Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-05-2016 01 Ran by ahmed (2016-05-23 16:02:41) Running from C:\Users\ahmed\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-10-22 15:37:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1492026092-2507368824-3614128289-500 - Administrator - Disabled) ahmed (S-1-5-21-1492026092-2507368824-3614128289-1001 - Administrator - Enabled) => C:\Users\ahmed Guest (S-1-5-21-1492026092-2507368824-3614128289-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1492026092-2507368824-3614128289-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{DC07522A-FA33-C098-E885-2FFA362097FC}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software) BlueStacks App Player (HKLM\...\{6693B491-7BA8-4A42-A40C-B1BABC8C5339}) (Version: 2.1.7.5658 - BlueStack Systems, Inc.) CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.3019 - CyberLink Corp.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden FormatFactory 3.8.0.0 (HKLM\...\FormatFactory) (Version: 3.8.0.0 - Free Time) GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.64 - SecureMix LLC) GOM Player (HKLM\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation) Google Chrome (HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc‎.‎) Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) HP Deskjet 1510 series برنامج الجهاز الأساسي (HKLM\...\{ED8D2CCC-1A99-4810-8503-541172774EA2}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) HP Deskjet 1510 series تعليمات (HKLM\...\{CB894617-864E-4668-B012-7C46AEF6AE45}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HydraVision (Version: 4.2.220.0 - Advanced Micro Devices, Inc.) Hidden Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - ) LightScribe System Software 1.14.19.1 (HKLM\...\{513148E7-B7A1-48B2-B518-668701E546F5}) (Version: 1.14.19.1 - LightScribe) Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Essentials (HKLM\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG) NetWorx 5.5.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect) PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden PESEdit.com 2013 Patch 6.0 - Update Summer Transfers 2015 2015.09.02 (HKLM\...\PESEdit.com 2013 Patch 6.0 - Update Summer Transfers 2015 2015.09.02) (Version: 2015.09.02 - bedoedeyne) PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd) RealDownloader (Version: 17.0.6 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartShare (HKLM\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.2.1405.1601 - LG Electronics Inc.) Smile With Sunflowers (HKLM\...\Smile With Sunflowers) (Version: 1.0.0.1 - Siteken Network Co., Ltd.) UltraISO Premium V9.65 (HKLM\...\UltraISO_is1) (Version: - ) UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinSetupFromUSB (HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\...\WinSetupFromUSB) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) دراسة تحسين المنتج ل HP Deskjet 1510 series (HKLM\...\{0E398B00-2CFA-4F53-9832-0215E8BF39F0}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) معرض الصور (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1492026092-2507368824-3614128289-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ahmed\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00BEE334-BD9E-4678-9FE6-85909E6A2A95} - System32\Tasks\{8FAEA001-E26F-4AB6-BEA8-1AF3E14C5810} => pcalua.exe -a "F:\برامج\حرق الويندوز\حرق xp\Win Setup From USB_zyzoom\Win Setup From USB_zyzoom\Win Setup From USB_0-2-3.exe" -d "F:\برامج\حرق الويندوز\حرق xp\Win Setup From USB_zyzoom\Win Setup From USB_zyzoom" Task: {172D4EA0-FFB3-453E-9451-38CE0ABC7364} - System32\Tasks\{28A95FB9-230A-4893-8620-DC05EC7D831C} => pcalua.exe -a "F:\احمد عصام\مجلد جديد ‫‬\myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist\vcredist_x86.exe" -d "F:\احمد عصام\مجلد جديد ‫‬\myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist" Task: {194BE650-1D94-4A88-9981-88C85C8121BF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1492026092-2507368824-3614128289-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.) Task: {2AE8C3C1-078B-4364-B2B1-F60A00D09D87} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe Task: {473BA52B-1443-4FB2-89A9-277647FCD032} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {48AB1741-C0BD-4240-95A4-7AC1D2E033ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated) Task: {6CAE0DB6-A952-4667-B4A8-74649D2F101E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1492026092-2507368824-3614128289-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.) Task: {77E0B9A8-FC99-436F-8324-50DCA2A20030} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-17] (AVAST Software) Task: {7B616413-7AB3-4FCE-8FA2-6C2364F816FA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software) Task: {8B6E1414-E118-4686-9F12-13149F9DD58B} - System32\Tasks\{F5BAD9F8-13AB-4F43-A85D-B719E7E5B85E} => pcalua.exe -a F:\cakeshop2_setup.exe -d F:\ Task: {8BA329D9-9EFC-4074-B6A4-3DDB834600A2} - System32\Tasks\{8610F83D-69BE-482A-8568-BE672AAEE57F} => pcalua.exe -a "F:\مجلد جديد ‫(4)‬\SetEdithomecast\SetEdithomecast\SetEditHomecast_installation_de.exe" -d "F:\مجلد جديد ‫(4)‬\SetEdithomecast\SetEdithomecast" Task: {A41F01CB-A778-43D7-BE6F-8CD237A057A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc.) Task: {A639EBD9-3C88-496B-956D-13DEE8FC5214} - System32\Tasks\{1A9806CB-2646-499D-810E-A92B173225DF} => pcalua.exe -a "F:\احمد عصام\مجلد جديد ‫‬\myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist\vcredist_x86.exe" -d "F:\احمد عصام\مجلد جديد ‫‬\myEGY.TO.5763P876E2943.CRAZY\myEGY.TO.5763P876E2943.CRAZY\Redist" Task: {A75AE5DD-318C-4F41-8678-8172FD525565} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.) Task: {B0B060BB-9B0A-4378-A77F-551D6CF79210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc.) Task: {DA10A36C-9455-48D7-B0F4-0D71E6D4AFFE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001Core => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.) Task: {DAA3FEAD-2860-4576-AFE9-02F251F43FCA} - System32\Tasks\SmartShare => C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe [2014-03-13] (LG Electronics Inc.) Task: {EA63D60A-DE3F-418B-BFEE-E29A85BECFDB} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.) Task: {EBDA6815-B4A4-4171-AD07-E3BA9F6EE96C} - System32\Tasks\AdobeAAMUpdater-1.0-ahmed-PC-ahmed => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {F9075FBF-D412-4B70-B992-66EFE1EADDF3} - System32\Tasks\{894FE5B0-8228-42BE-BC16-8EB102866CAB} => pcalua.exe -a F:\برامج\wlsetup-web.exe -d F:\برامج Task: {FD179DEC-BF2A-49CE-AC43-C0044794BC43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA1d12eee184b990f => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001Core.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1492026092-2507368824-3614128289-1001UA1d12eee184b990f.job => C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-01-17 17:59 - 2016-01-17 17:59 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-01-17 17:59 - 2016-01-17 17:59 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-22 14:47 - 2016-05-22 14:47 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052200\algo.dll 2016-04-14 17:25 - 2016-04-14 17:25 - 00510368 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-23 13:04 - 2016-05-23 13:04 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052300\algo.dll 2011-11-09 22:10 - 2011-11-09 22:10 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2015-10-22 18:07 - 2015-10-22 18:07 - 00867928 _____ () C:\Program Files\Real\RealPlayer\RPDS\Plugins\cldplin.dll 2014-02-12 16:29 - 2014-02-12 16:29 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe 2016-01-17 17:59 - 2016-01-17 17:59 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-05-23 01:04 - 2016-05-19 14:24 - 00619520 _____ () C:\Program Files\NetWorx\sqlite.dll 2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2015-10-22 18:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll 2015-11-05 01:42 - 2013-12-06 22:06 - 00642016 _____ () C:\Program Files\LG Software\LG Smart Share\DMS\sqlite3.dll 2015-11-05 01:42 - 2011-08-10 14:00 - 00378880 _____ () C:\Windows\System32\av_dll.dll 2015-11-05 01:42 - 2011-08-10 14:00 - 00020992 _____ () C:\Windows\System32\av_proxy.dll 2016-05-12 23:54 - 2016-05-11 13:48 - 01738904 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll 2016-05-12 23:54 - 2016-05-11 13:48 - 00086168 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll 2016-05-12 23:54 - 2016-05-11 13:48 - 17565848 _____ () C:\Users\ahmed\AppData\Local\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 __RSH C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{47F2D550-31D7-4516-997A-7FFF0461151B}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{59A01C98-5E28-424E-9DC8-9F1F7EA24BD8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{3DE5CE65-F91B-4250-BA66-323A748DAB4C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{F877435A-58A2-48EE-AC29-90EFD8AF412B}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{56D0B98D-17DC-43D9-8366-9326B29FA478}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{B4E2DDBD-EEC1-40E4-8B4E-87E3CF28B75E}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe FirewallRules: [{1D7DCA63-EBA5-4E80-B32E-CC9404DA1A23}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{26C52652-AA57-4AFF-AA58-00E982062FA5}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{6603168C-D63C-4F75-B7F7-8B7AE5A2C6FB}] => (Allow) LPort=2869 FirewallRules: [{41773553-4B6B-42AA-9949-C3BD44AB2662}] => (Allow) LPort=1900 FirewallRules: [{35618EE8-F4A2-463E-9D03-E15CEBD30A15}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe FirewallRules: [{69418C17-8EB3-478A-ACB2-14D7A120561F}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe FirewallRules: [{AB5396DB-5D7A-4BE6-85F4-EA00CA78417E}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe FirewallRules: [{4F9AAC3C-E9BC-4D53-B25F-A95CE019AAD8}] => (Allow) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe FirewallRules: [TCP Query User{A8BE0FFA-5022-44AA-9CCE-9A9F10399BBA}F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe] => (Allow) F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe FirewallRules: [UDP Query User{9CBA5D1C-228E-4337-A914-7D17707D5669}F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe] => (Allow) F:\العاب\ahmed\العاب\fifa 2007\fifa07.exe FirewallRules: [TCP Query User{FC119591-3BE3-4506-B8C6-2B2E9164F050}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe FirewallRules: [UDP Query User{A6A53DB1-9C38-495A-86F5-F001A11D7363}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe FirewallRules: [TCP Query User{9C7424DC-C1D0-44A7-8A22-8A8E4785A93D}C:\users\ahmed\downloads\programs\ffinstonline.exe] => (Allow) C:\users\ahmed\downloads\programs\ffinstonline.exe FirewallRules: [UDP Query User{0B8DD996-FE70-4C1A-9295-DA078772CA04}C:\users\ahmed\downloads\programs\ffinstonline.exe] => (Allow) C:\users\ahmed\downloads\programs\ffinstonline.exe FirewallRules: [{7D1D9A02-30A8-494F-8A75-19424CF50390}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe FirewallRules: [{9EC87605-EE64-4DFE-873E-B72500E11A02}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe FirewallRules: [{61947BD3-5A65-4A6F-95D9-92C419B81BF5}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe FirewallRules: [{23054122-5B09-473E-883B-45C49C38E30C}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe FirewallRules: [{832FB995-5119-47C2-8BA0-6F43B9B30076}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{0E0DF9E2-8703-49EF-8360-B804B3C0C716}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{62043EC9-A62D-4776-9B70-E96FCE713F21}] => (Allow) C:\Users\ahmed\Desktop\Pes 13\pes2013.exe FirewallRules: [{8B97F3A6-3F01-4B3E-B2DC-9A88C34EF7F5}] => (Allow) C:\Users\ahmed\Desktop\Pes 13\pes2013.exe FirewallRules: [{EF0447AF-8F65-4558-AD6B-1CC0055D4785}] => (Allow) C:\Users\ahmed\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{54AB0218-5F32-422E-A58B-5725F62F7287}] => (Allow) C:\Users\ahmed\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3093619D-0DFE-491B-A606-22C67FCEAC73}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe FirewallRules: [{F1D8A747-838D-4148-9D0B-92E46226AE57}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe FirewallRules: [{53EEDC54-7C47-4A50-8335-F4F67F5C2815}] => (Allow) C:\Program Files\NetWorx\networx.exe ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000016c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0186F340.64). hr = 0x80070005, Access is denied. . Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,0135EC58.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {97ae515b-cb88-4b13-8d86-a50ab992f086} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,0135EC44.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {97ae515b-cb88-4b13-8d86-a50ab992f086} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000948,(null),0,REG_BINARY,03EFEE78.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {77ee6f9e-fbfc-425a-9278-e09c6f794d11} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000948,(null),0,REG_BINARY,03EFEE64.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {77ee6f9e-fbfc-425a-9278-e09c6f794d11} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000085c,(null),0,REG_BINARY,021AECD0.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8fd2adc5-6a13-49f5-9f0b-ae02bff9a105} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000085c,(null),0,REG_BINARY,021AECBC.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8fd2adc5-6a13-49f5-9f0b-ae02bff9a105} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000198,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0190F3F8.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {3578dc98-e82e-4d3a-8448-8f0a1653f731} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0135F8F8.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {c53f0caa-b49b-4956-b4a9-7b8903edfd30} Error: (05/23/2016 03:54:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0163F158.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {a504ba67-f981-4afa-8b4d-6e3aaa05eebe} System errors: ============= Error: (05/23/2016 04:01:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: ‏‏فشل الاستدعاء ScRegSetValueExW لـ DeleteFlag بسبب الخطأ التالي: %%5 Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: ‏‏تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي: %%-2140993535 Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي: %%-2140993535 Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: ‏‏تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي: %%-2140993535 Error: (05/23/2016 01:05:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي: %%-2140993535 Error: (05/23/2016 01:05:19 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (05/23/2016 01:05:19 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (05/23/2016 01:05:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: ‏‏تم إنهاء خدمة Peer Name Resolution Protocol بسبب الخطأ التالي: %%-2140993535 Error: (05/23/2016 01:05:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Peer Networking Grouping على الخدمة Peer Name Resolution Protocol التي فشلت في بدء التشغيل بسبب الخطأ التالي: %%-2140993535 Error: (05/23/2016 01:05:13 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 CodeIntegrity: =================================== Date: 2015-10-22 19:53:23.181 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-22 19:53:23.179 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-22 19:53:23.177 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-22 19:53:23.175 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz Percentage of memory in use: 53% Total physical RAM: 3071.24 MB Available physical RAM: 1423.36 MB Total Virtual: 6140.8 MB Available Virtual: 3568.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:80 GB) (Free:36.21 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:250.51 GB) (Free:188.59 GB) NTFS Drive e: (عصام) (Fixed) (Total:300.5 GB) (Free:203.28 GB) NTFS Drive f: () (Fixed) (Total:300.5 GB) (Free:96.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B50C0E03) Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=851.5 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================