Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017 Ran by fadi (20-02-2017 15:29:05) Running from C:\Users\fadi\Downloads\Programs Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-02-05 17:08:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2843317728-1395094010-2175450331-500 - Administrator - Disabled) fadi (S-1-5-21-2843317728-1395094010-2175450331-1001 - Administrator - Enabled) => C:\Users\fadi Guest (S-1-5-21-2843317728-1395094010-2175450331-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2843317728-1395094010-2175450331-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Internet Security 10.0.386.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Internet Security 10.0.386.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Driver Booster 4.2 (HKLM\...\Driver Booster_is1) (Version: 4.2.0 - IObit) ESET Internet Security (HKLM\...\{A5EC24E5-99FA-4A5D-95B4-4BAAFF8B73E5}) (Version: 10.0.386.0 - ESET, spol. s r.o.) Foxit PhantomPDF (HKLM\...\{153C284C-CE77-11E6-8B71-000C2992F709}) (Version: 8.2.0.2192 - Foxit Software Inc.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.1.0.20 - IObit) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Mozilla Firefox 51.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla) Tactical Ops (HKLM\...\Tactical Ops) (Version: - ) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ZHPFix 2015 (HKLM\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {9ED8FE32-D8E5-4407-A014-9F823B32C4EB} - System32\Tasks\Driver Booster Scheduler => C:\Program Files\IObit\Driver Booster\4.2.0\Scheduler.exe [2016-12-14] (IObit) Task: {B4C3C025-78FA-4857-B0EC-D4516B128B9B} - System32\Tasks\Driver Booster SkipUAC (fadi) => C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe [2017-01-10] (IObit) Task: {EEF4AAE4-DEF6-4AA6-B2B1-CA306AC38CBB} - System32\Tasks\Uninstaller_SkipUac_fadi => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-01] (IObit) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-02-19 19:15 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl 2017-02-19 19:15 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl 2017-02-19 19:15 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl 2017-02-19 19:15 - 2016-05-23 21:49 - 00899872 _____ () C:\Program Files\IObit\IObit Uninstaller\webres.dll 2017-02-19 19:15 - 2016-10-18 16:57 - 00631072 _____ () C:\Program Files\IObit\IObit Uninstaller\ProductStatistics.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:76650B61 [103] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:04 - 2017-02-19 19:19 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2843317728-1395094010-2175450331-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fadi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{129DA10D-FF19-4B96-A082-674DE4F463EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{007347CF-BFBC-41F6-B856-7CC14299F37A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E07BF102-5A8B-468B-9ED2-2C0F462CEE37}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe FirewallRules: [{E48F2296-D0E1-4C87-9597-661E02CB9DE2}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe FirewallRules: [{3D0D30B7-D1CF-4B75-8A27-C37FB4578B7D}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DBDownloader.exe FirewallRules: [{9173777D-8239-4DF6-BC93-6961836399D5}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DBDownloader.exe FirewallRules: [{89DBC50A-918B-42E2-8B49-B0C47E856E40}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\AutoUpdate.exe FirewallRules: [{4FA7A1F7-7E3F-42AD-8823-56258980BEB6}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\AutoUpdate.exe ==================== Restore Points ========================= 05-02-2017 08:57:42 Windows Update 05-02-2017 10:21:42 ‏‏تم تثبيت Microsoft Office Word Viewer 2003 05-02-2017 10:46:27 ‏‏تم إزالة Microsoft Office Word Viewer 2003 05-02-2017 10:48:08 Installed Microsoft Office Enterprise 2007 15-02-2017 08:17:34 Scheduled Checkpoint 19-02-2017 14:44:53 JRT Pre-Junkware Removal 19-02-2017 17:29:34 Driver Booster : Intel(R) ICH9 Family PCI Express Root Port 1 - 2940 19-02-2017 18:01:46 zoek.exe restore point ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/20/2017 03:22:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/20/2017 06:37:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/19/2017 06:30:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/17/2017 11:57:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/15/2017 07:01:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/14/2017 09:28:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/12/2017 06:46:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\ucbrowser\application\6.0.1308.1016\Backup\UCBrowser.exe". Dependent Assembly 6.0.1308.1016,language="*",type="win32",version="6.0.1308.1016" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/12/2017 06:19:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/11/2017 05:57:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/11/2017 05:22:52 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (02/19/2017 06:20:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/19/2017 06:20:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/19/2017 06:20:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/19/2017 06:20:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/19/2017 06:20:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/17/2017 11:55:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (02/17/2017 11:55:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/17/2017 11:55:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Reason Core Security Engine Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/17/2017 11:54:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/17/2017 11:54:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The rscp service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-02-19 17:57:41.836 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\NUP9316.tmp.raw because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 17:57:39.676 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\NUP9316.tmp.raw because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 17:57:37.522 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\NUP9316.tmp.raw because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 17:57:35.394 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\NUP9316.tmp.raw because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 15:32:16.966 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Internet Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 15:32:16.966 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Internet Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 15:32:16.951 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Internet Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 15:32:16.935 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Internet Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 15:32:16.920 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Internet Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 15:32:16.904 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Internet Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz Percentage of memory in use: 41% Total physical RAM: 2940 MB Available physical RAM: 1718.79 MB Total Virtual: 5878.29 MB Available Virtual: 4391.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:75.76 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:200.43 GB) (Free:200.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 22740B6F) Partition 1: (Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================