Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-04-2016 Ran by hamidalani (2016-05-03 13:13:06) Running from C:\Users\hamidalani\Desktop Windows 10 Pro (X64) (2016-05-01 22:31:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2490970796-2538201055-388478953-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2490970796-2538201055-388478953-503 - Limited - Disabled) Guest (S-1-5-21-2490970796-2538201055-388478953-501 - Limited - Disabled) hamidalani (S-1-5-21-2490970796-2538201055-388478953-1001 - Administrator - Enabled) => C:\Users\hamidalani ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 9.0.375.1 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 9.0.375.1 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: جدار الحماية الشخصي ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Ant Download Manager version 0.3.4.beta (HKLM-x32\...\{754CB6A3-3FE2-40DA-9FE5-2864909BD1CC}_is1) (Version: 0.3.4.beta - AntGROUP, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.42.136 - OSToto Co., Ltd.) DriversCloud.com (64 bits) (HKLM\...\{C0B32FDA-5FB1-43F9-9273-E5DC59EE9164}) (Version: 8.0.4.0 - Cybelsoft) ESET Smart Security (HKLM\...\{90174CED-A8D5-44AF-A0DC-F42DCB348BE5}) (Version: 9.0.375.1 - ESET, spol. s r.o.) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc‎.‎) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6498.0 - IDT) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation) Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mediatek Bluetooth (HKLM\...\{16BCAEDC-C115-1729-07C4-7A0091C699A6}) (Version: 11.0.749.0 - Mediatek) Microsoft Office Professional Plus 2016 - ar-sa (HKLM\...\ProPlusRetail - ar-sa) (Version: 16.0.6769.2040 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated) USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10253 - Realtek Semiconductor Corp.) Viber (HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\{6ac8839e-3aad-46d0-b1ae-484a26d68bab}) (Version: 5.9.0.115 - Viber Media Inc.) Viber (x32 Version: 5.9.0.115 - Viber Media Inc.) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Wise Disk Cleaner 9.23 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.23 - WiseCleaner.com, Inc.) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2490970796-2538201055-388478953-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {023B1E69-B67C-46FB-94F9-A0C01FBA25CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {028A832E-EB73-4004-BE61-C53FFBB47013} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.) Task: {10B594E9-209B-40ED-B97F-3C043E35B5D7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {18E2938F-3586-4107-AF9F-51A794E68228} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-25] (Microsoft Corporation) Task: {26861F51-6298-428C-823B-68E8D9D6BD13} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {2BC334DF-051A-4B91-970C-A8F18CC2A7B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {2CFD82DE-E835-4A60-B45A-79C500500988} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.) Task: {36B02708-6AB6-4FA5-B8ED-B3F052BFDC86} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.) Task: {3C039675-149D-4F98-90FA-5DD59310F38B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd) Task: {538C64B8-8DF4-4631-A44A-61A15DB66579} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {561F5895-E18A-46DD-B9CF-41EAE629965E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {590062D7-1B5C-4E04-A00F-502D757F8F22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {6529B8BF-91A9-45A4-AFF3-DDB8C12CDE82} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {6AE5EA51-3CAD-4286-8723-C22CBECFDBD5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {7B01C167-8612-4010-BBCD-4AB33B43076D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation) Task: {8F089D04-34E8-464A-A9FF-32AD4C05CD40} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation) Task: {9FD1E19E-87EE-423C-A72D-3577204749B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {AC0315F1-C7C9-4F62-A22B-E1755CE8DDB5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {B177D3E9-33BF-45C0-B00D-8DE8F15F894A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {C2849F0B-62B5-4DEE-BA0F-16B374A76440} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {D52F05C4-EEB8-4065-AAAC-2648868FECBD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation) Task: {EF0DFFCA-69FB-45DF-BB1F-606F927391C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-25] (Microsoft Corporation) Task: {F5299968-4283-4FA3-BC8E-CDAB8EF861D4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-05-02 18:29 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2016-05-02 18:28 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2016-05-02 18:28 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-05-02 18:28 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-02 00:38 - 2016-05-02 00:38 - 00959176 _____ () C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64\ClientTelemetry.dll 2016-05-02 18:28 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-02 18:29 - 2015-11-25 06:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-02 18:29 - 2015-11-25 06:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-02 18:29 - 2015-11-25 06:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-02 18:29 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 13:00 - 2015-07-10 15:14 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2016-04-29 00:20 - 2016-04-24 14:24 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd 2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd 2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd 2016-04-05 00:51 - 2016-03-09 11:35 - 00147216 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll 2016-04-05 00:51 - 2016-03-09 11:35 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll 2016-04-05 00:51 - 2016-03-09 11:35 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll 2016-04-05 00:51 - 2016-03-09 11:35 - 00165088 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll 2016-04-05 00:51 - 2016-03-09 11:35 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll 2016-04-05 00:51 - 2016-03-09 11:35 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-04-30 20:03 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2490970796-2538201055-388478953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hamidalani\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "SysTrayApp" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtsCM" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "Raptr" HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "AntDM" HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "antMR" HKU\S-1-5-21-2490970796-2538201055-388478953-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{4E7E1BB6-CCEA-408D-A716-64621550508B}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe FirewallRules: [{972E14A2-17B3-4731-95E8-67AD0253B2C1}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe FirewallRules: [{D328E055-2BBD-49E8-9D1C-1D451660C994}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{3ABAAB84-C512-47FE-85B6-3E35A957DCF0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{DB1E1FAB-7A27-47B4-A1F6-115BDA15664E}] => (Allow) C:\Users\hamidalani\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{E159FF56-1CE1-4BB6-9442-CBCAB5027EA3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B9B5E427-7527-4DFC-83E5-B1F41C261786}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe FirewallRules: [{A4E438A0-CFBC-4679-8BEF-C5F11D7590F8}] => (Allow) C:\Program Files (x86)\MEmu\MEmu.exe FirewallRules: [{E0995A20-7056-4108-93D8-A8AE2329DDCD}] => (Allow) C:\Program Files (x86)\MEmu\MEmu.exe FirewallRules: [UDP Query User{5D3AA921-4631-4F32-A8B9-73D16997D4DD}E:\embratoria_g3\es.exe] => (Allow) E:\embratoria_g3\es.exe FirewallRules: [TCP Query User{E9DD2CD0-9B94-462D-95F5-FAF5836EC59B}E:\embratoria_g3\es.exe] => (Allow) E:\embratoria_g3\es.exe FirewallRules: [{EF2DBA35-5090-4397-A073-7A6EA9FCFF1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{42E325BD-121E-4D5E-872A-2D739A234106}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{87DA18B3-2383-46ED-A589-C513236CE510}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe FirewallRules: [{A331DC6C-AE6E-4C8C-B1A7-C69D27A4EB05}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe FirewallRules: [UDP Query User{314515D8-858A-4715-ACF9-FD6963988915}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe FirewallRules: [TCP Query User{1B74AB7F-2F24-458B-B7CA-E746C8283136}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe FirewallRules: [{2927CECD-5DFB-4C33-93C0-A521CEB5DDAD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{F6881F64-DA33-4B63-B7F5-F0FF388D162B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{50C9AA68-CF36-479B-BCD2-A0AC52914005}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{C0928762-77F4-49C6-A351-10B54F68D112}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{539BB4B5-C20C-4131-B59A-F131BF585991}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{5EAEA34A-29C7-4E37-8586-028E32DE425C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{5B50D276-74DE-4BCB-BBB7-0B8EC2AACEA3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{77EBBCF1-B9B0-448E-8BF8-78C696ECD69E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{A2EE6684-3B94-44E4-9630-778A348687DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe ==================== Restore Points ========================= 02-05-2016 19:21:36 1 02-05-2016 23:48:03 2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/03/2016 11:45:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Video.UI.exe version 1.6.1081.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: f64 Start Time: 01d1a52077faa93e Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\Video.UI.exe Report Id: c510820e-1113-11e6-829e-b8763f5546de Faulting package full name: Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneVideo Error: (05/03/2016 11:45:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hamid) Description: تم إنهاء الحزمة Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo نظراً لأنها استغرقت وقتاً طويلاً لتتوقف مؤقتاً. Error: (05/03/2016 11:45:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: AUDIODG.EXE، الإصدار: 10.0.10240.16384، الطابع الزمني: 0x559f3a8d اسم الوحدة النمطية التي تحتوي على أخطاء: sluapo64.dll، الإصدار: 2.3.25.0، الطابع الزمني: 0x52697162 رمز الاستثناء: 0xc0000005 إزاحة الخطأ: 0x000000000004042f معرّف العملية التي تحتوي على أخطاء: 0xec4 وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xAUDIODG.EXE0 مسار التطبيق الذي يحتوي على أخطاء: AUDIODG.EXE1 مسار الوحدة النمطية التي تحتوي على أخطاء: AUDIODG.EXE2 معرف التقرير: AUDIODG.EXE3 الاسم الكامل للحزمة التي تحتوي على أخطاء: AUDIODG.EXE4 معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: AUDIODG.EXE5 Error: (05/02/2016 11:48:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/02/2016 08:42:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: ‏‏فشلت "خدمات التشفير" في تهيئة كائن "كاتب النظام" للنسخ الاحتياطي لـ VSS. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error: (05/02/2016 08:41:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: hamid) Description: فشل تنشيط التطبيق Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI مع حدوث الخطأ: -2147023170 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية. Error: (05/02/2016 08:41:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: SearchUI.exe، الإصدار: 10.0.10240.16603، الطابع الزمني: 0x5655390b اسم الوحدة النمطية التي تحتوي على أخطاء: CortanaApi.dll، الإصدار: 0.0.0.0، الطابع الزمني: 0x56553724 رمز الاستثناء: 0x80000003 إزاحة الخطأ: 0x0000000000151c4f معرّف العملية التي تحتوي على أخطاء: 0x4c8 وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xSearchUI.exe0 مسار التطبيق الذي يحتوي على أخطاء: SearchUI.exe1 مسار الوحدة النمطية التي تحتوي على أخطاء: SearchUI.exe2 معرف التقرير: SearchUI.exe3 الاسم الكامل للحزمة التي تحتوي على أخطاء: SearchUI.exe4 معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: SearchUI.exe5 Error: (05/02/2016 08:31:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hamid) Description: تم إنهاء الحزمة windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel نظراً لأنها استغرقت وقتاً طويلاً لتتوقف مؤقتاً. Error: (05/02/2016 08:30:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: hamid) Description: فشل تنشيط التطبيق windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel مع حدوث الخطأ: -2144927149 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية. Error: (05/02/2016 07:28:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: SearchUI.exe، الإصدار: 10.0.10240.16603، الطابع الزمني: 0x5655390b اسم الوحدة النمطية التي تحتوي على أخطاء: CortanaApi.dll، الإصدار: 0.0.0.0، الطابع الزمني: 0x56553724 رمز الاستثناء: 0x80000003 إزاحة الخطأ: 0x0000000000151c4f معرّف العملية التي تحتوي على أخطاء: 0x904 وقت بدء تشغيل التطبيق الذي يحتوي على أخطاء: 0xSearchUI.exe0 مسار التطبيق الذي يحتوي على أخطاء: SearchUI.exe1 مسار الوحدة النمطية التي تحتوي على أخطاء: SearchUI.exe2 معرف التقرير: SearchUI.exe3 الاسم الكامل للحزمة التي تحتوي على أخطاء: SearchUI.exe4 معرف التطبيق المرتبط بالحزمة التي تحتوي على أخطاء: SearchUI.exe5 System errors: ============= Error: (05/03/2016 10:13:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (05/03/2016 12:36:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Sync Host_Session2 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service. Error: (05/03/2016 12:23:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Local Driver Service بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 300000 مللي ثانية: Restart the service. Error: (05/02/2016 11:44:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (05/02/2016 11:41:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service. Error: (05/02/2016 10:31:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (05/02/2016 10:26:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service. Error: (05/02/2016 10:09:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: ‏‏فشل التثبيت: فشل Windows في تثبيت التحديث التالي بسبب الخطأ 0x80073cf9: Microsoft .Net Native Runtime Package 1.3. Error: (05/02/2016 08:46:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (05/02/2016 08:43:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: ‏‏فشل بدء تشغيل الخدمة Plays.tv Update Service بسبب الخطأ التالي: %%1053 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 36% Total physical RAM: 3994.36 MB Available physical RAM: 2553.64 MB Total Virtual: 4698.36 MB Available Virtual: 3160.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:117.09 GB) (Free:68.95 GB) NTFS Drive d: (Local Disk) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS Drive e: () (Fixed) (Total:179.31 GB) (Free:177.87 GB) NTFS Drive h: (Local Disk) (Fixed) (Total:148.08 GB) (Free:79.43 GB) NTFS ==>[system with boot components (obtained from drive)] Drive k: (حامد) (Fixed) (Total:21.19 GB) (Free:15.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C499E06A) Partition 1: (Not Active) - (Size=101 MB) - (Type=42) Partition 2: (Not Active) - (Size=117.1 GB) - (Type=42) Partition 3: (Not Active) - (Size=117.2 GB) - (Type=42) Partition 4: (Active) - (Size=148.1 GB) - (Type=42) ==================== End of Addition.txt ============================