Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-12-2015 Ran by riqdh (2015-12-28 10:56:08) Running from C:\Users\riqdh\Desktop Microsoft Windows 7 Alienware 2010 (X86) (2015-11-04 03:45:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3564263586-645558907-3407407313-500 - Administrator - Disabled) Guest (S-1-5-21-3564263586-645558907-3407407313-501 - Limited - Disabled) riqdh (S-1-5-21-3564263586-645558907-3407407313-1000 - Administrator - Enabled) => C:\Users\riqdh ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3564263586-645558907-3407407313-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) 7-Zip 4.65 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Reader 9.3 - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated) Alienware Dual Compatible Game Pad (HKLM\...\{39540D6A-9773-4063-9194-4C5AA92E89FD}) (Version: 2.80.0000 - Alienware) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd) Free YouTube Download (HKLM\...\Free YouTube Download_is1) (Version: 4.0.4.1027 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.59.616 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.616 - DVDVideoSoft Ltd.) Google Update Helper (Version: 1.2.183.23 - Google Inc.) Hidden GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.3 - GridinSoft LLC) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Kaspersky Internet Security (HKLM\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (Version: 15.0.0.463 - Kaspersky Lab) Hidden K-Lite Codec Pack 5.9.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.9.0 - ) Logiciel d'archivage WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Math_5AP (HKLM\...\Math_5AP1.0) (Version: 1.0 - SiratSoft) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Mozilla Firefox 17.0.1 (x86 fr) (HKLM\...\Mozilla Firefox 17.0.1 (x86 fr)) (Version: 17.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla) mysites123 (HKLM\...\mysites123) (Version: 1.0.0.7 - ) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6458 - Realtek Semiconductor Corp.) Super-Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.111 - MSI) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Driver Package - Logitech HIDClass (10/16/2006 1.0) (HKLM\...\1EC636D2DBA2D9924E02E10DA797DEC16306C1A9) (Version: 10/16/2006 1.0 - Logitech) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3564263586-645558907-3407407313-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\localserver32 -> C:\Users\riqdh\AppData\Local\Yandex\Updater\yupdate-ctrl.exe (Yandex LLC) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1A4053B1-3E1B-473F-BCCF-AC6141ABA55B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated) Task: {9CABD043-5F4F-4F37-B858-68975630D6D5} - System32\Tasks\{BC3D9CF6-4028-4025-8607-7B081D831617} => pcalua.exe -a "C:\Program Files\VkontakteDJ\uninstall.exe" Task: {A64187F8-23FA-4590-A53E-52CDA51ED826} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-17] (AVAST Software) Task: {B4D1156C-05A2-4661-BC4F-AAD2252B9FC8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-12-25] (AO Kaspersky Lab) Task: {CA947EB7-081F-4AA0-BCD6-88CABB6023F1} - System32\Tasks\{2F0CDDCB-E11E-409F-A916-C082D2345531} => pcalua.exe -a "F:\logiciel\كيف تجعل السويتش هو السرفر.exe" -d F:\logiciel (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll 2015-11-06 17:53 - 2015-10-29 20:13 - 00110952 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\zlib1.dll 2015-11-06 17:53 - 2015-10-27 20:15 - 00104296 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll 2015-11-06 17:53 - 2015-10-27 20:15 - 00020328 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll 2015-11-06 17:53 - 2015-10-27 20:15 - 00253800 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\collector.dll 2015-11-06 17:53 - 2015-10-27 20:15 - 00295272 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\stat.dll 2015-11-06 17:53 - 2015-10-27 20:15 - 00044392 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll 2015-11-03 20:29 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll 2015-12-27 10:38 - 2012-11-29 00:26 - 02397152 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll 2014-04-20 01:42 - 2015-12-25 10:05 - 00642344 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3564263586-645558907-3407407313-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0E8F14AB-D80A-4F7D-8FB2-730C6919B8A5}] => (Allow) C:\Users\riqdh\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5D280FA2-447D-4839-9DCB-784FB00D2DDD}] => (Allow) C:\Users\riqdh\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CAB7BA2C-CFDD-4545-894F-2B0439A11978}] => (Allow) C:\Users\riqdh\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0808643E-A613-477E-A1D3-EF46432707AC}] => (Allow) C:\Users\riqdh\AppData\Roaming\uTorrent\uTorrent.exe ==================== Restore Points ========================= 28-11-2015 08:25:39 Scheduled Checkpoint 04-12-2015 10:45:23 Installed Alienware Dual Compatible Game Pad 14-12-2015 12:08:11 Scheduled Checkpoint 24-12-2015 09:49:09 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2015 11:52:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0xf40 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/26/2015 11:52:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0x1324 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/26/2015 11:52:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0x103c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/26/2015 11:52:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0xcd8 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/26/2015 11:52:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0x1574 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/26/2015 11:52:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0x1598 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/26/2015 11:51:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1 Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6 Exception code: 0x80000003 Fault offset: 0x0000ed36 Faulting process id: 0x15ec Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (12/26/2015 11:50:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: befbbfgffi.exe, version: 0.0.0.0, time stamp: 0x567ee3f5 Faulting module name: befbbfgffi.exe, version: 0.0.0.0, time stamp: 0x567ee3f5 Exception code: 0xc0000005 Fault offset: 0x00002a51 Faulting process id: 0x14a8 Faulting application start time: 0xbefbbfgffi.exe0 Faulting application path: befbbfgffi.exe1 Faulting module path: befbbfgffi.exe2 Report Id: befbbfgffi.exe3 Error: (12/23/2015 10:21:25 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1". Dependent Assembly Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/04/2015 10:45:22 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {1cdc2e0d-cbb4-4f86-b85b-c0a658cb7be9} System errors: ============= Error: (12/28/2015 09:49:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: sptd Error: (12/28/2015 09:49:46 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 34) (User: NT AUTHORITY) Description: Idle power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. Error: (12/28/2015 09:49:46 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 34) (User: NT AUTHORITY) Description: Idle power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. Error: (12/28/2015 09:49:39 AM) (Source: sptd) (EventID: 4) (User: ) Description: Driver detected an internal error in its data structures for . Error: (12/27/2015 10:28:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: sptd Error: (12/27/2015 10:27:55 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 34) (User: NT AUTHORITY) Description: Idle power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. Error: (12/27/2015 10:27:55 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 34) (User: NT AUTHORITY) Description: Idle power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. Error: (12/27/2015 10:27:48 AM) (Source: sptd) (EventID: 4) (User: ) Description: Driver detected an internal error in its data structures for . Error: (12/27/2015 09:54:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: sptd Error: (12/27/2015 09:53:54 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 34) (User: NT AUTHORITY) Description: Idle power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. CodeIntegrity: =================================== Date: 2015-12-26 02:20:38.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.822 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.819 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.813 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.810 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.796 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.795 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.792 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-12-26 02:20:38.785 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz Percentage of memory in use: 42% Total physical RAM: 3071.24 MB Available physical RAM: 1768.97 MB Total Virtual: 6140.76 MB Available Virtual: 4647.15 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:244.14 GB) (Free:155.32 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:221.52 GB) (Free:70.13 GB) NTFS Drive f: (Nouveau nom) (Fixed) (Total:465.75 GB) (Free:151.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3C913C90) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 89E73429) Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=221.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================