Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016 Ran by khalid (administrator) on KHALID-PC (26-11-2016 11:03:40) Running from C:\Users\khalid\Downloads\Programs Loaded Profiles: khalid (Available Profiles: khalid) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe () C:\Program Files\Wi-Fi\WiFiGxSvc.exe (winreview.ru) C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (Wondershare) C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe (Microsoft Corporation) C:\Windows\System32\mshta.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Tx-Network) C:\Program Files\Wi-Fi\Wi-Fi.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DriverPack Notifier] => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2016-04-15] (IDT, Inc.) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-20] (Tonec Inc.) HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: H - H:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531b7-fd69-11e4-b9fb-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531e8-fd69-11e4-b9fb-984be1ec3650} - H:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6b1faecf-3575-11e5-8592-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6d9ad777-07b4-11e5-85a0-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {73c6041c-fc58-11e4-81d0-ecda9b3179f0} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d02-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d19-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {c9e173b9-0182-11e5-b53b-984be1ec3650} - F:\AutoRun.exe ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) AlternateShell: GroupPolicy: Restriction ? <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{62E10C9F-81CB-4E7A-98BC-27A39A49BE54}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaie SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10288__161016__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation) FireFox: ======== FF DefaultProfile: 46nzrjvr.default FF ProfilePath: C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default [2016-11-25] FF NewTab: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff FF Homepage: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff FF Extension: (Firefox Hotfix) - C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-16] FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08] FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5 [2016-06-18] [not signed] FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\khalid\AppData\Roaming\IDM\idmmzcc5 FF HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2012-02-15] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default [2016-11-26] CHR Extension: (Google Docs) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17] CHR Extension: (Google Drive) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26] CHR Extension: (YouTube) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26] CHR Extension: (Google Docs Offline) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-17] CHR Extension: (IDM Integration Module) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17] CHR Extension: (Chrome Media Router) - C:\Users\khalid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09] CHR HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-06-14] (IObit) R2 MyWiFiRouterDHCP; C:\Program Files\Wi-Fi\WiFiGxSvc.exe [47464 2014-11-18] () R2 persdwmsrv; C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [7680 2011-05-28] (winreview.ru) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2016-04-15] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe [387072 2015-12-25] (Wondershare) [File not signed] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 eapihdrv; C:\Users\khalid\AppData\Local\Temp\ehdrv.sys [135760 2016-11-23] (ESET) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [199296 2016-07-03] (MBB Technologies Co., Ltd.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-06-26] (REALiX(tm)) S3 mpszfilt; C:\Windows\System32\DRIVERS\mpszfilt.sys [10752 2015-03-05] (Generic) [File not signed] R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [945504 2016-04-15] (Ralink Technology Corp.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-11-25] () R1 txwifinat; C:\Windows\System32\DRIVERS\txwifinat.sys [31152 2014-12-01] (Nanjing Tongxiang Network Technology Co.,LTD) S3 cpuz134; \??\C:\Users\khalid\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 RTL8187; system32\DRIVERS\rtl8187.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-26 11:03 - 2016-11-26 11:03 - 00000000 ____D C:\FRST 2016-11-25 23:47 - 2016-11-25 23:49 - 00004896 _____ C:\Users\khalid\Desktop\ZHPCleaner.txt 2016-11-25 23:20 - 2016-11-25 23:49 - 00000000 ____D C:\Users\khalid\AppData\Roaming\ZHP 2016-11-25 23:20 - 2016-11-25 23:20 - 00000793 _____ C:\Users\khalid\Desktop\ZHPCleaner.lnk 2016-11-25 03:08 - 2016-11-25 23:55 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-11-25 00:11 - 2016-11-25 00:11 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-11-25 00:09 - 2016-11-25 00:09 - 00000000 ____D C:\ProgramData\RogueKiller 2016-11-24 22:35 - 2016-11-24 22:36 - 00000000 ____D C:\Users\khalid\Desktop\WhatsApp Video 2016-11-23 17:48 - 2016-11-23 17:48 - 00305336 _____ C:\Windows\Minidump\112316-25646-01.dmp 2016-11-22 20:34 - 2016-11-22 20:35 - 02870984 _____ (ESET) C:\Users\khalid\Desktop\esetsmartinstaller_fra.exe 2016-11-21 20:35 - 2016-11-21 20:35 - 00009194 _____ C:\Users\khalid\Downloads\dell_system_password_generator.txt 2016-11-19 20:03 - 2016-11-19 20:03 - 00000000 ____D C:\Users\khalid\Desktop\New folder (4) 2016-11-15 01:25 - 2016-11-15 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2016-11-15 01:25 - 2016-11-15 01:25 - 00000000 ____D C:\Program Files\WinPcap 2016-11-02 15:49 - 2016-11-02 15:49 - 00000965 _____ C:\Users\Public\Desktop\DvDrum 2.lnk 2016-11-02 15:49 - 2016-11-02 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DvDrum 2 2016-11-02 15:48 - 2016-11-02 15:49 - 00000000 ____D C:\Program Files\DvDrum 2 2016-10-31 00:02 - 2016-10-31 00:02 - 00144872 _____ C:\Windows\Minidump\103116-26176-01.dmp 2016-10-29 14:17 - 2016-11-15 01:45 - 00000000 ____D C:\Users\khalid\Desktop\Dumpper v.70.1 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-26 10:59 - 2015-05-17 00:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-26 10:53 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\tracing 2016-11-26 10:45 - 2016-05-14 13:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ade54ecd0bf7.job 2016-11-26 10:39 - 2015-12-09 17:12 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d132a4cf9a2d2e.job 2016-11-26 10:17 - 2015-09-01 17:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e4df1279bb4.job 2016-11-26 10:16 - 2016-04-15 18:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-26 10:13 - 2009-07-14 04:34 - 00034016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-26 10:13 - 2009-07-14 04:34 - 00034016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-26 10:11 - 2010-11-20 21:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-26 10:11 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf 2016-11-26 10:05 - 2015-07-31 23:38 - 00032768 _____ C:\Windows\system32\Ikeext.etl 2016-11-26 10:05 - 2015-05-17 00:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-26 10:05 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-26 03:09 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\AppData\Roaming\DMCache 2016-11-25 23:55 - 2016-06-16 00:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-11-25 19:51 - 2016-07-02 00:27 - 00000000 ____D C:\Program Files\Wi-Fi 2016-11-25 15:56 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\Downloads\Compressed 2016-11-25 13:26 - 2016-04-15 18:03 - 00000000 ____D C:\ProgramData\ProductData 2016-11-25 09:35 - 2015-05-16 23:59 - 00000000 ____D C:\Users\khalid\AppData\Roaming\DRPSu 2016-11-23 17:48 - 2015-08-08 22:07 - 182995878 _____ C:\Windows\MEMORY.DMP 2016-11-23 17:48 - 2015-08-08 22:07 - 00000000 ____D C:\Windows\Minidump 2016-11-23 17:30 - 2015-06-27 00:18 - 00000863 _____ C:\Users\khalid\Desktop\New Text Document.txt 2016-11-16 20:55 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF 2016-11-15 01:22 - 2015-05-21 01:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-11-14 22:21 - 2015-05-17 00:10 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-14 22:21 - 2015-05-17 00:10 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-11-07 22:34 - 2016-06-26 15:47 - 00000517 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-11-07 21:48 - 2016-10-26 00:49 - 00000000 ____D C:\Users\khalid\Downloads\Skiptrace (2016) [YTS.AG] 2016-11-04 23:51 - 2015-05-17 00:18 - 00000000 ____D C:\Users\khalid\Downloads\Video 2016-11-03 20:16 - 2015-05-21 01:32 - 00000000 ____D C:\Windows\system32\SupportAppXL 2016-11-01 21:06 - 2015-05-17 00:10 - 00000000 ____D C:\Users\khalid\AppData\Local\Google 2016-10-29 15:43 - 2015-05-17 00:13 - 00000000 ____D C:\Users\khalid\AppData\Roaming\vlc ==================== Files in the root of some directories ======= 2016-05-14 15:00 - 2016-07-23 13:54 - 0003584 _____ () C:\Users\khalid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-22 15:04 - 2016-08-22 13:54 - 0007595 _____ () C:\Users\khalid\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== C:\Users\khalid\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-24 14:21 ==================== End of FRST.txt ============================