Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016 Ran by uthmin (2016-05-04 01:35:27) Running from C:\Users\uthmin\Desktop Windows 10 Pro (X64) (2016-04-27 18:06:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2791196081-3455553443-96247009-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2791196081-3455553443-96247009-503 - Limited - Disabled) Guest (S-1-5-21-2791196081-3455553443-96247009-501 - Limited - Disabled) uthmin (S-1-5-21-2791196081-3455553443-96247009-1001 - Administrator - Enabled) => C:\Users\uthmin ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 9.0.377.1 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 9.0.377.1 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: جدار الحماية الشخصي ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems) Adobe Reader X (10.1.7) - Arabic (HKLM-x32\...\{AC76BA86-7AD7-1025-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Ant Download Manager version 0.3.3.beta (HKLM-x32\...\{754CB6A3-3FE2-40DA-9FE5-2864909BD1CC}_is1) (Version: 0.3.3.beta - AntGROUP, Inc.) Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.) Canon MF4010 Series (HKLM\...\{900A29A0-52BA-4a78-8E6C-5F4F821397CE}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.42.136 - OSToto Co., Ltd.) DriversCloud.com (64 bits) (HKLM\...\{C0B32FDA-5FB1-43F9-9273-E5DC59EE9164}) (Version: 8.0.4.0 - Cybelsoft) ESET Smart Security (HKLM\...\{EADABD26-1163-4E63-A5CA-CB5D49FD13C7}) (Version: 9.0.377.1 - ESET, spol. s r.o.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc‎.‎) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit) Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEmu (HKLM-x32\...\MEmu) (Version: 2.1.1 - Microvirt) Microsoft Office Language Pack 2013 - Arabic العربية (HKLM\...\Office15.OMUI.ar-sa) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc) Readiris Corporate 12 Middle East Edition (HKLM-x32\...\Readiris Corporate 12 Middle East Edition) (Version: - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.107 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.104 - Synaptics Incorporated) Viber (HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Viber) (Version: 5.1.1.15 - Viber Media Inc) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) Wise Disk Cleaner 9.11 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.11 - WiseCleaner.com, Inc.) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) منبه الذاكرين (HKLM-x32\...\منبه الذاكرين) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2791196081-3455553443-96247009-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\uthmin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1721B862-666C-4F34-ADA2-0F4D97A29970} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION Task: {2DC28081-85F7-4058-A9A1-77A9EDC27FE4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {4060293D-0A03-4462-B6F7-ED9A20FA7129} - System32\Tasks\Uninstaller_SkipUac_uthmin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit) Task: {4748DD3C-133F-4BF0-B05E-9C380EC96825} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {5DBD4505-4D34-4F34-881C-B64685AFE22E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {60D3B8D5-F956-49F9-B4C7-78D0B6B06797} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-27] (Google Inc.) Task: {81568D79-794E-4275-BE71-6A376F357FAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-27] (Google Inc.) Task: {8A70F318-A169-4326-9AE4-D175E1AD51B0} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.) Task: {97190C4F-F30C-4317-8212-150908C9E871} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Drothman-uthmin Drothman => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {9F25FD7B-D8A4-47CA-AFEA-4A6D47DBB9B0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {AC4DE593-1CC8-415A-B8A8-C321520EB5AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {B020AAEC-8DAC-4EAC-8D60-0C6BDA049D49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D27E9A66-9334-4540-9734-D04B004C29A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {D4A94B4D-EC9D-4232-9130-94D99DD64BBE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {FADA5F13-9833-4FEE-93FA-B1FD2188AC65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_uthmin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 13:00 - 2015-07-10 13:00 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-07-10 13:00 - 2015-07-10 13:00 - 02498296 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-07-10 13:00 - 2015-07-10 13:00 - 02498296 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-27 20:19 - 2016-04-27 20:19 - 00959176 _____ () C:\Users\uthmin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 13:00 - 2015-07-10 15:14 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 13:00 - 2015-07-10 15:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-07-10 13:00 - 2015-07-10 15:14 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd 2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd 2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd 2016-04-27 22:59 - 2016-03-09 11:35 - 00147216 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll 2016-04-27 22:59 - 2016-03-09 11:35 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll 2016-04-27 22:59 - 2016-03-09 11:35 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll 2016-04-27 23:00 - 2016-03-09 11:35 - 00165088 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll 2016-04-27 22:59 - 2016-03-09 11:35 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll 2016-04-27 23:00 - 2016-03-09 11:35 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll 2016-04-27 21:36 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2016-04-27 21:36 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2016-04-27 21:36 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2791196081-3455553443-96247009-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\StartupFolder: => "Thaker.lnk" HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "AntDM" HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "antMR" HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{33318A96-B2BA-4B5A-9C87-2DE26CD29556}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{5E186D54-E22F-4F30-9ED8-AD1B628EBD77}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{250531EE-8AF3-4AE9-AAF8-ACE368D28225}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{63355FE0-12E1-48C0-9262-3C8F1A382B82}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{524C17C9-A15B-441C-A87B-6DFE0DE36248}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{17D270AE-226A-4398-93AD-11D7F95CB804}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4577D8F6-0940-472D-A542-682D8439445F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{9E22532F-7D24-4B25-9416-5704B6DDD26C}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe FirewallRules: [UDP Query User{BF6EEF03-54BE-4921-B216-2057EE4C2C72}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe FirewallRules: [{2E68F3AE-2A6E-4AD1-AEC2-E646ED932D08}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe FirewallRules: [{E2EDB909-077E-4848-A637-47C975A54816}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe FirewallRules: [{BCADE6ED-822F-46A3-8F4A-95A2DCBF57E9}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe FirewallRules: [{F7F5B3A2-BC8D-4E74-8EAF-0207BB93AD1A}] => (Allow) C:\Program Files\Microvirt\MEmu\MEmu.exe FirewallRules: [{5CEE10F8-228E-4DBE-95DA-104142EB0CB3}] => (Allow) C:\Program Files\Microvirt\MEmu\MEmu.exe FirewallRules: [{CFA6D58A-4929-4E17-AA1D-B9E3A890B399}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe FirewallRules: [{97893686-2FEB-4059-A50B-9560D8F3D823}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe FirewallRules: [{FD150DF5-47B8-4D99-A879-7D335E1D601B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{5E432353-CBF5-467F-AB02-33150A8634A6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{ED73F098-4793-4FBA-A1CD-2D47CEFBA276}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{E13C3EBF-9048-4DEE-A384-0A760FB8EA44}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{AC777494-53A7-403E-9A89-FB2B37BDCC3E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{A8F9C707-6C69-4BF7-830E-1434F5FBE103}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe ==================== Restore Points ========================= 01-05-2016 02:31:00 Driver Booster : Synaptics PS/2 Port TouchPad 01-05-2016 18:25:34 Installed MF Toolbox 01-05-2016 18:35:12 Installed DriversCloud.com (64 bits) 01-05-2016 21:26:20 Installed Adobe Acrobat XI Pro. 03-05-2016 03:00:43 Removed Adobe Acrobat XI Pro. 03-05-2016 03:11:43 Installed Adobe Acrobat XI Pro. 03-05-2016 03:20:38 Installed Adobe Reader X (10.1.7) - Arabic. 04-05-2016 00:25:17 SlimDrivers Installing Drivers 04-05-2016 00:36:13 SlimDrivers Installing Drivers 04-05-2016 00:38:26 Installed Realtek Card Reader 04-05-2016 00:40:54 Removed SlimDrivers 04-05-2016 00:50:29 Created by Wise Disk Cleaner ==================== Faulty Device Manager Devices ============= Name: Generic USB Hub Description: Generic USB Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Generic USB Hub) Service: usbhub Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2016 12:50:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/04/2016 12:40:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/04/2016 12:38:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/04/2016 12:36:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/04/2016 12:25:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddWin32ServiceFiles: Unable to back up image of service SpyHunter 4 Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (05/04/2016 12:25:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/03/2016 09:33:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program XboxApp.exe version 15.15.1603.22005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: d4 Start Time: 01d1a5729d4cb2f2 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.XboxApp_15.15.22005.0_x64__8wekyb3d8bbwe\XboxApp.exe Report Id: e7dc9e04-1165-11e6-8267-2c27d7d7defd Faulting package full name: Microsoft.XboxApp_15.15.22005.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.XboxApp Error: (05/03/2016 09:33:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drothman) Description: فشل تنشيط التطبيق Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp مع حدوث الخطأ: -2144927142 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية. Error: (05/03/2016 09:33:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Drothman) Description: تم إنهاء تطبيق Microsoft.XboxApp_15.15.22005.0_x64__8wekyb3d8bbwe+Microsoft.XboxApp في الوقت المحدد له. Error: (05/03/2016 06:02:29 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest. System errors: ============= Error: (05/04/2016 01:33:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: ‏‏تم إنهاء الخدمة LiveUpdate بشكل غير متوقع. حدث ذلك 1 مرة. Error: (05/04/2016 01:15:46 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\System32\drivers\TrueSight.sys Error: (05/04/2016 12:46:00 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Drothman) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2791196081-3455553443-96247009-1001-0-ntuser.dat Error: (05/04/2016 12:45:46 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Drothman) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2791196081-3455553443-96247009-1001-0-ntuser.dat Error: (05/04/2016 12:30:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة Sync Host_Session2. Error: (05/04/2016 12:30:11 AM) (Source: DCOM) (EventID: 10010) (User: Drothman) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (05/04/2016 12:30:11 AM) (Source: DCOM) (EventID: 10010) (User: Drothman) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (05/04/2016 12:30:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Sync Host_Session2 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service. Error: (05/04/2016 12:09:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Local Driver Service بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 300000 مللي ثانية: Restart the service. Error: (05/03/2016 11:05:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Local Driver Service بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 300000 مللي ثانية: Restart the service. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz Percentage of memory in use: 45% Total physical RAM: 4043.86 MB Available physical RAM: 2207.7 MB Total Virtual: 5451.86 MB Available Virtual: 3983.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:109.52 GB) (Free:69.12 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (كلية+برامج) (Fixed) (Total:156.74 GB) (Free:40.88 GB) NTFS Drive f: (شخصي) (Fixed) (Total:199.16 GB) (Free:84.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0A80CABD) Partition 1: (Active) - (Size=109.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=156.7 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=199.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================