Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by ibrahim (23-03-2017 09:59:04)
Running from C:\Users\ibrahim\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2017-03-17 11:16:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2785253729-1883162254-1830346523-500 - Administrator - Disabled)
Guest (S-1-5-21-2785253729-1883162254-1830346523-501 - Limited - Disabled)
ibrahim (S-1-5-21-2785253729-1883162254-1830346523-1000 - Administrator - Enabled) => C:\Users\ibrahim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
AVS Video Editor 7.5.1 (HKLM\...\AVS Video Editor_is1) (Version: 7.5.1.288 - Online Media Technologies Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Combined Community Codec Pack 2015-10-18 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 4.2 (HKLM\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
FastStone Capture 7.0 (HKLM\...\FastStone Capture) (Version: 7.0 - FastStone Soft)
Foxit Reader (HKLM\...\{D60F533D-0CBF-475F-8300-8B13799775D0}) (Version: 4.3.1.218 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PdaNet+ for Android 4.19 (HKLM\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.0 - Ralink)
SiS VGA Utilities (HKLM\...\SiS VGA Utilities) (Version: 5.28.01 - Silicon Integrated Systems Corporation)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Windows Movie Maker 2016 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A56452-F6E3-4778-B745-AB910658CE08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {2F569CEB-D10E-48F2-80E7-F9DA81A5C5ED} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-21] (AVAST Software)
Task: {ACDB1A53-14D2-43D6-8567-E304CDF54531} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-17] (Google Inc.)
Task: {BE1E960E-5598-48F2-B2B4-E2FC3477A770} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-17] (Google Inc.)
Task: {DD91E67B-CA65-4AC4-A6B6-95F72BB84A50} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-21] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-21 13:03 - 2017-03-21 13:03 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-22 21:25 - 2017-03-22 21:25 - 05991696 _____ () C:\Program Files\AVAST Software\Avast\defs\17032205\algo.dll
2017-03-21 13:03 - 2017-03-21 13:03 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-17 13:02 - 2007-01-08 23:09 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2017-03-21 13:03 - 2017-03-21 13:03 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-17 14:05 - 2013-09-23 16:48 - 01210672 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2017-03-18 07:35 - 2016-12-09 18:08 - 01029944 _____ () C:\Program Files\PdaNet for Android\PdaNetPC.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [101]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2017-03-22 16:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7C5B830D-FAE4-4A8C-AD79-F5D0E88B1F90}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9F1C8BF3-C3A1-4C84-BE79-6E81A8A221A0}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{BFB27D13-3F65-46B9-8310-D7384B931F7F}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{9B4AE194-169E-468F-AFC9-3F837C9F1DB3}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{43B496E8-CC0D-4145-98D1-D1BD23C26D3C}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{9B0F19EF-7DD0-4161-988B-37A5A5B6DEED}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{069744C0-D7C7-40D4-8D82-07CFCF876E08}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{1FF8ABF5-DA66-4FB3-931B-8FB2DDF66EAC}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{0D919932-143A-4276-8971-4B9409582925}] => (Allow) C:\Program Files\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{4AD9F2BF-106B-4661-8A32-317F53D625B7}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe
FirewallRules: [{553D9548-BDB2-48D1-A023-85E411893025}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe

==================== Restore Points =========================

21-03-2017 17:59:45 Before uninstalling Bonjour
21-03-2017 18:03:19 Removed Bonjour
23-03-2017 09:32:25 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2017 09:50:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/23/2017 08:25:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/22/2017 05:24:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/22/2017 04:15:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/22/2017 12:44:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/22/2017 09:04:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: WINWORD.EXE، الإصدار: 0.0.0.0، الطابع الزمني: 0x45428028
اسم الوحدة النمطية التي تحتوي على أخطاء: unknown، الإصدار: 0.0.0.0، الطابع الزمني: 0x00000000
رمز الاستثناء: 0xc00000fd
إزاحة الخطأ: 0x0115848b
معرّف العملية التي تحتوي على خطأ: 0x10d4
وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0x01d2a2e2e7a57ca8
مسار التطبيق الذي يحتوي على خطأ: C:\Users\ibrahim\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000005700002i\WINWORD.EXE
 مسار الوحدة النمطية التي تحتوي على خطأ: unknown
معرف التقرير: 25a4f358-0ed6-11e7-ad38-001c256aa562

Error: (03/22/2017 09:02:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏توقف البرنامج CCleaner.exe الإصدار 4.0.0.4064 عن التفاعل مع Windows وتم إغلاقه. لمعرفة ما إذا كان يتوفر مزيد من المعلومات حول المشكلة، قم بالاطلاع على محفوظات المشكلة في "مركز الصيانة" من لوحة التحكم.

معرّف العملية: fe0

وقت بدء التشغيل: 01d2a2e170db6a6e

وقت الإنهاء: 125

مسار التطبيق: C:\Program Files\CCleaner\CCleaner.exe

معرف التقرير: dc175464-0ed5-11e7-ad38-001c256aa562

Error: (03/22/2017 08:36:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 05:57:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, ‏‏تم رفض الوصول.
.
This is often caused by incorrect security settings in either the writer or requestor process.


العملية:
   تجميع بيانات الكاتب

السياق:
   معرف فئة الكاتب: {e8132975-6f93-4464-a53e-1050253ae220}
   اسم الكاتب: System Writer
   معرف مثيل الكاتب: {169df44d-c969-47cf-b1dc-37b79258bdf6}

Error: (03/21/2017 05:54:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/23/2017 09:48:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة Ralink UPnP Media Server.

Error: (03/23/2017 09:47:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: ‏‏تم إيقاف تشغيل الوحدة النمطية الخاصة بالتوافق مع البرامج الخارجية لـ WLAN بشكل غير متوقع.

مسار الوحدة النمطية: C:\Windows\system32\RAIHV.dll

Error: (03/23/2017 09:47:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: ‏‏تم إيقاف تشغيل الوحدة النمطية الخاصة بالتوافق مع البرامج الخارجية لـ WLAN بشكل غير متوقع.

مسار الوحدة النمطية: C:\Windows\system32\RAIHV.dll

Error: (03/23/2017 09:46:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: ‏‏تم إيقاف تشغيل الوحدة النمطية الخاصة بالتوافق مع البرامج الخارجية لـ WLAN بشكل غير متوقع.

مسار الوحدة النمطية: C:\Windows\system32\RAIHV.dll

Error: (03/23/2017 09:46:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: ‏‏حاولت "إدارة التحكم بالخدمات" اتخاذ إجراء تصحيحي (أعد تشغيل الخدمة) عقب الإنهاء غير المتوقع للخدمة Windows Modules Installer ولكن فشل هذا الإجراء بسبب الخطأ التالي: 
‏‏يتم بالفعل تشغيل مثيل آخر لهذه الخدمة.

Error: (03/23/2017 09:44:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏تم إنهاء الخدمة Windows Modules Installer بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 120000 مللي ثانية: أعد تشغيل الخدمة.

Error: (03/23/2017 09:44:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏تم إنهاء الخدمة Application Layer Gateway Service بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 120000 مللي ثانية: أعد تشغيل الخدمة.

Error: (03/23/2017 09:44:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏تم إنهاء الخدمة Windows Search بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 30000 مللي ثانية: أعد تشغيل الخدمة.

Error: (03/23/2017 09:44:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ‏‏تم إنهاء الخدمة RalinkRegistryWriter بشكل غير متوقع. حدث ذلك 1 مرة.

Error: (03/23/2017 09:44:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏تم إنهاء الخدمة Print Spooler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 60000 مللي ثانية: أعد تشغيل الخدمة.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 1983.55 MB
Available physical RAM: 1098.17 MB
Total Virtual: 3967.11 MB
Available Virtual: 3028.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:81.14 GB) (Free:52.98 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:77.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:100.59 GB) (Free:56.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=100 MB) - (Type=05)
Partition 2: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=81.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================