Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-04-2016
Ran by hamidalani (2016-05-03 13:13:06)
Running from C:\Users\hamidalani\Desktop
Windows 10 Pro (X64) (2016-05-01 22:31:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2490970796-2538201055-388478953-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2490970796-2538201055-388478953-503 - Limited - Disabled)
Guest (S-1-5-21-2490970796-2538201055-388478953-501 - Limited - Disabled)
hamidalani (S-1-5-21-2490970796-2538201055-388478953-1001 - Administrator - Enabled) => C:\Users\hamidalani
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.375.1 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.1 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: جدار الحماية الشخصي ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ant Download Manager version 0.3.4.beta (HKLM-x32\...\{754CB6A3-3FE2-40DA-9FE5-2864909BD1CC}_is1) (Version: 0.3.4.beta - AntGROUP, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.42.136 - OSToto Co., Ltd.)
DriversCloud.com (64 bits) (HKLM\...\{C0B32FDA-5FB1-43F9-9273-E5DC59EE9164}) (Version: 8.0.4.0 - Cybelsoft)
ESET Smart Security (HKLM\...\{90174CED-A8D5-44AF-A0DC-F42DCB348BE5}) (Version: 9.0.375.1 - ESET, spol. s r.o.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6498.0 - IDT)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mediatek Bluetooth (HKLM\...\{16BCAEDC-C115-1729-07C4-7A0091C699A6}) (Version: 11.0.749.0 - Mediatek)
Microsoft Office Professional Plus 2016 - ar-sa (HKLM\...\ProPlusRetail - ar-sa) (Version: 16.0.6769.2040 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10253 - Realtek Semiconductor Corp.)
Viber (HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\{6ac8839e-3aad-46d0-b1ae-484a26d68bab}) (Version: 5.9.0.115 - Viber Media Inc.)
Viber (x32 Version: 5.9.0.115 - Viber Media Inc.) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wise Disk Cleaner 9.23 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.23 - WiseCleaner.com, Inc.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {023B1E69-B67C-46FB-94F9-A0C01FBA25CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {028A832E-EB73-4004-BE61-C53FFBB47013} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.)
Task: {10B594E9-209B-40ED-B97F-3C043E35B5D7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {18E2938F-3586-4107-AF9F-51A794E68228} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-25] (Microsoft Corporation)
Task: {26861F51-6298-428C-823B-68E8D9D6BD13} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2BC334DF-051A-4B91-970C-A8F18CC2A7B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2CFD82DE-E835-4A60-B45A-79C500500988} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.)
Task: {36B02708-6AB6-4FA5-B8ED-B3F052BFDC86} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.)
Task: {3C039675-149D-4F98-90FA-5DD59310F38B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {538C64B8-8DF4-4631-A44A-61A15DB66579} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {561F5895-E18A-46DD-B9CF-41EAE629965E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {590062D7-1B5C-4E04-A00F-502D757F8F22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6529B8BF-91A9-45A4-AFF3-DDB8C12CDE82} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6AE5EA51-3CAD-4286-8723-C22CBECFDBD5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7B01C167-8612-4010-BBCD-4AB33B43076D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation)
Task: {8F089D04-34E8-464A-A9FF-32AD4C05CD40} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {9FD1E19E-87EE-423C-A72D-3577204749B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC0315F1-C7C9-4F62-A22B-E1755CE8DDB5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B177D3E9-33BF-45C0-B00D-8DE8F15F894A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C2849F0B-62B5-4DEE-BA0F-16B374A76440} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D52F05C4-EEB8-4065-AAAC-2648868FECBD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation)
Task: {EF0DFFCA-69FB-45DF-BB1F-606F927391C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-25] (Microsoft Corporation)
Task: {F5299968-4283-4FA3-BC8E-CDAB8EF861D4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-02 18:29 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2016-05-02 18:28 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-05-02 18:28 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-02 18:28 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-02 00:38 - 2016-05-02 00:38 - 00959176 _____ () C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64\ClientTelemetry.dll
2016-05-02 18:28 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-02 18:29 - 2015-11-25 06:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-02 18:29 - 2015-11-25 06:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-02 18:29 - 2015-11-25 06:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-02 18:29 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 15:14 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-04-29 00:20 - 2016-04-24 14:24 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-04-05 00:51 - 2016-03-09 11:35 - 00147216 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00165088 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-04-30 20:03 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hamidalani\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "AntDM"
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "antMR"
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4E7E1BB6-CCEA-408D-A716-64621550508B}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe
FirewallRules: [{972E14A2-17B3-4731-95E8-67AD0253B2C1}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe
FirewallRules: [{D328E055-2BBD-49E8-9D1C-1D451660C994}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3ABAAB84-C512-47FE-85B6-3E35A957DCF0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DB1E1FAB-7A27-47B4-A1F6-115BDA15664E}] => (Allow) C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{E159FF56-1CE1-4BB6-9442-CBCAB5027EA3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B9B5E427-7527-4DFC-83E5-B1F41C261786}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{A4E438A0-CFBC-4679-8BEF-C5F11D7590F8}] => (Allow) C:\Program Files (x86)\MEmu\MEmu.exe
FirewallRules: [{E0995A20-7056-4108-93D8-A8AE2329DDCD}] => (Allow) C:\Program Files (x86)\MEmu\MEmu.exe
FirewallRules: [UDP Query User{5D3AA921-4631-4F32-A8B9-73D16997D4DD}E:\embratoria_g3\es.exe] => (Allow) E:\embratoria_g3\es.exe
FirewallRules: [TCP Query User{E9DD2CD0-9B94-462D-95F5-FAF5836EC59B}E:\embratoria_g3\es.exe] => (Allow) E:\embratoria_g3\es.exe
FirewallRules: [{EF2DBA35-5090-4397-A073-7A6EA9FCFF1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42E325BD-121E-4D5E-872A-2D739A234106}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87DA18B3-2383-46ED-A589-C513236CE510}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{A331DC6C-AE6E-4C8C-B1A7-C69D27A4EB05}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [UDP Query User{314515D8-858A-4715-ACF9-FD6963988915}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [TCP Query User{1B74AB7F-2F24-458B-B7CA-E746C8283136}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [{2927CECD-5DFB-4C33-93C0-A521CEB5DDAD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F6881F64-DA33-4B63-B7F5-F0FF388D162B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{50C9AA68-CF36-479B-BCD2-A0AC52914005}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C0928762-77F4-49C6-A351-10B54F68D112}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{539BB4B5-C20C-4131-B59A-F131BF585991}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5EAEA34A-29C7-4E37-8586-028E32DE425C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5B50D276-74DE-4BCB-BBB7-0B8EC2AACEA3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{77EBBCF1-B9B0-448E-8BF8-78C696ECD69E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A2EE6684-3B94-44E4-9630-778A348687DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
==================== Restore Points =========================
02-05-2016 19:21:36 1
02-05-2016 23:48:03 2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2016 11:45:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Video.UI.exe version 1.6.1081.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: f64
Start Time: 01d1a52077faa93e
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\Video.UI.exe
Report Id: c510820e-1113-11e6-829e-b8763f5546de
Faulting package full name: Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.ZuneVideo
Error: (05/03/2016 11:45:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hamid)
Description: تم إنهاء الحزمة Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo نظراً لأنها استغرقت وقتاً طويلاً لتتوقف مؤقتاً.
Error: (05/03/2016 11:45:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: AUDIODG.EXE، الإصدار: 10.0.10240.16384، الطابع الزمني: 0x559f3a8d
اسم الوحدة النمطية التي تحتوي على أخطاء: sluapo64.dll، الإصدار: 2.3.25.0، الطابع الزمني: 0x52697162
رمز الاستثناء: 0xc0000005
إزاحة الخطأ: 0x000000000004042f
معرّف العملية التي تحتوي على أخطاء: 0xec4
وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xAUDIODG.EXE0
مسار التطبيق الذي يحتوي على أخطاء: AUDIODG.EXE1
مسار الوحدة النمطية التي تحتوي على أخطاء: AUDIODG.EXE2
معرف التقرير: AUDIODG.EXE3
الاسم الكامل للحزمة التي تحتوي على أخطاء: AUDIODG.EXE4
معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: AUDIODG.EXE5
Error: (05/02/2016 11:48:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/02/2016 08:42:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: فشلت "خدمات التشفير" في تهيئة كائن "كاتب النظام" للنسخ الاحتياطي لـ VSS.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (05/02/2016 08:41:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: hamid)
Description: فشل تنشيط التطبيق Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI مع حدوث الخطأ: -2147023170 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية.
Error: (05/02/2016 08:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: SearchUI.exe، الإصدار: 10.0.10240.16603، الطابع الزمني: 0x5655390b
اسم الوحدة النمطية التي تحتوي على أخطاء: CortanaApi.dll، الإصدار: 0.0.0.0، الطابع الزمني: 0x56553724
رمز الاستثناء: 0x80000003
إزاحة الخطأ: 0x0000000000151c4f
معرّف العملية التي تحتوي على أخطاء: 0x4c8
وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xSearchUI.exe0
مسار التطبيق الذي يحتوي على أخطاء: SearchUI.exe1
مسار الوحدة النمطية التي تحتوي على أخطاء: SearchUI.exe2
معرف التقرير: SearchUI.exe3
الاسم الكامل للحزمة التي تحتوي على أخطاء: SearchUI.exe4
معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: SearchUI.exe5
Error: (05/02/2016 08:31:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hamid)
Description: تم إنهاء الحزمة windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel نظراً لأنها استغرقت وقتاً طويلاً لتتوقف مؤقتاً.
Error: (05/02/2016 08:30:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: hamid)
Description: فشل تنشيط التطبيق windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel مع حدوث الخطأ: -2144927149 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية.
Error: (05/02/2016 07:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: SearchUI.exe، الإصدار: 10.0.10240.16603، الطابع الزمني: 0x5655390b
اسم الوحدة النمطية التي تحتوي على أخطاء: CortanaApi.dll، الإصدار: 0.0.0.0، الطابع الزمني: 0x56553724
رمز الاستثناء: 0x80000003
إزاحة الخطأ: 0x0000000000151c4f
معرّف العملية التي تحتوي على أخطاء: 0x904
وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xSearchUI.exe0
مسار التطبيق الذي يحتوي على أخطاء: SearchUI.exe1
مسار الوحدة النمطية التي تحتوي على أخطاء: SearchUI.exe2
معرف التقرير: SearchUI.exe3
الاسم الكامل للحزمة التي تحتوي على أخطاء: SearchUI.exe4
معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: SearchUI.exe5
System errors:
=============
Error: (05/03/2016 10:13:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/03/2016 12:36:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session2 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/03/2016 12:23:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Local Driver Service بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 300000 مللي ثانية: Restart the service.
Error: (05/02/2016 11:44:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/02/2016 11:41:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/02/2016 10:31:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/02/2016 10:26:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/02/2016 10:09:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: فشل التثبيت: فشل Windows في تثبيت التحديث التالي بسبب الخطأ 0x80073cf9: Microsoft .Net Native Runtime Package 1.3.
Error: (05/02/2016 08:46:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/02/2016 08:43:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة Plays.tv Update Service بسبب الخطأ التالي:
%%1053
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 36%
Total physical RAM: 3994.36 MB
Available physical RAM: 2553.64 MB
Total Virtual: 4698.36 MB
Available Virtual: 3160.07 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.09 GB) (Free:68.95 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Fixed) (Total:179.31 GB) (Free:177.87 GB) NTFS
Drive h: (Local Disk) (Fixed) (Total:148.08 GB) (Free:79.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive k: (حامد) (Fixed) (Total:21.19 GB) (Free:15.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C499E06A)
Partition 1: (Not Active) - (Size=101 MB) - (Type=42)
Partition 2: (Not Active) - (Size=117.1 GB) - (Type=42)
Partition 3: (Not Active) - (Size=117.2 GB) - (Type=42)
Partition 4: (Active) - (Size=148.1 GB) - (Type=42)
==================== End of Addition.txt ============================
Ran by hamidalani (2016-05-03 13:13:06)
Running from C:\Users\hamidalani\Desktop
Windows 10 Pro (X64) (2016-05-01 22:31:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2490970796-2538201055-388478953-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2490970796-2538201055-388478953-503 - Limited - Disabled)
Guest (S-1-5-21-2490970796-2538201055-388478953-501 - Limited - Disabled)
hamidalani (S-1-5-21-2490970796-2538201055-388478953-1001 - Administrator - Enabled) => C:\Users\hamidalani
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.375.1 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.1 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: جدار الحماية الشخصي ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ant Download Manager version 0.3.4.beta (HKLM-x32\...\{754CB6A3-3FE2-40DA-9FE5-2864909BD1CC}_is1) (Version: 0.3.4.beta - AntGROUP, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.42.136 - OSToto Co., Ltd.)
DriversCloud.com (64 bits) (HKLM\...\{C0B32FDA-5FB1-43F9-9273-E5DC59EE9164}) (Version: 8.0.4.0 - Cybelsoft)
ESET Smart Security (HKLM\...\{90174CED-A8D5-44AF-A0DC-F42DCB348BE5}) (Version: 9.0.375.1 - ESET, spol. s r.o.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6498.0 - IDT)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mediatek Bluetooth (HKLM\...\{16BCAEDC-C115-1729-07C4-7A0091C699A6}) (Version: 11.0.749.0 - Mediatek)
Microsoft Office Professional Plus 2016 - ar-sa (HKLM\...\ProPlusRetail - ar-sa) (Version: 16.0.6769.2040 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10253 - Realtek Semiconductor Corp.)
Viber (HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\{6ac8839e-3aad-46d0-b1ae-484a26d68bab}) (Version: 5.9.0.115 - Viber Media Inc.)
Viber (x32 Version: 5.9.0.115 - Viber Media Inc.) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wise Disk Cleaner 9.23 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.23 - WiseCleaner.com, Inc.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {023B1E69-B67C-46FB-94F9-A0C01FBA25CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {028A832E-EB73-4004-BE61-C53FFBB47013} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.)
Task: {10B594E9-209B-40ED-B97F-3C043E35B5D7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {18E2938F-3586-4107-AF9F-51A794E68228} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-25] (Microsoft Corporation)
Task: {26861F51-6298-428C-823B-68E8D9D6BD13} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2BC334DF-051A-4B91-970C-A8F18CC2A7B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2CFD82DE-E835-4A60-B45A-79C500500988} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.)
Task: {36B02708-6AB6-4FA5-B8ED-B3F052BFDC86} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.)
Task: {3C039675-149D-4F98-90FA-5DD59310F38B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {538C64B8-8DF4-4631-A44A-61A15DB66579} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {561F5895-E18A-46DD-B9CF-41EAE629965E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {590062D7-1B5C-4E04-A00F-502D757F8F22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6529B8BF-91A9-45A4-AFF3-DDB8C12CDE82} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6AE5EA51-3CAD-4286-8723-C22CBECFDBD5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7B01C167-8612-4010-BBCD-4AB33B43076D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation)
Task: {8F089D04-34E8-464A-A9FF-32AD4C05CD40} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {9FD1E19E-87EE-423C-A72D-3577204749B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC0315F1-C7C9-4F62-A22B-E1755CE8DDB5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B177D3E9-33BF-45C0-B00D-8DE8F15F894A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C2849F0B-62B5-4DEE-BA0F-16B374A76440} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D52F05C4-EEB8-4065-AAAC-2648868FECBD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation)
Task: {EF0DFFCA-69FB-45DF-BB1F-606F927391C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-25] (Microsoft Corporation)
Task: {F5299968-4283-4FA3-BC8E-CDAB8EF861D4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-02 18:29 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2016-05-02 18:28 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-05-02 18:28 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-02 18:28 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-02 00:38 - 2016-05-02 00:38 - 00959176 _____ () C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64\ClientTelemetry.dll
2016-05-02 18:28 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-02 18:29 - 2015-11-25 06:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-02 18:29 - 2015-11-25 06:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-02 18:29 - 2015-11-25 06:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-02 18:29 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 15:14 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-04-29 00:20 - 2016-04-24 14:24 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-04-05 00:51 - 2016-03-09 11:35 - 00147216 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00165088 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2016-04-05 00:51 - 2016-03-09 11:35 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-04-30 20:03 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hamidalani\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "AntDM"
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "antMR"
HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4E7E1BB6-CCEA-408D-A716-64621550508B}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe
FirewallRules: [{972E14A2-17B3-4731-95E8-67AD0253B2C1}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe
FirewallRules: [{D328E055-2BBD-49E8-9D1C-1D451660C994}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3ABAAB84-C512-47FE-85B6-3E35A957DCF0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DB1E1FAB-7A27-47B4-A1F6-115BDA15664E}] => (Allow) C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{E159FF56-1CE1-4BB6-9442-CBCAB5027EA3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B9B5E427-7527-4DFC-83E5-B1F41C261786}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{A4E438A0-CFBC-4679-8BEF-C5F11D7590F8}] => (Allow) C:\Program Files (x86)\MEmu\MEmu.exe
FirewallRules: [{E0995A20-7056-4108-93D8-A8AE2329DDCD}] => (Allow) C:\Program Files (x86)\MEmu\MEmu.exe
FirewallRules: [UDP Query User{5D3AA921-4631-4F32-A8B9-73D16997D4DD}E:\embratoria_g3\es.exe] => (Allow) E:\embratoria_g3\es.exe
FirewallRules: [TCP Query User{E9DD2CD0-9B94-462D-95F5-FAF5836EC59B}E:\embratoria_g3\es.exe] => (Allow) E:\embratoria_g3\es.exe
FirewallRules: [{EF2DBA35-5090-4397-A073-7A6EA9FCFF1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42E325BD-121E-4D5E-872A-2D739A234106}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87DA18B3-2383-46ED-A589-C513236CE510}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{A331DC6C-AE6E-4C8C-B1A7-C69D27A4EB05}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [UDP Query User{314515D8-858A-4715-ACF9-FD6963988915}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [TCP Query User{1B74AB7F-2F24-458B-B7CA-E746C8283136}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [{2927CECD-5DFB-4C33-93C0-A521CEB5DDAD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F6881F64-DA33-4B63-B7F5-F0FF388D162B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{50C9AA68-CF36-479B-BCD2-A0AC52914005}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C0928762-77F4-49C6-A351-10B54F68D112}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{539BB4B5-C20C-4131-B59A-F131BF585991}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5EAEA34A-29C7-4E37-8586-028E32DE425C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5B50D276-74DE-4BCB-BBB7-0B8EC2AACEA3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{77EBBCF1-B9B0-448E-8BF8-78C696ECD69E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A2EE6684-3B94-44E4-9630-778A348687DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
==================== Restore Points =========================
02-05-2016 19:21:36 1
02-05-2016 23:48:03 2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2016 11:45:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Video.UI.exe version 1.6.1081.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: f64
Start Time: 01d1a52077faa93e
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\Video.UI.exe
Report Id: c510820e-1113-11e6-829e-b8763f5546de
Faulting package full name: Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.ZuneVideo
Error: (05/03/2016 11:45:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hamid)
Description: تم إنهاء الحزمة Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo نظراً لأنها استغرقت وقتاً طويلاً لتتوقف مؤقتاً.
Error: (05/03/2016 11:45:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: AUDIODG.EXE، الإصدار: 10.0.10240.16384، الطابع الزمني: 0x559f3a8d
اسم الوحدة النمطية التي تحتوي على أخطاء: sluapo64.dll، الإصدار: 2.3.25.0، الطابع الزمني: 0x52697162
رمز الاستثناء: 0xc0000005
إزاحة الخطأ: 0x000000000004042f
معرّف العملية التي تحتوي على أخطاء: 0xec4
وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xAUDIODG.EXE0
مسار التطبيق الذي يحتوي على أخطاء: AUDIODG.EXE1
مسار الوحدة النمطية التي تحتوي على أخطاء: AUDIODG.EXE2
معرف التقرير: AUDIODG.EXE3
الاسم الكامل للحزمة التي تحتوي على أخطاء: AUDIODG.EXE4
معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: AUDIODG.EXE5
Error: (05/02/2016 11:48:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/02/2016 08:42:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: فشلت "خدمات التشفير" في تهيئة كائن "كاتب النظام" للنسخ الاحتياطي لـ VSS.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (05/02/2016 08:41:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: hamid)
Description: فشل تنشيط التطبيق Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI مع حدوث الخطأ: -2147023170 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية.
Error: (05/02/2016 08:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: SearchUI.exe، الإصدار: 10.0.10240.16603، الطابع الزمني: 0x5655390b
اسم الوحدة النمطية التي تحتوي على أخطاء: CortanaApi.dll، الإصدار: 0.0.0.0، الطابع الزمني: 0x56553724
رمز الاستثناء: 0x80000003
إزاحة الخطأ: 0x0000000000151c4f
معرّف العملية التي تحتوي على أخطاء: 0x4c8
وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xSearchUI.exe0
مسار التطبيق الذي يحتوي على أخطاء: SearchUI.exe1
مسار الوحدة النمطية التي تحتوي على أخطاء: SearchUI.exe2
معرف التقرير: SearchUI.exe3
الاسم الكامل للحزمة التي تحتوي على أخطاء: SearchUI.exe4
معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: SearchUI.exe5
Error: (05/02/2016 08:31:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hamid)
Description: تم إنهاء الحزمة windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel نظراً لأنها استغرقت وقتاً طويلاً لتتوقف مؤقتاً.
Error: (05/02/2016 08:30:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: hamid)
Description: فشل تنشيط التطبيق windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel مع حدوث الخطأ: -2144927149 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية.
Error: (05/02/2016 07:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: SearchUI.exe، الإصدار: 10.0.10240.16603، الطابع الزمني: 0x5655390b
اسم الوحدة النمطية التي تحتوي على أخطاء: CortanaApi.dll، الإصدار: 0.0.0.0، الطابع الزمني: 0x56553724
رمز الاستثناء: 0x80000003
إزاحة الخطأ: 0x0000000000151c4f
معرّف العملية التي تحتوي على أخطاء: 0x904
وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xSearchUI.exe0
مسار التطبيق الذي يحتوي على أخطاء: SearchUI.exe1
مسار الوحدة النمطية التي تحتوي على أخطاء: SearchUI.exe2
معرف التقرير: SearchUI.exe3
الاسم الكامل للحزمة التي تحتوي على أخطاء: SearchUI.exe4
معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: SearchUI.exe5
System errors:
=============
Error: (05/03/2016 10:13:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/03/2016 12:36:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session2 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/03/2016 12:23:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Local Driver Service بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 300000 مللي ثانية: Restart the service.
Error: (05/02/2016 11:44:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/02/2016 11:41:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/02/2016 10:31:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/02/2016 10:26:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/02/2016 10:09:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: فشل التثبيت: فشل Windows في تثبيت التحديث التالي بسبب الخطأ 0x80073cf9: Microsoft .Net Native Runtime Package 1.3.
Error: (05/02/2016 08:46:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (05/02/2016 08:43:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: فشل بدء تشغيل الخدمة Plays.tv Update Service بسبب الخطأ التالي:
%%1053
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 36%
Total physical RAM: 3994.36 MB
Available physical RAM: 2553.64 MB
Total Virtual: 4698.36 MB
Available Virtual: 3160.07 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.09 GB) (Free:68.95 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Fixed) (Total:179.31 GB) (Free:177.87 GB) NTFS
Drive h: (Local Disk) (Fixed) (Total:148.08 GB) (Free:79.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive k: (حامد) (Fixed) (Total:21.19 GB) (Free:15.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C499E06A)
Partition 1: (Not Active) - (Size=101 MB) - (Type=42)
Partition 2: (Not Active) - (Size=117.1 GB) - (Type=42)
Partition 3: (Not Active) - (Size=117.2 GB) - (Type=42)
Partition 4: (Active) - (Size=148.1 GB) - (Type=42)
==================== End of Addition.txt ============================