Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2016 02
Ran by DrSergiooW (administrator) on DRSERGIOOW-PC (25-09-2016 12:47:27)
Running from C:\Users\DrSergiooW\Desktop
Loaded Profiles: DrSergiooW (Available Profiles: DrSergiooW)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Viber Media S.Ã r.l.) C:\Users\DrSergiooW\AppData\Local\Viber\Viber.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
HKLM-x32\...\Run: [Baidu PC Faster 4.0.0.0] => "C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe" -auto -start
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Run: [Viber] => C:\Users\DrSergiooW\AppData\Local\Viber\Viber.exe [73298000 2016-09-13] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3933392 2016-02-11] (Tonec Inc.)
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {03a49a7e-71c1-11e6-8e88-50e5491abf23} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {2bb7d15a-750a-11e6-857c-50e5491abf23} - H:\RNDISInst.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {2e160d8c-4b3d-11e6-b9b2-50e5491abf23} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {65c8e530-5e3b-11e6-8317-50e5491abf23} - H:\AutoRun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {65c8e56b-5e3b-11e6-8317-50e5491abf23} - H:\AutoRun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {7cfc3ddf-227e-11e6-b3c7-50e5491abf23} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {7cfc3df0-227e-11e6-b3c7-50e5491abf23} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {8756be83-6955-11e6-8b09-50e5491abf23} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {9bc12f06-5a1b-11e6-9819-50e5491abf23} - H:\autorun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {a43a4b64-19f0-11e6-8a20-d30da075ac53} - J:\SISetup.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {a9d17d06-1e97-11e6-9a47-50e5491abf23} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {a9d17d1b-1e97-11e6-9a47-50e5491abf23} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {cb0d8ce1-62ed-11e6-8ef7-50e5491abf23} - H:\AutoRun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {dcc501dd-2ce2-11e6-a780-50e5491abf23} - G:\ETS_Setup.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 62.240.32.5 62.68.42.2
Tcpip\..\Interfaces\{2DD34199-A86F-495C-AD60-EC4FFE58C538}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{34776ADE-08EE-4C8C-B2BC-47DBB66D361F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41DD7DFE-5184-4053-959A-404B48C0002A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{41DD7DFE-5184-4053-959A-404B48C0002A}: [DhcpNameServer] 62.240.32.5 62.68.42.2
Tcpip\..\Interfaces\{C9B1B669-8851-43A4-9FC3-93F63810CD0B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD5AE8F6-D76E-411D-90A8-021A92FE4F23}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2269977139-798740666-968023483-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ly/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2269977139-798740666-968023483-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
FireFox:
========
FF ProfilePath: C:\Users\DrSergiooW\AppData\Roaming\Mozilla\Firefox\Profiles\6er5boox.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2269977139-798740666-968023483-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DrSergiooW\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-2269977139-798740666-968023483-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DrSergiooW\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27]
FF Extension: (Firefox Hotfix) - C:\Users\DrSergiooW\AppData\Roaming\Mozilla\Firefox\Profiles\6er5boox.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-07]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\DrSergiooW\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\DrSergiooW\AppData\Roaming\IDM\idmmzcc5 [2016-09-25] [not signed]
FF HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.ly/
CHR StartupUrls: Default -> "hxxp://www.google.com.ly/"
CHR Profile: C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Google Drive) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (Youtube) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-17]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (IDM Integration Module) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-14]
CHR Extension: (Gmail) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\NIS.exe [289080 2016-08-16] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160922.001\BHDrvx64.sys [1854712 2016-08-19] (Symantec Corporation)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [93512 2016-05-30] (Baidu, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-29] (Symantec Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2016-03-26] (Sony Mobile Communications)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160920.001\IDSvia64.sys [876760 2016-07-11] (Symantec Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206104 2014-12-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-09-24] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160710.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160710.019\EX64.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-25 12:47 - 2016-09-25 12:47 - 00018901 _____ C:\Users\DrSergiooW\Desktop\FRST.txt
2016-09-25 12:47 - 2016-09-25 12:47 - 00000000 ____D C:\FRST
2016-09-25 12:44 - 2016-09-25 12:46 - 02402816 _____ (Farbar) C:\Users\DrSergiooW\Desktop\FRST64.exe
2016-09-24 14:25 - 2016-09-24 14:39 - 00004692 _____ C:\Users\DrSergiooW\Desktop\ZHPCleaner.txt
2016-09-24 14:21 - 2016-09-24 14:30 - 00000797 _____ C:\Users\DrSergiooW\Desktop\ZHPCleaner.lnk
2016-09-24 14:14 - 2016-09-24 14:14 - 00014364 _____ C:\Users\DrSergiooW\Desktop\rk_A367.tmp.txt
2016-09-24 13:42 - 2016-09-24 14:15 - 00000139 _____ C:\Users\DrSergiooW\Desktop\مستند نصي جديد .txt
2016-09-24 13:30 - 2016-09-24 13:30 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-09-24 13:25 - 2016-09-24 13:25 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-22 14:52 - 2016-09-22 14:53 - 00111991 _____ C:\Users\DrSergiooW\Desktop\ZHPDiag.txt
2016-09-22 14:31 - 2016-09-22 14:31 - 02354176 _____ C:\Users\DrSergiooW\ZHPDiag3.exe
2016-09-22 13:18 - 2016-09-22 13:18 - 00276448 _____ C:\Windows\Minidump\092216-36129-01.dmp
2016-09-22 12:45 - 2016-09-22 12:45 - 00000000 ____D C:\Users\DrSergiooW\.android
2016-09-21 11:55 - 2016-09-21 11:55 - 00001126 _____ C:\Users\Public\Desktop\iTools 3.lnk
2016-09-20 20:40 - 2016-09-22 13:17 - 639783589 _____ C:\Windows\MEMORY.DMP
2016-09-20 20:40 - 2016-09-20 20:40 - 00276448 _____ C:\Windows\Minidump\092016-38594-01.dmp
2016-09-20 17:18 - 2016-09-20 18:28 - 00000000 ____D C:\Users\DrSergiooW\Doctor Web
2016-09-20 15:03 - 2016-09-24 14:36 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\zhp
2016-09-20 15:03 - 2016-09-22 14:31 - 00000630 _____ C:\Users\DrSergiooW\Desktop\ZHPDiag.lnk
2016-09-20 13:48 - 2016-09-20 13:48 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\Viber
2016-09-18 20:44 - 2016-09-18 20:44 - 00000000 ____D C:\Users\DrSergiooW\Desktop\ملحمة الرباط
2016-09-18 20:41 - 2016-09-18 20:41 - 00000000 ____D C:\Users\DrSergiooW\Desktop\فارس ورجال
2016-09-03 17:13 - 2016-09-03 17:13 - 00000000 ____D C:\Users\DrSergiooW\Desktop\adb shell
2016-09-03 17:12 - 2016-09-03 17:12 - 00000000 ____D C:\ProgramData\Western Digital
2016-08-29 17:07 - 2013-07-08 11:13 - 00000000 ____D C:\Users\DrSergiooW\Desktop\I9082XXUBMF2_I9082OXABMF2_OXA
2016-08-28 21:22 - 2016-08-28 21:22 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\Elcomsoft
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\Program Files (x86)\Elcomsoft
2016-08-27 20:48 - 2016-08-27 20:48 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\Downloaded Installations
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-25 12:31 - 2009-07-14 07:45 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-25 12:31 - 2009-07-14 07:45 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-25 12:25 - 2016-05-15 22:01 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\ViberPC
2016-09-25 12:24 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-24 15:03 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\DMCache
2016-09-24 14:03 - 2016-05-26 17:51 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2016-09-24 14:03 - 2016-05-26 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2016-09-24 12:28 - 2016-05-16 19:19 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-09-24 12:24 - 2016-05-19 13:30 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463653832
2016-09-24 12:24 - 2016-05-19 13:30 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-24 11:59 - 2016-05-15 22:03 - 00000000 ____D C:\Users\DrSergiooW\Documents\ViberDownloads
2016-09-22 14:31 - 2016-05-14 19:25 - 00000000 ____D C:\Users\DrSergiooW
2016-09-22 13:18 - 2016-05-17 19:52 - 00000000 ____D C:\Windows\Minidump
2016-09-21 17:17 - 2011-02-07 16:35 - 00736906 _____ C:\Windows\system32\perfh00C.dat
2016-09-21 17:17 - 2011-02-07 16:35 - 00478274 _____ C:\Windows\system32\perfh001.dat
2016-09-21 17:17 - 2011-02-07 16:35 - 00148834 _____ C:\Windows\system32\perfc00C.dat
2016-09-21 17:17 - 2011-02-07 16:35 - 00094100 _____ C:\Windows\system32\perfc001.dat
2016-09-21 17:17 - 2009-07-14 08:13 - 02229580 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-21 17:17 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-09-21 11:55 - 2016-05-15 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools 3
2016-09-21 11:48 - 2016-05-16 12:48 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\CrashDumps
2016-09-20 18:28 - 2016-07-28 12:52 - 00000000 ____D C:\Users\DrSergiooW\Desktop\برامج 2016
2016-09-20 14:40 - 2016-05-19 17:49 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\MPC-HC
2016-09-20 14:10 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\IDM
2016-09-19 17:35 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\Downloads\Compressed
2016-09-19 14:36 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\Downloads\Video
2016-09-15 17:25 - 2016-05-14 21:37 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-09-11 17:54 - 2016-05-14 19:25 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\VirtualStore
2016-09-08 19:50 - 2016-05-15 21:58 - 00000000 ____D C:\Users\DrSergiooW\Downloads\SHAREit
2016-09-08 12:53 - 2016-07-26 14:17 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\ElevatedDiagnostics
2016-08-26 17:56 - 2016-08-24 17:58 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2269977139-798740666-968023483-1000UA.job
2016-08-26 17:56 - 2016-08-24 17:58 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2269977139-798740666-968023483-1000Core.job
==================== Files in the root of some directories =======
2016-08-13 18:12 - 2016-08-13 18:12 - 0000181 _____ () C:\Users\DrSergiooW\AppData\Local\uts.ini
2016-06-15 23:32 - 2016-06-15 23:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-26 17:51 - 2016-05-26 17:51 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
Files to move or delete:
====================
C:\ProgramData\Duplicaterecord.js
C:\Users\DrSergiooW\ZHPDiag3.exe
Some files in TEMP:
====================
C:\Users\DrSergiooW\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-20 15:59
==================== End of FRST.txt ============================
Ran by DrSergiooW (administrator) on DRSERGIOOW-PC (25-09-2016 12:47:27)
Running from C:\Users\DrSergiooW\Desktop
Loaded Profiles: DrSergiooW (Available Profiles: DrSergiooW)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: العربية (السعودية)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Viber Media S.Ã r.l.) C:\Users\DrSergiooW\AppData\Local\Viber\Viber.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
HKLM-x32\...\Run: [Baidu PC Faster 4.0.0.0] => "C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe" -auto -start
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Run: [Viber] => C:\Users\DrSergiooW\AppData\Local\Viber\Viber.exe [73298000 2016-09-13] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3933392 2016-02-11] (Tonec Inc.)
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {03a49a7e-71c1-11e6-8e88-50e5491abf23} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {2bb7d15a-750a-11e6-857c-50e5491abf23} - H:\RNDISInst.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {2e160d8c-4b3d-11e6-b9b2-50e5491abf23} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {65c8e530-5e3b-11e6-8317-50e5491abf23} - H:\AutoRun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {65c8e56b-5e3b-11e6-8317-50e5491abf23} - H:\AutoRun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {7cfc3ddf-227e-11e6-b3c7-50e5491abf23} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {7cfc3df0-227e-11e6-b3c7-50e5491abf23} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {8756be83-6955-11e6-8b09-50e5491abf23} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {9bc12f06-5a1b-11e6-9819-50e5491abf23} - H:\autorun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {a43a4b64-19f0-11e6-8a20-d30da075ac53} - J:\SISetup.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {a9d17d06-1e97-11e6-9a47-50e5491abf23} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {a9d17d1b-1e97-11e6-9a47-50e5491abf23} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {cb0d8ce1-62ed-11e6-8ef7-50e5491abf23} - H:\AutoRun.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\MountPoints2: {dcc501dd-2ce2-11e6-a780-50e5491abf23} - G:\ETS_Setup.exe
HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 62.240.32.5 62.68.42.2
Tcpip\..\Interfaces\{2DD34199-A86F-495C-AD60-EC4FFE58C538}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{34776ADE-08EE-4C8C-B2BC-47DBB66D361F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41DD7DFE-5184-4053-959A-404B48C0002A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{41DD7DFE-5184-4053-959A-404B48C0002A}: [DhcpNameServer] 62.240.32.5 62.68.42.2
Tcpip\..\Interfaces\{C9B1B669-8851-43A4-9FC3-93F63810CD0B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD5AE8F6-D76E-411D-90A8-021A92FE4F23}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2269977139-798740666-968023483-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ly/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2269977139-798740666-968023483-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
FireFox:
========
FF ProfilePath: C:\Users\DrSergiooW\AppData\Roaming\Mozilla\Firefox\Profiles\6er5boox.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2269977139-798740666-968023483-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DrSergiooW\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-2269977139-798740666-968023483-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DrSergiooW\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27]
FF Extension: (Firefox Hotfix) - C:\Users\DrSergiooW\AppData\Roaming\Mozilla\Firefox\Profiles\6er5boox.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-07]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\DrSergiooW\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\DrSergiooW\AppData\Roaming\IDM\idmmzcc5 [2016-09-25] [not signed]
FF HKU\S-1-5-21-2269977139-798740666-968023483-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.ly/
CHR StartupUrls: Default -> "hxxp://www.google.com.ly/"
CHR Profile: C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Google Drive) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (Youtube) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-17]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (IDM Integration Module) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-14]
CHR Extension: (Gmail) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\DrSergiooW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\NIS.exe [289080 2016-08-16] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160922.001\BHDrvx64.sys [1854712 2016-08-19] (Symantec Corporation)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [93512 2016-05-30] (Baidu, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-29] (Symantec Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2016-03-26] (Sony Mobile Communications)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160920.001\IDSvia64.sys [876760 2016-07-11] (Symantec Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206104 2014-12-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-09-24] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160710.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160710.019\EX64.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-25 12:47 - 2016-09-25 12:47 - 00018901 _____ C:\Users\DrSergiooW\Desktop\FRST.txt
2016-09-25 12:47 - 2016-09-25 12:47 - 00000000 ____D C:\FRST
2016-09-25 12:44 - 2016-09-25 12:46 - 02402816 _____ (Farbar) C:\Users\DrSergiooW\Desktop\FRST64.exe
2016-09-24 14:25 - 2016-09-24 14:39 - 00004692 _____ C:\Users\DrSergiooW\Desktop\ZHPCleaner.txt
2016-09-24 14:21 - 2016-09-24 14:30 - 00000797 _____ C:\Users\DrSergiooW\Desktop\ZHPCleaner.lnk
2016-09-24 14:14 - 2016-09-24 14:14 - 00014364 _____ C:\Users\DrSergiooW\Desktop\rk_A367.tmp.txt
2016-09-24 13:42 - 2016-09-24 14:15 - 00000139 _____ C:\Users\DrSergiooW\Desktop\مستند نصي جديد .txt
2016-09-24 13:30 - 2016-09-24 13:30 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-09-24 13:25 - 2016-09-24 13:25 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-22 14:52 - 2016-09-22 14:53 - 00111991 _____ C:\Users\DrSergiooW\Desktop\ZHPDiag.txt
2016-09-22 14:31 - 2016-09-22 14:31 - 02354176 _____ C:\Users\DrSergiooW\ZHPDiag3.exe
2016-09-22 13:18 - 2016-09-22 13:18 - 00276448 _____ C:\Windows\Minidump\092216-36129-01.dmp
2016-09-22 12:45 - 2016-09-22 12:45 - 00000000 ____D C:\Users\DrSergiooW\.android
2016-09-21 11:55 - 2016-09-21 11:55 - 00001126 _____ C:\Users\Public\Desktop\iTools 3.lnk
2016-09-20 20:40 - 2016-09-22 13:17 - 639783589 _____ C:\Windows\MEMORY.DMP
2016-09-20 20:40 - 2016-09-20 20:40 - 00276448 _____ C:\Windows\Minidump\092016-38594-01.dmp
2016-09-20 17:18 - 2016-09-20 18:28 - 00000000 ____D C:\Users\DrSergiooW\Doctor Web
2016-09-20 15:03 - 2016-09-24 14:36 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\zhp
2016-09-20 15:03 - 2016-09-22 14:31 - 00000630 _____ C:\Users\DrSergiooW\Desktop\ZHPDiag.lnk
2016-09-20 13:48 - 2016-09-20 13:48 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\Viber
2016-09-18 20:44 - 2016-09-18 20:44 - 00000000 ____D C:\Users\DrSergiooW\Desktop\ملحمة الرباط
2016-09-18 20:41 - 2016-09-18 20:41 - 00000000 ____D C:\Users\DrSergiooW\Desktop\فارس ورجال
2016-09-03 17:13 - 2016-09-03 17:13 - 00000000 ____D C:\Users\DrSergiooW\Desktop\adb shell
2016-09-03 17:12 - 2016-09-03 17:12 - 00000000 ____D C:\ProgramData\Western Digital
2016-08-29 17:07 - 2013-07-08 11:13 - 00000000 ____D C:\Users\DrSergiooW\Desktop\I9082XXUBMF2_I9082OXABMF2_OXA
2016-08-28 21:22 - 2016-08-28 21:22 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\Elcomsoft
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery
2016-08-28 21:19 - 2016-08-28 21:19 - 00000000 ____D C:\Program Files (x86)\Elcomsoft
2016-08-27 20:48 - 2016-08-27 20:48 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\Downloaded Installations
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-25 12:31 - 2009-07-14 07:45 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-25 12:31 - 2009-07-14 07:45 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-25 12:25 - 2016-05-15 22:01 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\ViberPC
2016-09-25 12:24 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-24 15:03 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\DMCache
2016-09-24 14:03 - 2016-05-26 17:51 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2016-09-24 14:03 - 2016-05-26 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2016-09-24 12:28 - 2016-05-16 19:19 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-09-24 12:24 - 2016-05-19 13:30 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463653832
2016-09-24 12:24 - 2016-05-19 13:30 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-24 11:59 - 2016-05-15 22:03 - 00000000 ____D C:\Users\DrSergiooW\Documents\ViberDownloads
2016-09-22 14:31 - 2016-05-14 19:25 - 00000000 ____D C:\Users\DrSergiooW
2016-09-22 13:18 - 2016-05-17 19:52 - 00000000 ____D C:\Windows\Minidump
2016-09-21 17:17 - 2011-02-07 16:35 - 00736906 _____ C:\Windows\system32\perfh00C.dat
2016-09-21 17:17 - 2011-02-07 16:35 - 00478274 _____ C:\Windows\system32\perfh001.dat
2016-09-21 17:17 - 2011-02-07 16:35 - 00148834 _____ C:\Windows\system32\perfc00C.dat
2016-09-21 17:17 - 2011-02-07 16:35 - 00094100 _____ C:\Windows\system32\perfc001.dat
2016-09-21 17:17 - 2009-07-14 08:13 - 02229580 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-21 17:17 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-09-21 11:55 - 2016-05-15 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools 3
2016-09-21 11:48 - 2016-05-16 12:48 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\CrashDumps
2016-09-20 18:28 - 2016-07-28 12:52 - 00000000 ____D C:\Users\DrSergiooW\Desktop\برامج 2016
2016-09-20 14:40 - 2016-05-19 17:49 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\MPC-HC
2016-09-20 14:10 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\AppData\Roaming\IDM
2016-09-19 17:35 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\Downloads\Compressed
2016-09-19 14:36 - 2016-05-14 21:37 - 00000000 ____D C:\Users\DrSergiooW\Downloads\Video
2016-09-15 17:25 - 2016-05-14 21:37 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-09-11 17:54 - 2016-05-14 19:25 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\VirtualStore
2016-09-08 19:50 - 2016-05-15 21:58 - 00000000 ____D C:\Users\DrSergiooW\Downloads\SHAREit
2016-09-08 12:53 - 2016-07-26 14:17 - 00000000 ____D C:\Users\DrSergiooW\AppData\Local\ElevatedDiagnostics
2016-08-26 17:56 - 2016-08-24 17:58 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2269977139-798740666-968023483-1000UA.job
2016-08-26 17:56 - 2016-08-24 17:58 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2269977139-798740666-968023483-1000Core.job
==================== Files in the root of some directories =======
2016-08-13 18:12 - 2016-08-13 18:12 - 0000181 _____ () C:\Users\DrSergiooW\AppData\Local\uts.ini
2016-06-15 23:32 - 2016-06-15 23:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-26 17:51 - 2016-05-26 17:51 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
Files to move or delete:
====================
C:\ProgramData\Duplicaterecord.js
C:\Users\DrSergiooW\ZHPDiag3.exe
Some files in TEMP:
====================
C:\Users\DrSergiooW\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-20 15:59
==================== End of FRST.txt ============================