Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-05-2016 01
Ran by ahmed (2016-05-23 16:02:41)
Running from C:\Users\ahmed\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-10-22 15:37:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1492026092-2507368824-3614128289-500 - Administrator - Disabled)
ahmed (S-1-5-21-1492026092-2507368824-3614128289-1001 - Administrator - Enabled) => C:\Users\ahmed
Guest (S-1-5-21-1492026092-2507368824-3614128289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1492026092-2507368824-3614128289-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DC07522A-FA33-C098-E885-2FFA362097FC}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
BlueStacks App Player (HKLM\...\{6693B491-7BA8-4A42-A40C-B1BABC8C5339}) (Version: 2.1.7.5658 - BlueStack Systems, Inc.)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.3019 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
FormatFactory 3.8.0.0 (HKLM\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.64 - SecureMix LLC)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP Deskjet 1510 series برنامج الجهاز الأساسي (HKLM\...\{ED8D2CCC-1A99-4810-8503-541172774EA2}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1510 series تعليمات (HKLM\...\{CB894617-864E-4668-B012-7C46AEF6AE45}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HydraVision (Version: 4.2.220.0 - Advanced Micro Devices, Inc.) Hidden
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software 1.14.19.1 (HKLM\...\{513148E7-B7A1-48B2-B518-668701E546F5}) (Version: 1.14.19.1 - LightScribe)
Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
NetWorx 5.5.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PESEdit.com 2013 Patch 6.0 - Update Summer Transfers 2015 2015.09.02 (HKLM\...\PESEdit.com 2013 Patch 6.0 - Update Summer Transfers 2015 2015.09.02) (Version: 2015.09.02 - bedoedeyne)
PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd)
RealDownloader (Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartShare (HKLM\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.2.1405.1601 - LG Electronics Inc.)
Smile With Sunflowers (HKLM\...\Smile With Sunflowers) (Version: 1.0.0.1 - Siteken Network Co., Ltd.)
UltraISO Premium V9.65 (HKLM\...\UltraISO_is1) (Version: - )
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSetupFromUSB (HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\WinSetupFromUSB) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
دراسة تحسين المنتج ل HP Deskjet 1510 series (HKLM\...\{0E398B00-2CFA-4F53-9832-0215E8BF39F0}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
معرض الصور (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BEE334-BD9E-4678-9FE6-85909E6A2A95} - System32\Tasks\{8FAEA001-E26F-4AB6-BEA8-1AF3E14C5810} => pcalua.exe -a "F:\برامج\حرق الويندوز\حرق xp\Win Setup From USB_zyzoom\Win Setup From USB_zyzoom\Win Setup From USB_0-2-3.exe" -d "F:\برامج\حرق الويندوز\حرق xp\Win Setup From USB_zyzoom\Win Setup From USB_zyzoom"
Task: {172D4EA0-FFB3-453E-9451-38CE0ABC7364} - System32\Tasks\{28A95FB9-230A-4893-8620-DC05EC7D831C} => pcalua.exe -a "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist\vcredist_x86.exe" -d "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist"
Task: {194BE650-1D94-4A88-9981-88C85C8121BF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1492026092-2507368824-3614128289-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {2AE8C3C1-078B-4364-B2B1-F60A00D09D87} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {473BA52B-1443-4FB2-89A9-277647FCD032} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {48AB1741-C0BD-4240-95A4-7AC1D2E033ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {6CAE0DB6-A952-4667-B4A8-74649D2F101E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1492026092-2507368824-3614128289-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {77E0B9A8-FC99-436F-8324-50DCA2A20030} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-17] (AVAST Software)
Task: {7B616413-7AB3-4FCE-8FA2-6C2364F816FA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {8B6E1414-E118-4686-9F12-13149F9DD58B} - System32\Tasks\{F5BAD9F8-13AB-4F43-A85D-B719E7E5B85E} => pcalua.exe -a F:\cakeshop2_setup.exe -d F:\
Task: {8BA329D9-9EFC-4074-B6A4-3DDB834600A2} - System32\Tasks\{8610F83D-69BE-482A-8568-BE672AAEE57F} => pcalua.exe -a "F:\مجلد جديد (4)\SetEdithomecast\SetEdithomecast\SetEditHomecast_installation_de.exe" -d "F:\مجلد جديد (4)\SetEdithomecast\SetEdithomecast"
Task: {A41F01CB-A778-43D7-BE6F-8CD237A057A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc.)
Task: {A639EBD9-3C88-496B-956D-13DEE8FC5214} - System32\Tasks\{1A9806CB-2646-499D-810E-A92B173225DF} => pcalua.exe -a "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist\vcredist_x86.exe" -d "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist"
Task: {A75AE5DD-318C-4F41-8678-8172FD525565} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {B0B060BB-9B0A-4378-A77F-551D6CF79210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc.)
Task: {DA10A36C-9455-48D7-B0F4-0D71E6D4AFFE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001Core => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {DAA3FEAD-2860-4576-AFE9-02F251F43FCA} - System32\Tasks\SmartShare => C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe [2014-03-13] (LG Electronics Inc.)
Task: {EA63D60A-DE3F-418B-BFEE-E29A85BECFDB} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {EBDA6815-B4A4-4171-AD07-E3BA9F6EE96C} - System32\Tasks\AdobeAAMUpdater-1.0-ahmed-PC-ahmed => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {F9075FBF-D412-4B70-B992-66EFE1EADDF3} - System32\Tasks\{894FE5B0-8228-42BE-BC16-8EB102866CAB} => pcalua.exe -a F:\برامج\wlsetup-web.exe -d F:\برامج
Task: {FD179DEC-BF2A-49CE-AC43-C0044794BC43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA1d12eee184b990f => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001Core.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA1d12eee184b990f.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-17 17:59 - 2016-01-17 17:59 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-17 17:59 - 2016-01-17 17:59 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-22 14:47 - 2016-05-22 14:47 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052200\algo.dll
2016-04-14 17:25 - 2016-04-14 17:25 - 00510368 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-23 13:04 - 2016-05-23 13:04 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052300\algo.dll
2011-11-09 22:10 - 2011-11-09 22:10 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-10-22 18:07 - 2015-10-22 18:07 - 00867928 _____ () C:\Program Files\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-02-12 16:29 - 2014-02-12 16:29 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-01-17 17:59 - 2016-01-17 17:59 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-23 01:04 - 2016-05-19 14:24 - 00619520 _____ () C:\Program Files\NetWorx\sqlite.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-10-22 18:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2015-11-05 01:42 - 2013-12-06 22:06 - 00642016 _____ () C:\Program Files\LG Software\LG Smart Share\DMS\sqlite3.dll
2015-11-05 01:42 - 2011-08-10 14:00 - 00378880 _____ () C:\Windows\System32\av_dll.dll
2015-11-05 01:42 - 2011-08-10 14:00 - 00020992 _____ () C:\Windows\System32\av_proxy.dll
2016-05-12 23:54 - 2016-05-11 13:48 - 01738904 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 23:54 - 2016-05-11 13:48 - 00086168 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-12 23:54 - 2016-05-11 13:48 - 17565848 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 __RSH C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{47F2D550-31D7-4516-997A-7FFF0461151B}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{59A01C98-5E28-424E-9DC8-9F1F7EA24BD8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3DE5CE65-F91B-4250-BA66-323A748DAB4C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F877435A-58A2-48EE-AC29-90EFD8AF412B}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{56D0B98D-17DC-43D9-8366-9326B29FA478}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B4E2DDBD-EEC1-40E4-8B4E-87E3CF28B75E}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{1D7DCA63-EBA5-4E80-B32E-CC9404DA1A23}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{26C52652-AA57-4AFF-AA58-00E982062FA5}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6603168C-D63C-4F75-B7F7-8B7AE5A2C6FB}] => (Allow) LPort=2869
FirewallRules: [{41773553-4B6B-42AA-9949-C3BD44AB2662}] => (Allow) LPort=1900
FirewallRules: [{35618EE8-F4A2-463E-9D03-E15CEBD30A15}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{69418C17-8EB3-478A-ACB2-14D7A120561F}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{AB5396DB-5D7A-4BE6-85F4-EA00CA78417E}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{4F9AAC3C-E9BC-4D53-B25F-A95CE019AAD8}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [TCP Query User{A8BE0FFA-5022-44AA-9CCE-9A9F10399BBA}F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe] => (Allow) F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe
FirewallRules: [UDP Query User{9CBA5D1C-228E-4337-A914-7D17707D5669}F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe] => (Allow) F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe
FirewallRules: [TCP Query User{FC119591-3BE3-4506-B8C6-2B2E9164F050}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{A6A53DB1-9C38-495A-86F5-F001A11D7363}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe
FirewallRules: [TCP Query User{9C7424DC-C1D0-44A7-8A22-8A8E4785A93D}C:\users\ahmed\downloads\programs\ffinstonline.exe] => (Allow) C:\users\ahmed\downloads\programs\ffinstonline.exe
FirewallRules: [UDP Query User{0B8DD996-FE70-4C1A-9295-DA078772CA04}C:\users\ahmed\downloads\programs\ffinstonline.exe] => (Allow) C:\users\ahmed\downloads\programs\ffinstonline.exe
FirewallRules: [{7D1D9A02-30A8-494F-8A75-19424CF50390}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{9EC87605-EE64-4DFE-873E-B72500E11A02}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{61947BD3-5A65-4A6F-95D9-92C419B81BF5}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{23054122-5B09-473E-883B-45C49C38E30C}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{832FB995-5119-47C2-8BA0-6F43B9B30076}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E0DF9E2-8703-49EF-8360-B804B3C0C716}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{62043EC9-A62D-4776-9B70-E96FCE713F21}] => (Allow) C:\Users\ahmed\Desktop\Pes 13\pes2013.exe
FirewallRules: [{8B97F3A6-3F01-4B3E-B2DC-9A88C34EF7F5}] => (Allow) C:\Users\ahmed\Desktop\Pes 13\pes2013.exe
FirewallRules: [{EF0447AF-8F65-4558-AD6B-1CC0055D4785}] => (Allow) C:\Users\ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54AB0218-5F32-422E-A58B-5725F62F7287}] => (Allow) C:\Users\ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3093619D-0DFE-491B-A606-22C67FCEAC73}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe
FirewallRules: [{F1D8A747-838D-4148-9D0B-92E46226AE57}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe
FirewallRules: [{53EEDC54-7C47-4A50-8335-F4F67F5C2815}] => (Allow) C:\Program Files\NetWorx\networx.exe
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000016c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0186F340.64). hr = 0x80070005, Access is denied.
.
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,0135EC58.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {97ae515b-cb88-4b13-8d86-a50ab992f086}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,0135EC44.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {97ae515b-cb88-4b13-8d86-a50ab992f086}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000948,(null),0,REG_BINARY,03EFEE78.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {77ee6f9e-fbfc-425a-9278-e09c6f794d11}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000948,(null),0,REG_BINARY,03EFEE64.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {77ee6f9e-fbfc-425a-9278-e09c6f794d11}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000085c,(null),0,REG_BINARY,021AECD0.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {8fd2adc5-6a13-49f5-9f0b-ae02bff9a105}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000085c,(null),0,REG_BINARY,021AECBC.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {8fd2adc5-6a13-49f5-9f0b-ae02bff9a105}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000198,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0190F3F8.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {3578dc98-e82e-4d3a-8448-8f0a1653f731}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0135F8F8.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {c53f0caa-b49b-4956-b4a9-7b8903edfd30}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0163F158.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a504ba67-f981-4afa-8b4d-6e3aaa05eebe}
System errors:
=============
Error: (05/23/2016 04:01:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: فشل الاستدعاء ScRegSetValueExW لـ DeleteFlag بسبب الخطأ التالي:
%%5
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (05/23/2016 01:05:19 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (05/23/2016 01:05:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:13 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
CodeIntegrity:
===================================
Date: 2015-10-22 19:53:23.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-22 19:53:23.179
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-22 19:53:23.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-22 19:53:23.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 53%
Total physical RAM: 3071.24 MB
Available physical RAM: 1423.36 MB
Total Virtual: 6140.8 MB
Available Virtual: 3568.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:80 GB) (Free:36.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:250.51 GB) (Free:188.59 GB) NTFS
Drive e: (عصام) (Fixed) (Total:300.5 GB) (Free:203.28 GB) NTFS
Drive f: () (Fixed) (Total:300.5 GB) (Free:96.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B50C0E03)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=851.5 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Ran by ahmed (2016-05-23 16:02:41)
Running from C:\Users\ahmed\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-10-22 15:37:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1492026092-2507368824-3614128289-500 - Administrator - Disabled)
ahmed (S-1-5-21-1492026092-2507368824-3614128289-1001 - Administrator - Enabled) => C:\Users\ahmed
Guest (S-1-5-21-1492026092-2507368824-3614128289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1492026092-2507368824-3614128289-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DC07522A-FA33-C098-E885-2FFA362097FC}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
BlueStacks App Player (HKLM\...\{6693B491-7BA8-4A42-A40C-B1BABC8C5339}) (Version: 2.1.7.5658 - BlueStack Systems, Inc.)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.3019 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
FormatFactory 3.8.0.0 (HKLM\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.64 - SecureMix LLC)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP Deskjet 1510 series برنامج الجهاز الأساسي (HKLM\...\{ED8D2CCC-1A99-4810-8503-541172774EA2}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1510 series تعليمات (HKLM\...\{CB894617-864E-4668-B012-7C46AEF6AE45}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HydraVision (Version: 4.2.220.0 - Advanced Micro Devices, Inc.) Hidden
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software 1.14.19.1 (HKLM\...\{513148E7-B7A1-48B2-B518-668701E546F5}) (Version: 1.14.19.1 - LightScribe)
Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
NetWorx 5.5.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PESEdit.com 2013 Patch 6.0 - Update Summer Transfers 2015 2015.09.02 (HKLM\...\PESEdit.com 2013 Patch 6.0 - Update Summer Transfers 2015 2015.09.02) (Version: 2015.09.02 - bedoedeyne)
PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd)
RealDownloader (Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartShare (HKLM\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.2.1405.1601 - LG Electronics Inc.)
Smile With Sunflowers (HKLM\...\Smile With Sunflowers) (Version: 1.0.0.1 - Siteken Network Co., Ltd.)
UltraISO Premium V9.65 (HKLM\...\UltraISO_is1) (Version: - )
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSetupFromUSB (HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\WinSetupFromUSB) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
دراسة تحسين المنتج ل HP Deskjet 1510 series (HKLM\...\{0E398B00-2CFA-4F53-9832-0215E8BF39F0}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
معرض الصور (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BEE334-BD9E-4678-9FE6-85909E6A2A95} - System32\Tasks\{8FAEA001-E26F-4AB6-BEA8-1AF3E14C5810} => pcalua.exe -a "F:\برامج\حرق الويندوز\حرق xp\Win Setup From USB_zyzoom\Win Setup From USB_zyzoom\Win Setup From USB_0-2-3.exe" -d "F:\برامج\حرق الويندوز\حرق xp\Win Setup From USB_zyzoom\Win Setup From USB_zyzoom"
Task: {172D4EA0-FFB3-453E-9451-38CE0ABC7364} - System32\Tasks\{28A95FB9-230A-4893-8620-DC05EC7D831C} => pcalua.exe -a "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist\vcredist_x86.exe" -d "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist"
Task: {194BE650-1D94-4A88-9981-88C85C8121BF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1492026092-2507368824-3614128289-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {2AE8C3C1-078B-4364-B2B1-F60A00D09D87} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {473BA52B-1443-4FB2-89A9-277647FCD032} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {48AB1741-C0BD-4240-95A4-7AC1D2E033ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {6CAE0DB6-A952-4667-B4A8-74649D2F101E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1492026092-2507368824-3614128289-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {77E0B9A8-FC99-436F-8324-50DCA2A20030} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-17] (AVAST Software)
Task: {7B616413-7AB3-4FCE-8FA2-6C2364F816FA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {8B6E1414-E118-4686-9F12-13149F9DD58B} - System32\Tasks\{F5BAD9F8-13AB-4F43-A85D-B719E7E5B85E} => pcalua.exe -a F:\cakeshop2_setup.exe -d F:\
Task: {8BA329D9-9EFC-4074-B6A4-3DDB834600A2} - System32\Tasks\{8610F83D-69BE-482A-8568-BE672AAEE57F} => pcalua.exe -a "F:\مجلد جديد (4)\SetEdithomecast\SetEdithomecast\SetEditHomecast_installation_de.exe" -d "F:\مجلد جديد (4)\SetEdithomecast\SetEdithomecast"
Task: {A41F01CB-A778-43D7-BE6F-8CD237A057A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc.)
Task: {A639EBD9-3C88-496B-956D-13DEE8FC5214} - System32\Tasks\{1A9806CB-2646-499D-810E-A92B173225DF} => pcalua.exe -a "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist\vcredist_x86.exe" -d "F:\احمد عصام\مجلد جديد \myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist"
Task: {A75AE5DD-318C-4F41-8678-8172FD525565} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {B0B060BB-9B0A-4378-A77F-551D6CF79210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc.)
Task: {DA10A36C-9455-48D7-B0F4-0D71E6D4AFFE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001Core => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {DAA3FEAD-2860-4576-AFE9-02F251F43FCA} - System32\Tasks\SmartShare => C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe [2014-03-13] (LG Electronics Inc.)
Task: {EA63D60A-DE3F-418B-BFEE-E29A85BECFDB} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {EBDA6815-B4A4-4171-AD07-E3BA9F6EE96C} - System32\Tasks\AdobeAAMUpdater-1.0-ahmed-PC-ahmed => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {F9075FBF-D412-4B70-B992-66EFE1EADDF3} - System32\Tasks\{894FE5B0-8228-42BE-BC16-8EB102866CAB} => pcalua.exe -a F:\برامج\wlsetup-web.exe -d F:\برامج
Task: {FD179DEC-BF2A-49CE-AC43-C0044794BC43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA1d12eee184b990f => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001Core.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA1d12eee184b990f.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-17 17:59 - 2016-01-17 17:59 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-17 17:59 - 2016-01-17 17:59 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-22 14:47 - 2016-05-22 14:47 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052200\algo.dll
2016-04-14 17:25 - 2016-04-14 17:25 - 00510368 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-23 13:04 - 2016-05-23 13:04 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052300\algo.dll
2011-11-09 22:10 - 2011-11-09 22:10 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-10-22 18:07 - 2015-10-22 18:07 - 00867928 _____ () C:\Program Files\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-02-12 16:29 - 2014-02-12 16:29 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-01-17 17:59 - 2016-01-17 17:59 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-23 01:04 - 2016-05-19 14:24 - 00619520 _____ () C:\Program Files\NetWorx\sqlite.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-10-22 18:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2015-11-05 01:42 - 2013-12-06 22:06 - 00642016 _____ () C:\Program Files\LG Software\LG Smart Share\DMS\sqlite3.dll
2015-11-05 01:42 - 2011-08-10 14:00 - 00378880 _____ () C:\Windows\System32\av_dll.dll
2015-11-05 01:42 - 2011-08-10 14:00 - 00020992 _____ () C:\Windows\System32\av_proxy.dll
2016-05-12 23:54 - 2016-05-11 13:48 - 01738904 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 23:54 - 2016-05-11 13:48 - 00086168 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-12 23:54 - 2016-05-11 13:48 - 17565848 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 __RSH C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{47F2D550-31D7-4516-997A-7FFF0461151B}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{59A01C98-5E28-424E-9DC8-9F1F7EA24BD8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3DE5CE65-F91B-4250-BA66-323A748DAB4C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F877435A-58A2-48EE-AC29-90EFD8AF412B}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{56D0B98D-17DC-43D9-8366-9326B29FA478}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B4E2DDBD-EEC1-40E4-8B4E-87E3CF28B75E}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{1D7DCA63-EBA5-4E80-B32E-CC9404DA1A23}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{26C52652-AA57-4AFF-AA58-00E982062FA5}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6603168C-D63C-4F75-B7F7-8B7AE5A2C6FB}] => (Allow) LPort=2869
FirewallRules: [{41773553-4B6B-42AA-9949-C3BD44AB2662}] => (Allow) LPort=1900
FirewallRules: [{35618EE8-F4A2-463E-9D03-E15CEBD30A15}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{69418C17-8EB3-478A-ACB2-14D7A120561F}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{AB5396DB-5D7A-4BE6-85F4-EA00CA78417E}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{4F9AAC3C-E9BC-4D53-B25F-A95CE019AAD8}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [TCP Query User{A8BE0FFA-5022-44AA-9CCE-9A9F10399BBA}F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe] => (Allow) F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe
FirewallRules: [UDP Query User{9CBA5D1C-228E-4337-A914-7D17707D5669}F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe] => (Allow) F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe
FirewallRules: [TCP Query User{FC119591-3BE3-4506-B8C6-2B2E9164F050}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{A6A53DB1-9C38-495A-86F5-F001A11D7363}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe
FirewallRules: [TCP Query User{9C7424DC-C1D0-44A7-8A22-8A8E4785A93D}C:\users\ahmed\downloads\programs\ffinstonline.exe] => (Allow) C:\users\ahmed\downloads\programs\ffinstonline.exe
FirewallRules: [UDP Query User{0B8DD996-FE70-4C1A-9295-DA078772CA04}C:\users\ahmed\downloads\programs\ffinstonline.exe] => (Allow) C:\users\ahmed\downloads\programs\ffinstonline.exe
FirewallRules: [{7D1D9A02-30A8-494F-8A75-19424CF50390}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{9EC87605-EE64-4DFE-873E-B72500E11A02}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{61947BD3-5A65-4A6F-95D9-92C419B81BF5}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{23054122-5B09-473E-883B-45C49C38E30C}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{832FB995-5119-47C2-8BA0-6F43B9B30076}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E0DF9E2-8703-49EF-8360-B804B3C0C716}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{62043EC9-A62D-4776-9B70-E96FCE713F21}] => (Allow) C:\Users\ahmed\Desktop\Pes 13\pes2013.exe
FirewallRules: [{8B97F3A6-3F01-4B3E-B2DC-9A88C34EF7F5}] => (Allow) C:\Users\ahmed\Desktop\Pes 13\pes2013.exe
FirewallRules: [{EF0447AF-8F65-4558-AD6B-1CC0055D4785}] => (Allow) C:\Users\ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54AB0218-5F32-422E-A58B-5725F62F7287}] => (Allow) C:\Users\ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3093619D-0DFE-491B-A606-22C67FCEAC73}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe
FirewallRules: [{F1D8A747-838D-4148-9D0B-92E46226AE57}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe
FirewallRules: [{53EEDC54-7C47-4A50-8335-F4F67F5C2815}] => (Allow) C:\Program Files\NetWorx\networx.exe
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000016c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0186F340.64). hr = 0x80070005, Access is denied.
.
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,0135EC58.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {97ae515b-cb88-4b13-8d86-a50ab992f086}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,0135EC44.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {97ae515b-cb88-4b13-8d86-a50ab992f086}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000948,(null),0,REG_BINARY,03EFEE78.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {77ee6f9e-fbfc-425a-9278-e09c6f794d11}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000948,(null),0,REG_BINARY,03EFEE64.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {77ee6f9e-fbfc-425a-9278-e09c6f794d11}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000085c,(null),0,REG_BINARY,021AECD0.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {8fd2adc5-6a13-49f5-9f0b-ae02bff9a105}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000085c,(null),0,REG_BINARY,021AECBC.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {8fd2adc5-6a13-49f5-9f0b-ae02bff9a105}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000198,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0190F3F8.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {3578dc98-e82e-4d3a-8448-8f0a1653f731}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0135F8F8.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {c53f0caa-b49b-4956-b4a9-7b8903edfd30}
Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0163F158.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a504ba67-f981-4afa-8b4d-6e3aaa05eebe}
System errors:
=============
Error: (05/23/2016 04:01:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: فشل الاستدعاء ScRegSetValueExW لـ DeleteFlag بسبب الخطأ التالي:
%%5
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:19 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (05/23/2016 01:05:19 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (05/23/2016 01:05:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي:
%%-2140993535
Error: (05/23/2016 01:05:13 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
CodeIntegrity:
===================================
Date: 2015-10-22 19:53:23.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-22 19:53:23.179
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-22 19:53:23.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-22 19:53:23.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 53%
Total physical RAM: 3071.24 MB
Available physical RAM: 1423.36 MB
Total Virtual: 6140.8 MB
Available Virtual: 3568.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:80 GB) (Free:36.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:250.51 GB) (Free:188.59 GB) NTFS
Drive e: (عصام) (Fixed) (Total:300.5 GB) (Free:203.28 GB) NTFS
Drive f: () (Fixed) (Total:300.5 GB) (Free:96.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B50C0E03)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=851.5 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================