Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by khalid (administrator) on KHALID-PC (26-11-2016 11:03:40)
Running from C:\Users\khalid\Downloads\Programs
Loaded Profiles: khalid (Available Profiles: khalid)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
() C:\Program Files\Wi-Fi\WiFiGxSvc.exe
(winreview.ru) C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tx-Network) C:\Program Files\Wi-Fi\Wi-Fi.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DriverPack Notifier] => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2016-04-15] (IDT, Inc.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-20] (Tonec Inc.)
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531b7-fd69-11e4-b9fb-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531e8-fd69-11e4-b9fb-984be1ec3650} - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6b1faecf-3575-11e5-8592-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6d9ad777-07b4-11e5-85a0-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {73c6041c-fc58-11e4-81d0-ecda9b3179f0} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d02-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d19-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {c9e173b9-0182-11e5-b53b-984be1ec3650} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
AlternateShell:
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{62E10C9F-81CB-4E7A-98BC-27A39A49BE54}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaie
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10288__161016__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 46nzrjvr.default
FF ProfilePath: C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default [2016-11-25]
FF NewTab: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
FF Homepage: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
FF Extension: (Firefox Hotfix) - C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-16]
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5 [2016-06-18] [not signed]
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2012-02-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Extension: (Google Docs) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Google Drive) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26]
CHR Extension: (YouTube) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26]
CHR Extension: (Google Docs Offline) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-17]
CHR Extension: (IDM Integration Module) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-06-14] (IObit)
R2 MyWiFiRouterDHCP; C:\Program Files\Wi-Fi\WiFiGxSvc.exe [47464 2014-11-18] ()
R2 persdwmsrv; C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [7680 2011-05-28] (winreview.ru) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2016-04-15] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe [387072 2015-12-25] (Wondershare) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 eapihdrv; C:\Users\khalid\AppData\Local\Temp\ehdrv.sys [135760 2016-11-23] (ESET)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [199296 2016-07-03] (MBB Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-06-26] (REALiX(tm))
S3 mpszfilt; C:\Windows\System32\DRIVERS\mpszfilt.sys [10752 2015-03-05] (Generic) [File not signed]
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [945504 2016-04-15] (Ralink Technology Corp.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-11-25] ()
R1 txwifinat; C:\Windows\System32\DRIVERS\txwifinat.sys [31152 2014-12-01] (Nanjing Tongxiang Network Technology Co.,LTD)
S3 cpuz134; \??\C:\Users\khalid\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RTL8187; system32\DRIVERS\rtl8187.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 11:03 - 2016-11-26 11:03 - 00000000 ____D C:\FRST
2016-11-25 23:47 - 2016-11-25 23:49 - 00004896 _____ C:\Users\khalid\Desktop\ZHPCleaner.txt
2016-11-25 23:20 - 2016-11-25 23:49 - 00000000 ____D C:\Users\khalid\AppData\Roaming\ZHP
2016-11-25 23:20 - 2016-11-25 23:20 - 00000793 _____ C:\Users\khalid\Desktop\ZHPCleaner.lnk
2016-11-25 03:08 - 2016-11-25 23:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-25 00:11 - 2016-11-25 00:11 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-25 00:09 - 2016-11-25 00:09 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-24 22:35 - 2016-11-24 22:36 - 00000000 ____D C:\Users\khalid\Desktop\WhatsApp Video
2016-11-23 17:48 - 2016-11-23 17:48 - 00305336 _____ C:\Windows\Minidump\112316-25646-01.dmp
2016-11-22 20:34 - 2016-11-22 20:35 - 02870984 _____ (ESET) C:\Users\khalid\Desktop\esetsmartinstaller_fra.exe
2016-11-21 20:35 - 2016-11-21 20:35 - 00009194 _____ C:\Users\khalid\Downloads\dell_system_password_generator.txt
2016-11-19 20:03 - 2016-11-19 20:03 - 00000000 ____D C:\Users\khalid\Desktop\New folder (4)
2016-11-15 01:25 - 2016-11-15 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-11-15 01:25 - 2016-11-15 01:25 - 00000000 ____D C:\Program Files\WinPcap
2016-11-02 15:49 - 2016-11-02 15:49 - 00000965 _____ C:\Users\Public\Desktop\DvDrum 2.lnk
2016-11-02 15:49 - 2016-11-02 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DvDrum 2
2016-11-02 15:48 - 2016-11-02 15:49 - 00000000 ____D C:\Program Files\DvDrum 2
2016-10-31 00:02 - 2016-10-31 00:02 - 00144872 _____ C:\Windows\Minidump\103116-26176-01.dmp
2016-10-29 14:17 - 2016-11-15 01:45 - 00000000 ____D C:\Users\khalid\Desktop\Dumpper v.70.1
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 10:59 - 2015-05-17 00:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 10:53 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\tracing
2016-11-26 10:45 - 2016-05-14 13:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ade54ecd0bf7.job
2016-11-26 10:39 - 2015-12-09 17:12 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d132a4cf9a2d2e.job
2016-11-26 10:17 - 2015-09-01 17:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e4df1279bb4.job
2016-11-26 10:16 - 2016-04-15 18:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 10:13 - 2009-07-14 04:34 - 00034016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:13 - 2009-07-14 04:34 - 00034016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:11 - 2010-11-20 21:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 10:11 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2016-11-26 10:05 - 2015-07-31 23:38 - 00032768 _____ C:\Windows\system32\Ikeext.etl
2016-11-26 10:05 - 2015-05-17 00:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 10:05 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 03:09 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\AppData\Roaming\DMCache
2016-11-25 23:55 - 2016-06-16 00:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-25 19:51 - 2016-07-02 00:27 - 00000000 ____D C:\Program Files\Wi-Fi
2016-11-25 15:56 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\Downloads\Compressed
2016-11-25 13:26 - 2016-04-15 18:03 - 00000000 ____D C:\ProgramData\ProductData
2016-11-25 09:35 - 2015-05-16 23:59 - 00000000 ____D C:\Users\khalid\AppData\Roaming\DRPSu
2016-11-23 17:48 - 2015-08-08 22:07 - 182995878 _____ C:\Windows\MEMORY.DMP
2016-11-23 17:48 - 2015-08-08 22:07 - 00000000 ____D C:\Windows\Minidump
2016-11-23 17:30 - 2015-06-27 00:18 - 00000863 _____ C:\Users\khalid\Desktop\New Text Document.txt
2016-11-16 20:55 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-15 01:22 - 2015-05-21 01:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-14 22:21 - 2015-05-17 00:10 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 22:21 - 2015-05-17 00:10 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-07 22:34 - 2016-06-26 15:47 - 00000517 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-07 21:48 - 2016-10-26 00:49 - 00000000 ____D C:\Users\khalid\Downloads\Skiptrace (2016) [YTS.AG]
2016-11-04 23:51 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\Downloads\Video
2016-11-03 20:16 - 2015-05-21 01:32 - 00000000 ____D C:\Windows\system32\SupportAppXL
2016-11-01 21:06 - 2015-05-17 00:10 - 00000000 ____D C:\Users\khalid\AppData\Local\Google
2016-10-29 15:43 - 2015-05-17 00:13 - 00000000 ____D C:\Users\khalid\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2016-05-14 15:00 - 2016-07-23 13:54 - 0003584 _____ () C:\Users\khalid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 15:04 - 2016-08-22 13:54 - 0007595 _____ () C:\Users\khalid\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\khalid\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-24 14:21
==================== End of FRST.txt ============================
Ran by khalid (administrator) on KHALID-PC (26-11-2016 11:03:40)
Running from C:\Users\khalid\Downloads\Programs
Loaded Profiles: khalid (Available Profiles: khalid)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
() C:\Program Files\Wi-Fi\WiFiGxSvc.exe
(winreview.ru) C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tx-Network) C:\Program Files\Wi-Fi\Wi-Fi.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DriverPack Notifier] => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2016-04-15] (IDT, Inc.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-20] (Tonec Inc.)
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531b7-fd69-11e4-b9fb-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531e8-fd69-11e4-b9fb-984be1ec3650} - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6b1faecf-3575-11e5-8592-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6d9ad777-07b4-11e5-85a0-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {73c6041c-fc58-11e4-81d0-ecda9b3179f0} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d02-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d19-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {c9e173b9-0182-11e5-b53b-984be1ec3650} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
AlternateShell:
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{62E10C9F-81CB-4E7A-98BC-27A39A49BE54}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaie
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10288__161016__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 46nzrjvr.default
FF ProfilePath: C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default [2016-11-25]
FF NewTab: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
FF Homepage: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
FF Extension: (Firefox Hotfix) - C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-16]
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5 [2016-06-18] [not signed]
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2012-02-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Extension: (Google Docs) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Google Drive) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26]
CHR Extension: (YouTube) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26]
CHR Extension: (Google Docs Offline) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-17]
CHR Extension: (IDM Integration Module) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-06-14] (IObit)
R2 MyWiFiRouterDHCP; C:\Program Files\Wi-Fi\WiFiGxSvc.exe [47464 2014-11-18] ()
R2 persdwmsrv; C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [7680 2011-05-28] (winreview.ru) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2016-04-15] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe [387072 2015-12-25] (Wondershare) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 eapihdrv; C:\Users\khalid\AppData\Local\Temp\ehdrv.sys [135760 2016-11-23] (ESET)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [199296 2016-07-03] (MBB Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-06-26] (REALiX(tm))
S3 mpszfilt; C:\Windows\System32\DRIVERS\mpszfilt.sys [10752 2015-03-05] (Generic) [File not signed]
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [945504 2016-04-15] (Ralink Technology Corp.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-11-25] ()
R1 txwifinat; C:\Windows\System32\DRIVERS\txwifinat.sys [31152 2014-12-01] (Nanjing Tongxiang Network Technology Co.,LTD)
S3 cpuz134; \??\C:\Users\khalid\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RTL8187; system32\DRIVERS\rtl8187.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 11:03 - 2016-11-26 11:03 - 00000000 ____D C:\FRST
2016-11-25 23:47 - 2016-11-25 23:49 - 00004896 _____ C:\Users\khalid\Desktop\ZHPCleaner.txt
2016-11-25 23:20 - 2016-11-25 23:49 - 00000000 ____D C:\Users\khalid\AppData\Roaming\ZHP
2016-11-25 23:20 - 2016-11-25 23:20 - 00000793 _____ C:\Users\khalid\Desktop\ZHPCleaner.lnk
2016-11-25 03:08 - 2016-11-25 23:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-25 00:11 - 2016-11-25 00:11 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-25 00:09 - 2016-11-25 00:09 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-24 22:35 - 2016-11-24 22:36 - 00000000 ____D C:\Users\khalid\Desktop\WhatsApp Video
2016-11-23 17:48 - 2016-11-23 17:48 - 00305336 _____ C:\Windows\Minidump\112316-25646-01.dmp
2016-11-22 20:34 - 2016-11-22 20:35 - 02870984 _____ (ESET) C:\Users\khalid\Desktop\esetsmartinstaller_fra.exe
2016-11-21 20:35 - 2016-11-21 20:35 - 00009194 _____ C:\Users\khalid\Downloads\dell_system_password_generator.txt
2016-11-19 20:03 - 2016-11-19 20:03 - 00000000 ____D C:\Users\khalid\Desktop\New folder (4)
2016-11-15 01:25 - 2016-11-15 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-11-15 01:25 - 2016-11-15 01:25 - 00000000 ____D C:\Program Files\WinPcap
2016-11-02 15:49 - 2016-11-02 15:49 - 00000965 _____ C:\Users\Public\Desktop\DvDrum 2.lnk
2016-11-02 15:49 - 2016-11-02 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DvDrum 2
2016-11-02 15:48 - 2016-11-02 15:49 - 00000000 ____D C:\Program Files\DvDrum 2
2016-10-31 00:02 - 2016-10-31 00:02 - 00144872 _____ C:\Windows\Minidump\103116-26176-01.dmp
2016-10-29 14:17 - 2016-11-15 01:45 - 00000000 ____D C:\Users\khalid\Desktop\Dumpper v.70.1
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 10:59 - 2015-05-17 00:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 10:53 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\tracing
2016-11-26 10:45 - 2016-05-14 13:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ade54ecd0bf7.job
2016-11-26 10:39 - 2015-12-09 17:12 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d132a4cf9a2d2e.job
2016-11-26 10:17 - 2015-09-01 17:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e4df1279bb4.job
2016-11-26 10:16 - 2016-04-15 18:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 10:13 - 2009-07-14 04:34 - 00034016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:13 - 2009-07-14 04:34 - 00034016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:11 - 2010-11-20 21:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 10:11 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2016-11-26 10:05 - 2015-07-31 23:38 - 00032768 _____ C:\Windows\system32\Ikeext.etl
2016-11-26 10:05 - 2015-05-17 00:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 10:05 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 03:09 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\AppData\Roaming\DMCache
2016-11-25 23:55 - 2016-06-16 00:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-25 19:51 - 2016-07-02 00:27 - 00000000 ____D C:\Program Files\Wi-Fi
2016-11-25 15:56 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\Downloads\Compressed
2016-11-25 13:26 - 2016-04-15 18:03 - 00000000 ____D C:\ProgramData\ProductData
2016-11-25 09:35 - 2015-05-16 23:59 - 00000000 ____D C:\Users\khalid\AppData\Roaming\DRPSu
2016-11-23 17:48 - 2015-08-08 22:07 - 182995878 _____ C:\Windows\MEMORY.DMP
2016-11-23 17:48 - 2015-08-08 22:07 - 00000000 ____D C:\Windows\Minidump
2016-11-23 17:30 - 2015-06-27 00:18 - 00000863 _____ C:\Users\khalid\Desktop\New Text Document.txt
2016-11-16 20:55 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-15 01:22 - 2015-05-21 01:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-14 22:21 - 2015-05-17 00:10 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 22:21 - 2015-05-17 00:10 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-07 22:34 - 2016-06-26 15:47 - 00000517 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-07 21:48 - 2016-10-26 00:49 - 00000000 ____D C:\Users\khalid\Downloads\Skiptrace (2016) [YTS.AG]
2016-11-04 23:51 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\Downloads\Video
2016-11-03 20:16 - 2015-05-21 01:32 - 00000000 ____D C:\Windows\system32\SupportAppXL
2016-11-01 21:06 - 2015-05-17 00:10 - 00000000 ____D C:\Users\khalid\AppData\Local\Google
2016-10-29 15:43 - 2015-05-17 00:13 - 00000000 ____D C:\Users\khalid\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2016-05-14 15:00 - 2016-07-23 13:54 - 0003584 _____ () C:\Users\khalid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 15:04 - 2016-08-22 13:54 - 0007595 _____ () C:\Users\khalid\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\khalid\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-24 14:21
==================== End of FRST.txt ============================