia Inc.) <==== ATTENTION
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-05] (Atheros Communications, Inc.)
S3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-01-06] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2016-01-06] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2016-01-06] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-06] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 wfdrvr_vt_1_10_0_28; C:\Windows\System32\drivers\wfdrvr_vt_1_10_0_28.sys [61296 2015-10-30] (WF)
U0 SR; no ImagePath
U2 SRService; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 12:30 - 2016-01-27 12:31 - 00000000 ____D C:\FRST
2016-01-27 11:42 - 2012-07-20 07:22 - 00082432 _____ (Xtreme Gaming Studio) C:\Users\Admin\Desktop\IntelBurnTestV2.exe
2016-01-27 11:39 - 2016-01-27 12:24 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-27 11:39 - 2016-01-27 11:57 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-27 11:39 - 2016-01-27 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-27 11:39 - 2016-01-27 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-27 11:39 - 2016-01-27 11:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-27 11:39 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-27 11:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-27 11:37 - 2016-01-27 11:37 - 00000361 _____ C:\Prefs.js
2016-01-27 11:37 - 2016-01-27 11:37 - 00000000 ____D C:\searchplugins
2016-01-27 11:36 - 2016-01-27 11:41 - 00002904 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-01-27 11:36 - 2016-01-27 11:41 - 00002904 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-01-27 11:36 - 2016-01-27 11:38 - 00000000 ____D C:\ProgramData\Auslogics
2016-01-27 11:36 - 2016-01-27 11:36 - 00000000 ____D C:\Windows\System32\Tasks\Auslogics
2016-01-27 11:36 - 2016-01-27 11:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Lavasoft
2016-01-27 11:36 - 2016-01-27 11:36 - 00000000 ____D C:\Users\Admin\AppData\Local\Lavasoft
2016-01-27 11:36 - 2016-01-27 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-01-27 11:35 - 2016-01-27 11:36 - 00001262 _____ C:\Users\Admin\Desktop\Auslogics BoostSpeed 8.lnk
2016-01-27 11:35 - 2016-01-27 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-01-27 11:35 - 2016-01-27 11:36 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-01-27 11:35 - 2016-01-27 11:35 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00001337 _____ C:\Users\Admin\Desktop\Auslogics Registry Cleaner.lnk
2016-01-27 11:35 - 2016-01-27 11:35 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-27 11:35 - 2016-01-27 11:35 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-01-27 11:17 - 2016-01-27 11:18 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2016-01-27 11:17 - 2016-01-27 11:18 - 00000000 ____D C:\ProgramData\TuneUp Software
2016-01-27 11:14 - 2016-01-27 11:14 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-01-27 11:14 - 2016-01-27 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-27 11:14 - 2016-01-27 11:14 - 00000000 ____D C:\ProgramData\Avira
2016-01-27 11:14 - 2016-01-27 11:14 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-27 11:09 - 2016-01-27 12:31 - 00000000 ____D C:\Users\Admin\Desktop\repair
2016-01-27 10:57 - 2016-01-27 10:57 - 00000000 ____D C:\Windows\pss
2016-01-27 10:44 - 2016-01-27 12:04 - 00353042 _____ C:\Windows\ntbtlog.txt
2016-01-25 20:50 - 2016-01-25 20:50 - 00003573 _____ C:\Users\Admin\Desktop\mum plann-Layout2.pdf
2016-01-25 20:22 - 2016-01-26 06:44 - 00000000 ____D C:\Users\Admin\Desktop\Mobile Photos
2016-01-23 20:56 - 2016-01-23 20:56 - 01902848 _____ C:\Users\Admin\Desktop\SCHOLARS AT RISK_1.pdf
2016-01-23 20:52 - 2016-01-23 20:52 - 02020062 _____ C:\Users\Admin\Downloads\SCHOLARS AT RISK_1.pdf
2016-01-22 22:25 - 2016-01-22 22:25 - 00039863 _____ C:\Users\Admin\Desktop\Scholars at Risk Network.htm
2016-01-22 22:25 - 2016-01-22 22:25 - 00000000 ____D C:\Users\Admin\Desktop\Scholars at Risk Network_files
2016-01-22 14:08 - 2016-01-22 14:08 - 00274544 _____ C:\Windows\Minidump\012216-16426-01.dmp
2016-01-20 23:54 - 2016-01-20 23:54 - 01030274 _____ C:\Users\Admin\Downloads\ASR_2006.pdf
2016-01-20 22:31 - 2016-01-20 22:31 - 00308755 _____ C:\Users\Admin\Desktop\Silkvya Kittner Invitation.pdf
2016-01-20 22:30 - 2016-01-20 22:30 - 00305911 _____ C:\Users\Admin\Downloads\Invitation(2).pdf
2016-01-20 22:29 - 2016-01-20 22:29 - 00305911 _____ C:\Users\Admin\Downloads\Invitation.pdf
2016-01-20 22:29 - 2016-01-20 22:29 - 00305911 _____ C:\Users\Admin\Downloads\Invitation(1).pdf
2016-01-20 16:23 - 2016-01-20 16:23 - 00025744 _____ C:\Users\Admin\Desktop\Mark Baxter.pdf
2016-01-20 16:22 - 2016-01-20 16:22 - 00039210 _____ C:\Users\Admin\Downloads\5SB1418825179d589.PDF
2016-01-19 11:02 - 2016-01-19 11:02 - 00036818 _____ C:\Users\Admin\Downloads\ufz
2016-01-17 11:40 - 2016-01-17 11:40 - 00000000 ____D C:\Users\Admin\AppData\Local\Viber Media S.à r.l
2016-01-17 11:40 - 2016-01-17 11:40 - 00000000 ____D C:\Users\Admin\.ViberPC
2016-01-17 11:40 - 2016-01-17 11:40 - 00000000 ____D C:\Users\Admin\.QtWebEngineProcess
2016-01-17 11:33 - 2016-01-17 11:33 - 00202033 _____ C:\Users\Admin\Desktop\knowledge transfer Helmholtz Association 2015.pdf
2016-01-17 11:32 - 2016-01-17 11:32 - 00202035 _____ C:\Users\Admin\Downloads\knowledge transfer Helmholtz Association 2015.pdf
2016-01-17 11:29 - 2016-01-17 11:29 - 00201943 _____ C:\Users\Admin\Downloads\20150618_Wissenstransfer_Eckpunktepapier.pdf
2016-01-17 11:29 - 2016-01-17 11:29 - 00201943 _____ C:\Users\Admin\Downloads\20150618_Wissenstransfer_Eckpunktepapier(1).pdf
2016-01-15 21:31 - 2016-01-27 10:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ViberPC
2016-01-15 21:31 - 2016-01-15 21:31 - 00000959 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-01-15 21:31 - 2016-01-15 21:31 - 00000957 _____ C:\Users\Admin\Desktop\Viber.lnk
2016-01-15 21:31 - 2016-01-15 21:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-01-15 21:31 - 2016-01-15 21:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Package Cache
2016-01-15 20:24 - 2016-01-15 21:20 - 101213136 _____ (Viber Media Inc.) C:\Users\Admin\Downloads\ViberSetup(1).exe
2016-01-14 00:23 - 2016-01-14 00:23 - 04725880 _____ C:\Users\Admin\Downloads\qatarChronicle_n7_arabic.pdf
2016-01-13 23:51 - 2016-01-13 23:51 - 03543941 _____ C:\Users\Admin\Downloads\ZUCatalog2010_2011.pdf
2016-01-10 12:35 - 2016-01-10 12:35 - 05816744 _____ C:\Users\Admin\Downloads\48694_CITE-special.pdf
2016-01-10 12:24 - 2016-01-10 12:24 - 08088213 _____ C:\Users\Admin\Downloads\49703_wasser_wissen_en.pdf
2016-01-10 12:24 - 2016-01-10 12:24 - 08088213 _____ C:\Users\Admin\Downloads\49703_wasser_wissen_en(1).pdf
2016-01-08 22:45 - 2016-01-08 22:45 - 00238194 _____ C:\Users\Admin\Downloads\fundraisingandthelaw.pdf
2016-01-08 22:44 - 2016-01-08 22:44 - 00537418 _____ C:\Users\Admin\Downloads\organisingyourownevent.pdf
2016-01-08 22:43 - 2016-01-08 22:43 - 00106378 _____ C:\Users\Admin\Downloads\stallsandcollections.pdf
2016-01-08 22:30 - 2016-01-08 22:30 - 00556511 _____ C:\Users\Admin\Downloads\judi-dench-poster.pdf
2016-01-08 22:29 - 2016-01-08 22:29 - 00493813 _____ C:\Users\Admin\Downloads\jenny-seagrove-poster.pdf
2016-01-08 22:27 - 2016-01-08 22:27 - 01091155 _____ C:\Users\Admin\Downloads\dd-a4-poster.pdf
2016-01-08 22:25 - 2016-01-08 22:25 - 00806808 _____ C:\Users\Admin\Downloads\brian-may-poster1.pdf
2016-01-08 22:18 - 2016-01-08 22:18 - 00898959 _____ C:\Users\Admin\Downloads\joanna-lumley-poster(2).pdf
2016-01-08 22:18 - 2016-01-08 22:18 - 00898959 _____ C:\Users\Admin\Downloads\joanna-lumley-poster(1).pdf
2016-01-08 22:17 - 2016-01-08 22:17 - 00898959 _____ C:\Users\Admin\Downloads\joanna-lumley-poster.pdf
2016-01-08 21:43 - 2016-01-08 21:43 - 00446941 _____ C:\Users\Admin\Downloads\job-description--person-specification---charity-shop-deputy-manager.pdf
2016-01-08 07:18 - 2016-01-08 07:18 - 00000402 _____ C:\Users\Admin\Desktop\click.htm
2016-01-07 22:02 - 2016-01-07 22:02 - 00266951 _____ C:\Users\Admin\Downloads\Schweigepflicht Fam. Toboli_LKL.pdf
2016-01-07 09:27 - 2016-01-08 06:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 07:27 - 2016-01-12 08:39 - 00157184 ____H C:\Users\Admin\Desktop\~WRL1557.tmp
2016-01-06 16:45 - 2016-01-06 16:45 - 00002446 _____ C:\Users\Admin\Desktop\Sicherer Zahlungsverkehr.lnk
2016-01-06 16:45 - 2016-01-06 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-01-06 16:45 - 2016-01-06 16:44 - 00002140 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-01-06 16:43 - 2016-01-27 12:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-06 16:43 - 2016-01-06 16:43 - 00000000 ____D C:\Windows\ELAMBKUP
2016-01-06 16:43 - 2016-01-06 16:43 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-06 16:43 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-01-06 16:42 - 2016-01-06 21:12 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-01-06 16:42 - 2016-01-06 21:12 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-01-06 07:45 - 2016-01-06 07:45 - 00184759 _____ C:\Users\Admin\Desktop\koordinator_fluechtlinge_2015_10.pdf
2016-01-05 23:03 - 2016-01-05 23:03 - 07903132 _____ C:\Users\Admin\Downloads\13_Helmholtz_Frauen_Karrieren_und_Talente.pdf
2016-01-05 19:00 - 2016-01-05 19:00 - 02234722 _____ C:\Users\Admin\Downloads\Guide-to-Working-in-Germany_en.pdf
2016-01-05 09:08 - 2016-01-05 09:08 - 04736360 _____ C:\Users\Admin\Downloads\HTS_Broschuere_engl_bf.pdf
2016-01-05 09:01 - 2016-01-05 09:01 - 02041890 _____ C:\Users\Admin\Downloads\BBB_2015_eng.pdf
2016-01-04 17:57 - 2016-01-04 17:57 - 09862353 _____ C:\Users\Admin\Downloads\Thesis (complete) (4).pdf
2016-01-04 17:46 - 2016-01-04 17:46 - 17562807 _____ C:\Users\Admin\Downloads\ediss581.pdf
2016-01-04 11:07 - 2016-01-04 11:07 - 07026860 _____ C:\Users\Admin\Downloads\Gesundheitsforschungsprogramm_engl_barrierefrei(1).pdf
2016-01-04 11:06 - 2016-01-04 11:07 - 07026860 _____ C:\Users\Admin\Downloads\Gesundheitsforschungsprogramm_engl_barrierefrei.pdf
2016-01-04 09:29 - 2016-01-04 09:29 - 00262144 _____ C:\Windows\Minidump\010416-16582-01.dmp
2016-01-03 20:55 - 2016-01-03 20:55 - 00051147 _____ C:\Users\Admin\Downloads\TEXTE_CHAIRES_ENG(1).pdf
2016-01-03 20:54 - 2016-01-03 20:54 - 00051147 _____ C:\Users\Admin\Downloads\TEXTE_CHAIRES_ENG.pdf
2016-01-01 11:37 - 2016-01-01 11:37 - 00188749 _____ C:\Users\Admin\Downloads\KATXXXXXX_Stellenausschreibung_Laborant_Bio_www.pdf
2016-01-01 11:37 - 2016-01-01 11:37 - 00164085 _____ C:\Users\Admin\Downloads\Chemiker_WA_201510.pdf
2016-01-01 11:37 - 2016-01-01 11:37 - 00164085 _____ C:\Users\Admin\Downloads\Chemiker_WA_201510(1).pdf
2015-12-31 21:44 - 2015-12-31 21:44 - 01155651 _____ C:\Users\Admin\Downloads\University College Oxford Record 2015.pdf
2015-12-31 19:00 - 2015-12-31 19:00 - 16130990 _____ C:\Users\Admin\Downloads\MEA2014_Proceedings_web.pdf
2015-12-31 18:13 - 2016-01-05 21:03 - 00000000 ____D C:\Users\Admin\Desktop\Search Results in all Diktops
2015-12-30 18:41 - 2015-12-30 18:41 - 00262144 _____ C:\Windows\Minidump\123015-20077-01.dmp
2015-12-28 18:49 - 2016-01-13 11:27 - 00000000 ____D C:\Users\Admin\Desktop\Favorets folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 12:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-27 12:16 - 2009-07-14 05:45 - 00033904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 12:16 - 2009-07-14 05:45 - 00033904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 12:08 - 2015-08-29 17:56 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-01-27 12:08 - 2009-07-14 03:34 - 00000653 _____ C:\Windows\win.ini
2016-01-27 12:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 11:41 - 2015-10-21 21:09 - 00000000 ____D C:\Program Files\Google
2016-01-27 11:41 - 2015-01-22 02:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-27 11:38 - 2015-09-08 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Jurassic World
2016-01-27 11:38 - 2015-09-02 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Search
2016-01-27 11:38 - 2015-07-19 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2016-01-27 11:38 - 2015-01-22 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-27 11:31 - 2015-01-22 02:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-01-27 11:13 - 2015-09-08 14:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-27 10:52 - 2015-08-30 19:55 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C886227-FF9A-4807-859A-96DF9EA7FD90}
2016-01-26 15:00 - 2015-09-23 18:34 - 00000000 ____D C:\Users\Admin\Desktop\Toboli in Germany
2016-01-26 07:03 - 2015-11-15 17:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ScreenSnapshotTool
2016-01-25 21:06 - 2015-07-22 23:06 - 00000350 _____ C:\Windows\Tasks\DreamTranslation.job
2016-01-25 10:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-22 20:58 - 2009-07-14 06:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-22 14:08 - 2015-03-24 00:28 - 00000000 ____D C:\Windows\Minidump
2016-01-18 19:14 - 2015-12-27 18:36 - 00000000 ____D C:\Users\Admin\Documents\ViberDownloads
2016-01-17 11:40 - 2015-03-27 03:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Viber
2016-01-17 11:40 - 2015-01-22 01:45 - 00000000 ____D C:\Users\Admin
2016-01-08 06:57 - 2015-09-01 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-06 21:12 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2016-01-06 21:00 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-01-06 16:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-06 14:47 - 2015-10-21 20:58 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-06 01:25 - 2015-11-28 10:25 - 00000000 ____D C:\Users\Admin\Desktop\Collective Files Whyra
2016-01-02 19:29 - 2015-09-03 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2015-12-28 18:49 - 2015-11-28 09:56 - 00000000 ____D C:\Users\Admin\Desktop\Bookmarks

==================== Files in the root of some directories =======

2015-08-06 19:03 - 2015-08-24 14:12 - 0000024 _____ () C:\Users\Admin\AppData\Roaming\appdataFr25.bin
2015-07-16 06:17 - 2015-07-16 06:17 - 0042496 ___SH () C:\Users\Admin\AppData\Roaming\Thumbs.db

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\msvl64.dll
C:\Users\Admin\AppData\Local\Temp\mwavscan.exe
C:\Users\Admin\AppData\Local\Temp\ScoreSelector.dll
C:\Users\Admin\AppData\Local\Temp\Setup.exe
C:\Users\Admin\AppData\Local\Temp\Wizard.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Admin\AppData\Local\Temp\ytb.exe
C:\Users\Admin\AppData\Local\Temp\{6D9EC451-5F1C-4848-B891-D8E316F05B88}-47.0.2526.73_46.0.2490.86_chrome_updater.exe
C:\Users\Tamim\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Tamim\AppData\Local\Temp\InstallHelper.exe
C:\Users\Tamim\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Tamim\AppData\Local\Temp\JSE_install_app-1437261539810.exe
C:\Users\Tamim\AppData\Local\Temp\pixel.heroes.v1.365__10924_i1746387549_il560911.exe
C:\Users\Tamim\AppData\Local\Temp\RegistryReviverFreeSetup.exe
C:\Users\Tamim\AppData\Local\Temp\setup.exe
C:\Users\Tamim\AppData\Local\Temp\ytb.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
C:\Windows\SysWOW64\wmicuclt.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 11:40

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Admin (2016-01-27 12:32:22)
Running from C:\Users\Admin\Desktop\repair
Windows 7 Professional Service Pack 1 (X64) (2015-01-22 00:45:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-346539747-1066731453-2550681808-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-346539747-1066731453-2550681808-500 - Administrator - Disabled)
Guest (S-1-5-21-346539747-1066731453-2550681808-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-346539747-1066731453-2550681808-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced ScreenSnapshot 1.1 (HKLM\...\{61FFE1F9-137D-4c31-A181-3415FCAA5946}) (Version: 1.1.0.10921 - qiusheng xie) <==== ATTENTION
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auslogics BoostSpeed 8 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 8.2.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.2.0.0 - Auslogics Labs Pty Ltd)
Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
OldSchool RuneScape Launcher 1.2.5 (HKLM-x32\...\{375893B6-C8DB-42B0-9547-6E4437542C33}) (Version: 1.2.5 - Jagex Ltd)
OldSchool RuneScape Launcher 1.2.6 (HKLM-x32\...\{05BFC9A4-24B2-4E96-A450-A3D926A64C20}) (Version: 1.2.6 - Jagex Ltd)
Opera Stable 33.0.1990.58 (HKLM-x32\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RocketTab (HKLM-x32\...\RocketTab) (Version: 2.0 - RocketTab) <==== ATTENTION
RuneScape Launcher 1.2.6 (HKLM-x32\...\{B49A8622-40E7-4F77-827A-A43E250FADB1}) (Version: 1.2.6 - Jagex Ltd)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sumotori Full Version (HKLM-x32\...\Sumotori Full Version) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{A27670CD-64A6-4C51-AA15-5603DF535D19}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Viber (HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.)
Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden
ViewConsort (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{87a00dcf}) (Version:  - ViewConsort) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Companion (HKLM-x32\...\{308a1bb9-7bca-42eb-806c-c9ac4bcafaef}) (Version: 2.1.1265.2535 - Lavasoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WordFly 1.10.0.28 (HKLM-x32\...\WordFly_1.10.0.28) (Version: 1.10.0.28 - WordFly) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18FDDF29-00F2-4DA6-980B-F486C317B621} - \WordShark Auto Updater 1.10.0.20 Core -> No File <==== ATTENTION
Task: {3E14A572-E1CD-47B5-8AE4-D5C4DD4808C1} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe
Task: {4CFBA0B1-05D7-4579-BA0B-F593AB1BA2B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {584A8FC4-C34C-49A8-BFF4-02AFF59F4660} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {694DFC33-61C6-496C-B293-0E5727F8B15C} - \DreamTranslation -> No File <==== ATTENTION
Task: {6BFA5D5E-B2C4-4C07-861D-230175EDAF6E} - System32\Tasks\updateTask => c:\task.vbs
Task: {AAA16DAA-EEF1-44F9-A483-E637A8F79E25} - System32\Tasks\runTask => C:\Users\Admin\AppData\Local\Temp/Updater.exe
Task: {BC52CEC3-264B-4FB6-B294-BDC1D4D1A37E} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Admin logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2016-01-06] (Auslogics)
Task: {CE83B48C-F73A-4FA4-9C9E-7E4E02BE2420} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {CE9A1AA7-3E8D-4D86-B92C-A0DE8EB0ECDB} - System32\Tasks\RocketTab => /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {DD825A93-0730-4D3F-982C-E5B48E9F56E2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E256C958-C151-4FA1-83D8-3C123731881A} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
Task: {E28FF2FB-7363-4F1A-B1D8-F4F933B90304} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2015-07-22] () <==== ATTENTION
Task: {E690B1C2-7AAF-49DE-B1A9-765FD0F51D3B} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION
Task: {FE4FB8F9-BDE1-4390-A054-4BE3E276CC8C} - System32\Tasks\Opera scheduled Autoupdate 1447595956 => C:\Program Files (x86)\Opera\launcher.exe [2015-10-30] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DreamTranslation.job => c:\programdata\{48ed0dc3-77f8-b182-48ed-d0dc377f370d}\minecraft_download.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-27 11:35 - 2016-01-27 11:35 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2016-01-27 11:35 - 2016-01-27 11:35 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2014-05-01 15:15 - 2014-05-01 15:15 - 00463360 _____ () C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX32.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-346539747-1066731453-2550681808-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 217.69.224.73 - 213.187.64.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Viber => "C:\Users\Admin\AppData\Local\Viber\Viber.exe" StartMinimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B1459F59-45B1-4EBD-980D-4493C406E773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69F1E3D8-8B6D-4708-82F1-2E3754D0C4F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDCF7912-67F9-4252-AD9F-19F4F46A309F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7EAC6386-D2AE-4762-8FFB-F51E2068F19E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{03DA768F-52C2-4A21-9763-F8DA2C6DF699}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AA947113-24D5-4C75-AC97-CC989D4CC182}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A0BA027B-06A1-4EE2-935C-FB4B1D06534B}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F00B2356-9C64-444F-BE63-344AEA511163}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0D57FC81-8426-4B9E-ABBF-7598231C1B8D}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2657388E-AE9F-43B2-8609-DC40FFB549C9}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{24F11971-A576-4A38-AE03-FFF014D0493D}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3F660BED-B4C7-42EB-97F5-21ADA541B41E}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{51796977-C39E-4C25-A126-2D70BAC19D51}] => (Allow) C:\Users\Tamim\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{DBDE99C7-014F-4B38-AB68-95FE9B9828AA}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{AA0EA112-DD24-4283-AFE7-6EC4D5BDCE8A}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{A1BD02BA-5DC0-41F7-903C-FF60F5D0D402}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE35A938-05B5-44C9-8F22-C4E17EE83479}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73369B31-D0E6-4031-AA26-656B70773552}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{4313D700-54E2-4092-82AA-B0C79FA06027}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 12:24:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1284
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:22:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1538
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x10a4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:20:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6f8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x11a8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:08:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WordflyAutoUpdateClient.exe, version: 1.10.0.28, time stamp: 0x5632afdf
Faulting module name: mscorwks.dll, version: 2.0.50727.5420, time stamp: 0x4ca2b820
Exception code: 0xc0000005
Fault offset: 0x0015f47a
Faulting process id: 0x%9
Faulting application start time: 0xWordflyAutoUpdateClient.exe0
Faulting application path: WordflyAutoUpdateClient.exe1
Faulting module path: WordflyAutoUpdateClient.exe2
Report Id: WordflyAutoUpdateClient.exe3

Error: (01/27/2016 12:08:44 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Fatal Execution Engine Error (7359E92A) (80131506)

Error: (01/27/2016 12:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.19.0, time stamp: 0x55e84649
Faulting module name: mbamservice.exe, version: 3.2.19.0, time stamp: 0x55e84649
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0xb84
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (01/27/2016 12:08:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 12:07:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd60
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (01/27/2016 12:18:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The The Screen Snapshot Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/27/2016 12:10:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/27/2016 12:10:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (01/27/2016 12:10:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (01/27/2016 12:10:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2016-01-23 09:52:04.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 4003.76 MB
Available physical RAM: 1786.99 MB
Total Virtual: 8005.71 MB
Available Virtual: 5318.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.09 GB) (Free:16.96 GB) NTFS
Drive d: () (Fixed) (Total:102.03 GB) (Free:69.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4E338717)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=102 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End of Addition.txt ============================

 

my fixlog

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Admin (2016-01-27 12:32:22)
Running from C:\Users\Admin\Desktop\repair
Windows 7 Professional Service Pack 1 (X64) (2015-01-22 00:45:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-346539747-1066731453-2550681808-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-346539747-1066731453-2550681808-500 - Administrator - Disabled)
Guest (S-1-5-21-346539747-1066731453-2550681808-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-346539747-1066731453-2550681808-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced ScreenSnapshot 1.1 (HKLM\...\{61FFE1F9-137D-4c31-A181-3415FCAA5946}) (Version: 1.1.0.10921 - qiusheng xie) <==== ATTENTION
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auslogics BoostSpeed 8 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 8.2.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.2.0.0 - Auslogics Labs Pty Ltd)
Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
OldSchool RuneScape Launcher 1.2.5 (HKLM-x32\...\{375893B6-C8DB-42B0-9547-6E4437542C33}) (Version: 1.2.5 - Jagex Ltd)
OldSchool RuneScape Launcher 1.2.6 (HKLM-x32\...\{05BFC9A4-24B2-4E96-A450-A3D926A64C20}) (Version: 1.2.6 - Jagex Ltd)
Opera Stable 33.0.1990.58 (HKLM-x32\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RocketTab (HKLM-x32\...\RocketTab) (Version: 2.0 - RocketTab) <==== ATTENTION
RuneScape Launcher 1.2.6 (HKLM-x32\...\{B49A8622-40E7-4F77-827A-A43E250FADB1}) (Version: 1.2.6 - Jagex Ltd)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sumotori Full Version (HKLM-x32\...\Sumotori Full Version) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{A27670CD-64A6-4C51-AA15-5603DF535D19}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Viber (HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.)
Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden
ViewConsort (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{87a00dcf}) (Version:  - ViewConsort) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Companion (HKLM-x32\...\{308a1bb9-7bca-42eb-806c-c9ac4bcafaef}) (Version: 2.1.1265.2535 - Lavasoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WordFly 1.10.0.28 (HKLM-x32\...\WordFly_1.10.0.28) (Version: 1.10.0.28 - WordFly) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18FDDF29-00F2-4DA6-980B-F486C317B621} - \WordShark Auto Updater 1.10.0.20 Core -> No File <==== ATTENTION
Task: {3E14A572-E1CD-47B5-8AE4-D5C4DD4808C1} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe
Task: {4CFBA0B1-05D7-4579-BA0B-F593AB1BA2B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {584A8FC4-C34C-49A8-BFF4-02AFF59F4660} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {694DFC33-61C6-496C-B293-0E5727F8B15C} - \DreamTranslation -> No File <==== ATTENTION
Task: {6BFA5D5E-B2C4-4C07-861D-230175EDAF6E} - System32\Tasks\updateTask => c:\task.vbs
Task: {AAA16DAA-EEF1-44F9-A483-E637A8F79E25} - System32\Tasks\runTask => C:\Users\Admin\AppData\Local\Temp/Updater.exe
Task: {BC52CEC3-264B-4FB6-B294-BDC1D4D1A37E} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Admin logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2016-01-06] (Auslogics)
Task: {CE83B48C-F73A-4FA4-9C9E-7E4E02BE2420} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {CE9A1AA7-3E8D-4D86-B92C-A0DE8EB0ECDB} - System32\Tasks\RocketTab => /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {DD825A93-0730-4D3F-982C-E5B48E9F56E2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E256C958-C151-4FA1-83D8-3C123731881A} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
Task: {E28FF2FB-7363-4F1A-B1D8-F4F933B90304} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2015-07-22] () <==== ATTENTION
Task: {E690B1C2-7AAF-49DE-B1A9-765FD0F51D3B} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION
Task: {FE4FB8F9-BDE1-4390-A054-4BE3E276CC8C} - System32\Tasks\Opera scheduled Autoupdate 1447595956 => C:\Program Files (x86)\Opera\launcher.exe [2015-10-30] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DreamTranslation.job => c:\programdata\{48ed0dc3-77f8-b182-48ed-d0dc377f370d}\minecraft_download.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-27 11:35 - 2016-01-27 11:35 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2016-01-27 11:35 - 2016-01-27 11:35 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-01-27 11:35 - 2016-01-27 11:35 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2014-05-01 15:15 - 2014-05-01 15:15 - 00463360 _____ () C:\Users\Tamim\AppData\Local\MEGAsync\ShellExtX32.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-346539747-1066731453-2550681808-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-346539747-1066731453-2550681808-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 217.69.224.73 - 213.187.64.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Viber => "C:\Users\Admin\AppData\Local\Viber\Viber.exe" StartMinimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B1459F59-45B1-4EBD-980D-4493C406E773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69F1E3D8-8B6D-4708-82F1-2E3754D0C4F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDCF7912-67F9-4252-AD9F-19F4F46A309F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7EAC6386-D2AE-4762-8FFB-F51E2068F19E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{03DA768F-52C2-4A21-9763-F8DA2C6DF699}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AA947113-24D5-4C75-AC97-CC989D4CC182}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A0BA027B-06A1-4EE2-935C-FB4B1D06534B}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F00B2356-9C64-444F-BE63-344AEA511163}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0D57FC81-8426-4B9E-ABBF-7598231C1B8D}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2657388E-AE9F-43B2-8609-DC40FFB549C9}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{24F11971-A576-4A38-AE03-FFF014D0493D}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3F660BED-B4C7-42EB-97F5-21ADA541B41E}] => (Allow) C:\Users\Tamim\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{51796977-C39E-4C25-A126-2D70BAC19D51}] => (Allow) C:\Users\Tamim\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{DBDE99C7-014F-4B38-AB68-95FE9B9828AA}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{AA0EA112-DD24-4283-AFE7-6EC4D5BDCE8A}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{A1BD02BA-5DC0-41F7-903C-FF60F5D0D402}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE35A938-05B5-44C9-8F22-C4E17EE83479}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73369B31-D0E6-4031-AA26-656B70773552}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{4313D700-54E2-4092-82AA-B0C79FA06027}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 12:24:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1284
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:22:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1538
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x10a4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:20:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6f8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x11a8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/27/2016 12:08:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WordflyAutoUpdateClient.exe, version: 1.10.0.28, time stamp: 0x5632afdf
Faulting module name: mscorwks.dll, version: 2.0.50727.5420, time stamp: 0x4ca2b820
Exception code: 0xc0000005
Fault offset: 0x0015f47a
Faulting process id: 0x%9
Faulting application start time: 0xWordflyAutoUpdateClient.exe0
Faulting application path: WordflyAutoUpdateClient.exe1
Faulting module path: WordflyAutoUpdateClient.exe2
Report Id: WordflyAutoUpdateClient.exe3

Error: (01/27/2016 12:08:44 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Fatal Execution Engine Error (7359E92A) (80131506)

Error: (01/27/2016 12:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.19.0, time stamp: 0x55e84649
Faulting module name: mbamservice.exe, version: 3.2.19.0, time stamp: 0x55e84649
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0xb84
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (01/27/2016 12:08:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 12:07:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd60
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (01/27/2016 12:18:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The The Screen Snapshot Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/27/2016 12:10:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/27/2016 12:10:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (01/27/2016 12:10:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (01/27/2016 12:10:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2016 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2016-01-23 09:52:04.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 09:52:04.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 07:51:53.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 4003.76 MB
Available physical RAM: 1786.99 MB
Total Virtual: 8005.71 MB
Available Virtual: 5318.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.09 GB) (Free:16.96 GB) NTFS
Drive d: () (Fixed) (Total:102.03 GB) (Free:69.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4E338717)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=102 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 RootKit24

RootKit24

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 27 January 2016 - 01:25 PM

If your computer is freezing, here are the most likely causes, from my experience. The hard drive is starting to fail, corruption within the OS, or virus related. I can assist you as best I can via this forum, if you'd like.

 

-Rootkit



#3 InsanaTommy

InsanaTommy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 28 January 2016 - 03:56 AM

Hello Rootkit,

 

this would be appreciated. So judging from you post you assume I should first run CrystalDiskInfo to rule out hardware failor. Still the problems running malware detection make me suspicious and indicate a virus, dont you think so? Thats why i posted the FRST results.

 

-Tommy



#4 InsanaTommy

InsanaTommy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 28 January 2016 - 10:22 AM

Results of CrystalDisk doent look to good but I rather want to rule out a virus or OS corruption completely before telling him to buy a new HDD.

79 reallocated sectors, pending sector count 100 and 100 uncorrectable sectors. Its rather hot with ~ 40°C (no idea how much fahrenheit these are :P) mean.

 

-Tommy.



#5 RootKit24

RootKit24

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 28 January 2016 - 11:11 AM

Tommy,

 

I would start with a total virus cleanup first, using the tools here on bleepingcomputer. Use the following rkill, tdsskiller, jrt, adw, autoruns, combofix (only for xp, win7, window8 machines only), malwarebytes, super anti-spyware, and download this tool https://www.malwarebytes.org/antirootkit/. Once you ran the virus scans, reboot the machine. Did you run a full check disk? Example: chkdsk /f/r <drive letter> 

 

We will take this processes one step at a time.

 

-Rootkit






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users