Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2017 Ran by منير (29-04-2017 12:13:59) Running from C:\Users\منير\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-04-17 19:32:08) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3139794459-3927556288-4145378674-500 - Administrator - Disabled) Guest (S-1-5-21-3139794459-3927556288-4145378674-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3139794459-3927556288-4145378674-1002 - Limited - Enabled) منير (S-1-5-21-3139794459-3927556288-4145378674-1000 - Administrator - Enabled) => C:\Users\منير ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) 7-Zip 16.04 (HKLM\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov) Antirun 2.4 (HKLM\...\Antirun) (Version: 2.4 - Antirun Labs) Any Data Recovery Pro (HKLM\...\Any Data Recovery Pro) (Version: - Tenorshare, Inc.) Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.15.85 - Avira Operations GmbH & Co. KG) CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform) Cela.C.M (HKLM\...\Cela.C.M) (Version: 100.001.010.016 - Huawei Technologies Co.,Ltd) DLL Suite 9.0 (HKLM\...\{E557052E-9828-40E4-BFF6-311D3E89DB81}_is1) (Version: 9.0.0.0 - ) Google Chrome (HKLM\...\{ABB67988-B698-39BE-99E3-E41B2027AC1F}) (Version: 57.0.2987.133 - Google, Inc.) Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) Malwarebytes Anti-Malware النسخة 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.6.01055 - Microsoft Corporation) MPC-HC 1.7.11 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.11 - MPC-HC Team) Opera Stable 44.0.2510.1218 (HKLM\...\Opera 44.0.2510.1218) (Version: 44.0.2510.1218 - Opera Software) Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ZHPFix 2015 (HKLM\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1A227524-246D-4C8F-8B53-F331D7B20E71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd) Task: {1ED8F4E9-4A6F-4A11-B342-18A7C8B2C503} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION Task: {42024E14-1F3F-452B-ADEB-061381E2E339} - \{006766D1-F9C6-41B2-B5D2-F897F220001E} -> No File <==== ATTENTION Task: {B4CF486D-F9D0-454F-A73F-20A89A2489EF} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION Task: {F235064F-E51F-493F-82A2-3C32375859AD} - \Opera scheduled Autoupdate 1492456237 -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-07-05 00:32 - 2010-07-05 00:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll 2010-07-05 00:32 - 2010-07-05 00:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2010-07-04 22:51 - 2010-07-04 22:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe 2011-12-13 02:30 - 2011-12-13 02:30 - 00641024 _____ () C:\Program Files\Antirun\antirun.exe 2015-08-26 10:44 - 2015-08-26 10:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll 2015-09-16 22:33 - 2015-09-16 22:33 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1025.dll 2017-04-22 23:12 - 2007-09-30 08:29 - 00014848 _____ () C:\Program Files\Cela.C.M_HW\isaputrace.dll 2017-04-22 23:12 - 2007-11-15 06:01 - 00098304 _____ () C:\Program Files\Cela.C.M_HW\DeviceMgrPlugin.dll 2017-04-22 23:12 - 2009-08-05 14:14 - 00131072 _____ () C:\Program Files\Cela.C.M_HW\DetectDev.dll 2017-04-22 23:12 - 2009-08-05 14:14 - 00466944 _____ () C:\Program Files\Cela.C.M_HW\atcomm.dll 2017-04-22 23:12 - 2009-08-05 14:14 - 00053248 _____ () C:\Program Files\Cela.C.M_HW\XCodec.dll 2017-04-22 23:12 - 2007-11-15 06:02 - 00057344 _____ () C:\Program Files\Cela.C.M_HW\ConfigFilePlugin.dll 2017-04-22 23:12 - 2007-11-15 06:05 - 00126976 _____ () C:\Program Files\Cela.C.M_HW\LocaleMgrPlugin.dll 2017-04-22 23:12 - 2010-06-18 10:07 - 00311296 _____ () C:\Program Files\Cela.C.M_HW\libxvi010.dll 2017-04-22 23:12 - 2010-10-29 17:36 - 01109504 _____ () C:\Program Files\Cela.C.M_HW\eap_supplicant.dll 2017-04-22 23:12 - 2009-05-05 09:13 - 00023552 _____ () C:\Program Files\Cela.C.M_HW\NotifyServicePlugin.dll 2017-04-19 02:24 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\منير\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2017-04-19 02:24 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\منير\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3139794459-3927556288-4145378674-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\منير\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C512830C-4D13-4D2A-B9DF-DADA05B8D399}] => (Allow) C:\Program Files\Opera\44.0.2510.1218\opera.exe FirewallRules: [{8CB3832E-4A0F-4854-A928-2C6E377E9B50}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{CD0CC579-CAB0-417D-B832-0CC59C15D2DC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe ==================== Restore Points ========================= 25-04-2017 12:35:46 Windows Update ==================== Faulty Device Manager Devices ============= Name: ‏‏وحدة تحكم التخزين كبير السعة Description: ‏‏وحدة تحكم التخزين كبير السعة Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/29/2017 11:47:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/27/2017 08:59:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/27/2017 08:01:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/27/2017 05:39:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/27/2017 02:54:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏اسم ‏‏التطبيق الذي يحتوي على أخطاء: GoogleUpdate.exe، الإصدار: 1.3.31.5، الطابع الزمني: 0x578890c8 اسم الوحدة النمطية التي تحتوي على أخطاء: ntdll.dll، الإصدار: 6.1.7601.23714، الطابع الزمني: 0x58bf8774 رمز الاستثناء: 0xc0000374 إزاحة الخطأ: 0x000c3b9b معرّف العملية التي تحتوي على خطأ: 0x97c وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0x01d2bf4c843837af مسار التطبيق الذي يحتوي على خطأ: C:\Program Files\Google\Update\GoogleUpdate.exe مسار الوحدة النمطية التي تحتوي على خطأ: C:\Windows\SYSTEM32\ntdll.dll معرف التقرير: 40fe1c11-2b40-11e7-82c1-001d722bff12 Error: (04/27/2017 02:51:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/27/2017 12:29:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/27/2017 10:34:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/26/2017 11:06:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/26/2017 10:35:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (04/29/2017 11:51:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. Error: (04/29/2017 11:46:47 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 09:59:47 م on ‏27/‏04/‏2017 was unexpected. Error: (04/27/2017 09:03:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. Error: (04/27/2017 08:05:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. Error: (04/27/2017 07:09:08 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: ‏‏لم يتم تسجيل الخادم {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} مع DCOM خلال المهلة المطلوبة. Error: (04/27/2017 05:43:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. Error: (04/27/2017 02:55:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. Error: (04/27/2017 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. Error: (04/27/2017 10:37:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. Error: (04/26/2017 11:11:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ‏‏تم إنهاء الخدمة Avira Scheduler بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 0 مللي ثانية: أعد تشغيل الخدمة. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz Percentage of memory in use: 88% Total physical RAM: 1014.43 MB Available physical RAM: 115.61 MB Total Virtual: 2038.43 MB Available Virtual: 536.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:120.37 GB) (Free:104.06 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (برامج منوعه) (Fixed) (Total:177.62 GB) (Free:128.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8530BB91) Partition 1: (Not Active) - (Size=86 MB) - (Type=05) Partition 2: (Active) - (Size=120.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=177.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================