Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2017
Ran by WALID (07-05-2017 21:35:38)
Running from C:\Users\WALID\Desktop
Windows 10 Pro Version 1607 (X64) (2016-12-20 22:54:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1911082478-4131677602-2346033679-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1911082478-4131677602-2346033679-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1911082478-4131677602-2346033679-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1911082478-4131677602-2346033679-501 - Limited - Disabled)
WALID (S-1-5-21-1911082478-4131677602-2346033679-1001 - Administrator - Enabled) => C:\Users\WALID

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security Premium 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: جدار الحماية الشخصي ESET (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
AE CC x64 (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
AVS Video Editor 7.5.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.5.1.288 - Online Media Technologies Ltd.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Camtasia Studio 8 (HKLM-x32\...\{904AC0F0-F69E-467E-A719-B083940F608A}) (Version: 8.5.2.1999 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Contents64 (Version: 20.0.0.137 - Corel Corporation) Hidden
Corel Update Manager (Version: 2.3.160 - Corel corporation) Hidden
Corel VideoStudio Ultimate X10 (HKLM-x32\...\_{F66B7119-9BE1-4982-A96D-4DB070A70B81}) (Version: X10.0.0.137 - Corel Corporation)
ESET Smart Security Premium (HKLM\...\{1D495CA1-5F7D-4FBB-9AAD-90BFF5D0B97A}) (Version: 10.0.386.4 - ESET, spol. s r.o.)
f.lux (HKU\S-1-5-21-1911082478-4131677602-2346033679-1001\...\Flux) (Version:  - )
FormatFactory 4.0.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.0.0.0 - Free Time)
GI-Arabic Now (HKLM-x32\...\GI-Arabic Now) (Version: 1.0 - Global Integrated Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc‎.‎)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
ICA (x32 Version: 20.0.0.137 - Corel Corporation) Hidden
Inpaint 6.2 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
IPM_VS_Pro64 (Version: 20.0 - Corel Corporation) Hidden
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
MAGIX Movie Edit Pro Premium (HKLM\...\MX.{8E342605-07F1-4F3F-A8C9-3AF6E33D0586}) (Version: 16.0.1.22 - MAGIX Software GmbH)
MAGIX Movie Edit Pro Premium (Version: 16.0.1.22 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro Premium Update (Version: 16.0.3.63 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{7F513300-110D-456C-BD53-427CEA96CE09}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Speed burnR (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MP3Resizer 2.2.1 (HKLM-x32\...\MP3Resizer_is1) (Version:  - Skyshape Software)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.5 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
Premiere Pro (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.7.0 - Adlice Software)
Setup (x32 Version: 20.0.0.137 - Corel Corporation) Hidden
Share64 (Version: 20.0.0.137 - Corel Corporation) Hidden
Vegas Pro 11.0 (HKLM-x32\...\{E6F012B0-E930-11E0-A67A-F04DA23A5C58}) (Version: 11.0.370 - Sony)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{0AD91785-F9BD-47FD-84F7-9E27B5A1853D}) (Version: 12.1.0 - VMware, Inc.)
VSClassic64 (Version: 20.0.0.137 - Corel Corporation) Hidden
VSUltimate64 (Version: 20.0.0.137 - Corel Corporation) Hidden
WinRAR 5.40 (64-بت) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1911082478-4131677602-2346033679-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\WALID\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1911082478-4131677602-2346033679-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\WALID\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1911082478-4131677602-2346033679-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\WALID\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27FE452E-D235-4740-8569-464F164EA17F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {A9BB2643-E883-48E5-B33A-1BC08582DB61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {B6645922-A058-42AB-A8DF-392D2EA6DA9B} - System32\Tasks\CorelUpdateHelperTask => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-04-24] (Corel Corporation)
Task: {BF5F4812-266D-47B4-AC82-52DF833EE996} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {C12046D8-371D-4D11-9B93-4F884DCE8260} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-2CM5E88-WALID => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {CFBFFC60-0A2D-4AFA-8DF4-C9934AAE6AFE} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-04-24] (Corel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\WALID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\‏تطبيقات Chrome\_ماسنجر الكل في واحد (All-in-One Messenger)_.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=lainlkmlgipednloilifbppmhdocjbda

==================== Loaded Modules (Whitelisted) ==============

2017-02-15 10:30 - 2017-02-15 10:30 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
2015-11-25 19:09 - 2015-11-25 19:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-04-12 09:52 - 2017-03-28 07:22 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-04-12 09:52 - 2017-03-28 07:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-04-12 09:52 - 2017-03-28 07:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-21 12:43 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-30 22:51 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-30 22:52 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-30 22:52 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-30 22:52 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 09:52 - 2017-03-28 06:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 09:52 - 2017-03-28 06:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-30 08:45 - 2017-03-30 08:46 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-11-25 19:09 - 2015-11-25 19:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-11-25 19:09 - 2015-11-25 19:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-11-25 19:09 - 2015-11-25 19:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-11-25 19:09 - 2015-11-25 19:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2017-02-20 22:44 - 2014-09-11 19:58 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-02-20 22:44 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [153]
AlternateDataStreams: C:\Users\WALID\AppData\Local\Temp:bVUtM1MFtB1gS3nwrwPdbd76c [2174]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-02-16 00:39 - 2017-04-25 22:35 - 00001175 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cap.cyberlink.com127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1911082478-4131677602-2346033679-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: IObitUnSvr => 2
HKLM\...\StartupApproved\Run: => "Connectify Dispatch"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1911082478-4131677602-2346033679-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1911082478-4131677602-2346033679-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9EBD19B8-61A5-40C9-B508-18912DC28E64}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8746DC25-86EA-4D38-8184-2D96F7F5F379}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{871CC40B-2446-4622-90C5-03C3A4ECD4C5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{CC60BCB6-066D-4B21-9B2A-35AF97EA38E0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{833068CD-6928-4554-9450-6AB0AE17F244}] => (Allow) LPort=8317
FirewallRules: [{1A885BC3-514B-487B-AFE5-FAD9BC04FA60}] => (Allow) C:\Program Files\MAGIX\Movie Edit Pro Premium\2017\Videodeluxe.exe
FirewallRules: [{E33C67D8-20EF-40F1-A98C-DADAB7D23238}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{60900201-580C-40E1-857B-1705EC6D9F7D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{174DE292-E879-454C-B890-4BBE99034E1C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{95DB18B0-058A-481C-8399-D30EDE1ADC83}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{55214104-B76B-4621-884F-168583D081CB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{222631A5-D5FA-4336-82DC-32129F3B641B}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{F7F7DCC2-4036-4EBB-BE1F-9127B39DA764}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe

==================== Restore Points =========================

06-05-2017 23:01:43 00

==================== Faulty Device Manager Devices =============

Name: Souris compatible PS/2
Description: Souris compatible PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Contrôleur PCI de communications simplifiées
Description: Contrôleur PCI de communications simplifiées
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2017 10:22:56 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (05/07/2017 10:22:56 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (05/06/2017 11:27:04 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (3544) WebCacheLocal: La récupération/restauration de la base de données a échoué en raison d’une erreur inattendue -1032.

Error: (05/06/2017 11:27:04 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (3544) WebCacheLocal: Une tentative d’ouverture du fichier « C:\Users\WALID\AppData\Local\Microsoft\Windows\WebCache\V01.log » pour accès en lecture/écriture a échoué en indiquant l’erreur système 32 (0x00000020) : « Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L’opération d’ouverture de fichier échouera en indiquant l’erreur -1032 (0xfffffbf8).

Error: (05/06/2017 11:01:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2017 11:00:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (3544) WebCacheLocal: La récupération/restauration de la base de données a échoué en raison d’une erreur inattendue -1032.

Error: (05/06/2017 11:00:51 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (3544) WebCacheLocal: Une tentative d’ouverture du fichier « C:\Users\WALID\AppData\Local\Microsoft\Windows\WebCache\V01.log » pour accès en lecture/écriture a échoué en indiquant l’erreur système 32 (0x00000020) : « Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L’opération d’ouverture de fichier échouera en indiquant l’erreur -1032 (0xfffffbf8).

Error: (05/06/2017 10:29:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (05/06/2017 10:28:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2017 10:25:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet


System errors:
=============
Error: (05/07/2017 09:35:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2CM5E88)
Description: Le serveur {37998346-3765-45B1-8C66-AA88CA6B20B8} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (05/07/2017 09:33:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: ‏‏تم إنهاء خدمة Connected Devices Platform Service بسبب الخطأ التالي: 
Erreur non spécifiée

Error: (05/07/2017 11:37:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/07/2017 11:37:00 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2CM5E88)
Description: Le serveur {37998346-3765-45B1-8C66-AA88CA6B20B8} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (05/07/2017 11:35:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: ‏‏تم إنهاء خدمة Connected Devices Platform Service بسبب الخطأ التالي: 
Erreur non spécifiée

Error: (05/07/2017 10:54:40 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2CM5E88)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 et l’APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 au SID DESKTOP-2CM5E88\WALID de l’utilisateur (S-1-5-21-1911082478-4131677602-2346033679-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/07/2017 10:54:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2CM5E88)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 et l’APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 au SID DESKTOP-2CM5E88\WALID de l’utilisateur (S-1-5-21-1911082478-4131677602-2346033679-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/07/2017 10:46:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏تم إنهاء الخدمة VMware Workstation Server بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 60000 مللي ثانية: أعد تشغيل الخدمة.

Error: (05/07/2017 10:46:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/07/2017 10:45:32 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2CM5E88)
Description: Le serveur {37998346-3765-45B1-8C66-AA88CA6B20B8} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.


CodeIntegrity:
===================================
  Date: 2017-04-07 08:37:58.521
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-05 09:51:47.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-03 10:22:05.257
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-02 10:10:08.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-29 09:12:51.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-29 09:12:50.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-29 08:58:27.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-29 00:18:49.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-29 00:14:03.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\SET42A4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-28 19:36:00.575
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3063.3 MB
Available physical RAM: 1141.1 MB
Total Virtual: 4215.3 MB
Available Virtual: 1671.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:23.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.01 GB) (Free:75.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 65486548)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 00000080)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================