ï»¿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by fadi (administrator) on FADI-PC (20-02-2017 15:28:31)
Running from C:\Users\fadi\Downloads\Programs
Loaded Profiles: fadi (Available Profiles: fadi)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Internet Security\ekrn.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(ESET) C:\Program Files\ESET\ESET Internet Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files\Internet Download Manager\idmBroker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(IObit) C:\Program Files\IObit\Driver Booster\4.2.0\Scheduler.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-2843317728-1395094010-2175450331-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4001848 2016-12-15] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{EB4C17DB-9260-407B-881F-C6FEA3A7137B}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKU\S-1-5-21-2843317728-1395094010-2175450331-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKU\S-1-5-21-2843317728-1395094010-2175450331-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: zx8f1i1z.default
FF ProfilePath: C:\Users\fadi\AppData\Roaming\Mozilla\Firefox\Profiles\zx8f1i1z.default [2017-02-20]
FF Homepage: Mozilla\Firefox\Profiles\zx8f1i1z.default -> hxxps://www.google.com/
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\fadi\AppData\Roaming\Mozilla\Firefox\Profiles\zx8f1i1z.default\features\{a91e3c9b-fc2b-4c49-92cc-54689c05dc5c}\disableSHA1rollout@mozilla.org.xpi [2017-02-16]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-06]
FF HKU\S-1-5-21-2843317728-1395094010-2175450331-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2843317728-1395094010-2175450331-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\fadi\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\fadi\AppData\Roaming\IDM\idmmzcc5 [2017-02-20] [not signed]
FF HKU\S-1-5-21-2843317728-1395094010-2175450331-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-12-10]
CHR HKLM\...\Chrome\Extension: [ophpgcjplgoimjgcllegcbljpdcbgkaa] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Internet Security\ekrn.exe [2241992 2016-12-14] (ESET)
R2 FoxitPhantomService; C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2016-12-05] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [91104 2016-12-05] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [140984 2016-12-05] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43920 2016-12-05] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [69304 2016-12-05] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52680 2016-12-05] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [81264 2016-12-05] (ESET)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-02-19] (REALiX(tm))
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-02-19] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 15:25 - 2017-02-20 15:28 - 00000000 ____D C:\FRST
2017-02-20 15:24 - 2017-02-20 15:24 - 00001564 _____ C:\Users\fadi\Desktop\FRST - Shortcut.lnk
2017-02-20 06:43 - 2017-02-20 06:43 - 00001269 _____ C:\Users\fadi\Desktop\ZHPFixReport.txt
2017-02-20 06:42 - 2017-02-20 06:42 - 00001799 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2017-02-20 06:42 - 2017-02-20 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-02-20 06:41 - 2017-02-20 06:42 - 00000000 ____D C:\Program Files\ZHPFix
2017-02-19 19:15 - 2017-02-19 19:15 - 00002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-02-19 19:15 - 2017-02-19 19:15 - 00002098 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-02-19 19:15 - 2017-02-19 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-02-19 19:15 - 2017-02-19 19:15 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-02-19 18:53 - 2017-02-19 18:53 - 00003583 _____ C:\Users\fadi\Desktop\ZHPCleaner2.txt
2017-02-19 18:33 - 2017-02-19 19:15 - 00000000 ____D C:\ProgramData\ProductData
2017-02-19 18:30 - 2017-02-19 18:30 - 00048361 _____ C:\Users\fadi\Desktop\zoek-results.txt
2017-02-19 18:30 - 2017-02-19 18:30 - 00000000 ____D C:\ProgramData\IDM
2017-02-19 18:28 - 2017-02-19 18:00 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-02-19 18:13 - 2017-02-19 18:13 - 00000828 _____ C:\Users\fadi\Desktop\ZHPCleaner.lnk
2017-02-19 18:11 - 2017-02-19 18:12 - 02738688 _____ C:\Users\fadi\Desktop\ZHPCleaner.exe
2017-02-19 17:59 - 2017-02-19 18:20 - 00000000 ____D C:\zoek_backup
2017-02-19 17:58 - 2017-02-19 17:58 - 01309184 _____ C:\Users\fadi\Desktop\zoek.exe
2017-02-19 17:35 - 2017-02-19 23:54 - 00076346 _____ C:\Users\fadi\Desktop\ZHPDiag.txt
2017-02-19 17:27 - 2017-02-19 17:27 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-19 17:27 - 2017-02-19 17:27 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Dashlane
2017-02-19 17:27 - 2017-02-19 17:27 - 00000000 ____D C:\Users\fadi\AppData\Local\Packages
2017-02-19 17:26 - 2017-02-19 17:26 - 00000000 ____D C:\Windows\IObit
2017-02-19 17:25 - 2017-02-19 19:15 - 00000000 ____D C:\Users\fadi\AppData\LocalLow\IObit
2017-02-19 17:25 - 2017-02-19 19:15 - 00000000 ____D C:\ProgramData\IObit
2017-02-19 17:25 - 2017-02-19 17:37 - 00002224 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-02-19 17:25 - 2017-02-19 17:25 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
2017-02-19 17:25 - 2017-02-19 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-19 17:24 - 2017-02-19 23:50 - 00000000 ____D C:\Users\fadi\AppData\Roaming\IObit
2017-02-19 17:24 - 2017-02-19 19:15 - 00000000 ____D C:\Program Files\IObit
2017-02-19 17:23 - 2017-02-20 06:43 - 00000000 ____D C:\Users\fadi\AppData\Roaming\ZHP
2017-02-19 17:23 - 2017-02-19 17:24 - 00000818 _____ C:\Users\fadi\Desktop\ZHPDiag.lnk
2017-02-19 17:03 - 2017-02-19 17:03 - 00934806 _____ C:\Users\fadi\Desktop\rk_3132.tmp.txt
2017-02-19 16:03 - 2017-02-19 16:03 - 00934806 _____ C:\Users\fadi\Desktop\rk_74C3.tmp.txt
2017-02-19 14:54 - 2017-02-19 14:54 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-19 14:44 - 2017-02-19 14:44 - 01663040 _____ (Malwarebytes) C:\Users\fadi\Desktop\JRT.exe
2017-02-19 14:40 - 2017-02-19 14:40 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\fadi\Desktop\rkill.EXE
2017-02-17 23:51 - 2017-02-17 23:55 - 00000000 ____D C:\AdwCleaner
2017-02-17 23:51 - 2017-02-17 23:50 - 04015056 _____ C:\Users\fadi\Desktop\adwcleaner_6.043.exe
2017-02-17 23:49 - 2017-02-17 23:50 - 04015056 _____ C:\Users\fadi\Downloads\adwcleaner_6.043.exe
2017-02-17 18:55 - 2017-02-17 18:55 - 00000000 _____ C:\Users\fadi\Downloads\New Text Document.txt
2017-02-17 18:52 - 2017-02-19 23:49 - 00000000 ____D C:\Program Files\Reason
2017-02-17 05:26 - 2017-02-17 05:43 - 00000000 ____D C:\ProgramData\TEMP
2017-02-16 20:58 - 2017-02-16 20:58 - 00137981 _____ C:\Users\fadi\Documents\Ø¨Ø­ÙÙ Ø­ÙÙ ÙØ¹Ø§ÙÙØ± Ø§ÙØªØ¯ÙÙÙ - Ø¨Ø­Ø« Googleâ.pdf
2017-02-16 20:10 - 2017-02-16 20:10 - 00346496 _____ C:\Users\fadi\Downloads\solutions_of_exercises_vernimmen_2014.xlsx
2017-02-16 10:17 - 2017-02-16 10:17 - 14461136 _____ C:\Users\fadi\Downloads\ÙØªØ§Ø¨-ÙØ¹Ø§ÙÙØ±-Ø§ÙÙØ­Ø§Ø³Ø¨Ø©-Ø§ÙØ¯ÙÙÙØ©-Ù-Ø§ÙØ¥Ø¨ÙØ§Øº-Ø§ÙÙØ§ÙÙ.pdf
2017-02-16 08:51 - 2017-02-16 08:52 - 05591103 _____ C:\Users\fadi\Downloads\Nifty - 6 Clever Ways To Use A Hair Dryer ð Try 'em out ...(1080p).mp4
2017-02-15 23:32 - 2017-02-15 23:34 - 00672768 _____ C:\Users\fadi\Downloads\___1_.xls;filename-= UTF-8__Ø­Ø³Ø§Ø¨_Ø§ÙÙØ¹Ø¯Ù (1).xls
2017-02-15 23:32 - 2017-02-15 23:32 - 00020480 _____ C:\Users\fadi\Downloads\ÙØ¹Ø¯Ù Ø§ÙØ³Ø¯Ø§Ø³Ù Ø§ÙØ«Ø§ÙÙcvbc.xls
2017-02-08 22:59 - 2017-02-20 15:23 - 00000000 ____D C:\Users\fadi\AppData\LocalLow\Mozilla
2017-02-08 22:59 - 2017-02-19 16:00 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-08 22:59 - 2017-02-19 16:00 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-08 22:59 - 2017-02-08 23:05 - 00000000 ____D C:\Users\fadi\AppData\Local\Mozilla
2017-02-08 22:59 - 2017-02-08 22:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-08 22:59 - 2017-02-08 22:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-05 18:36 - 2017-02-05 18:36 - 00001630 _____ C:\Users\fadi\Desktop\Tactical Ops.lnk
2017-02-05 18:36 - 2017-02-05 18:36 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tactical Ops
2017-02-05 18:36 - 2017-02-05 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tactical Ops
2017-02-05 18:35 - 2017-02-18 06:07 - 00000000 ____D C:\Tactical Ops
2017-02-05 17:57 - 2017-02-05 17:57 - 00000000 ____D C:\Users\fadi\AppData\Local\ESET
2017-02-05 17:46 - 2017-02-05 17:46 - 00002048 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-02-05 17:46 - 2017-02-05 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-02-05 17:46 - 2017-02-05 17:46 - 00000000 ____D C:\ProgramData\ESET
2017-02-05 17:46 - 2017-02-05 17:46 - 00000000 ____D C:\Program Files\ESET
2017-02-05 17:33 - 2017-02-05 17:33 - 00001632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser.lnk
2017-02-05 17:33 - 2017-02-05 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser
2017-02-05 12:16 - 2017-02-05 12:16 - 00001059 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2017-02-05 12:16 - 2017-02-05 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-02-05 12:00 - 2017-02-05 12:00 - 00000000 ____D C:\Users\fadi\AppData\Local\Foxit Reader
2017-02-05 11:48 - 2017-02-05 12:16 - 00000000 ____D C:\Users\Public\Foxit Software
2017-02-05 11:48 - 2017-02-05 12:16 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-05 11:47 - 2017-02-08 22:20 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Foxit Software
2017-02-05 11:47 - 2017-02-05 12:16 - 00000000 ____D C:\Program Files\Foxit Software
2017-02-05 11:47 - 2017-02-05 11:47 - 00002095 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-02-05 11:47 - 2017-02-05 11:47 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Foxit AgentInformation
2017-02-05 11:47 - 2017-02-05 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-05 11:47 - 2017-02-05 11:47 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-02-05 10:54 - 2017-02-05 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-05 10:53 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2017-02-05 10:51 - 2017-02-05 10:51 - 00000000 ____D C:\Windows\PCHEALTH
2017-02-05 10:51 - 2017-02-05 10:51 - 00000000 ____D C:\Program Files\Microsoft Works
2017-02-05 10:51 - 2017-02-05 10:51 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2017-02-05 10:51 - 2017-02-05 10:51 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-05 10:49 - 2017-02-05 10:51 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-05 10:49 - 2017-02-05 10:49 - 00000000 ____D C:\Users\fadi\AppData\Local\Microsoft Help
2017-02-05 10:49 - 2017-02-05 10:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2017-02-05 10:48 - 2017-02-05 10:48 - 00000000 __RHD C:\MSOCache
2017-02-05 10:47 - 2017-02-05 10:47 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-05 10:30 - 2017-02-05 10:30 - 00000000 ____D C:\Users\fadi\AppData\Roaming\IsolatedStorage
2017-02-05 10:30 - 2017-02-05 10:30 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-02-05 10:28 - 2017-02-05 10:43 - 00000000 ____D C:\Users\fadi\AppData\Local\IIIQF
2017-02-05 10:27 - 2017-02-05 10:27 - 00000000 ____D C:\Spacekace
2017-02-05 10:21 - 2017-02-05 10:21 - 00000000 ____D C:\Program Files\MSECache
2017-02-05 10:03 - 2017-02-05 10:57 - 00109232 _____ C:\Users\fadi\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-05 09:19 - 2017-02-05 09:19 - 03134592 _____ (ESET) C:\Users\fadi\Downloads\eset_internet_security_live_installer.exe
2017-02-05 09:15 - 2017-02-05 09:15 - 00000000 ____D C:\Users\fadi\AppData\Roaming\UCChannel
2017-02-05 09:12 - 2017-02-08 22:59 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Mozilla
2017-02-05 09:12 - 2017-02-05 09:12 - 01938532 _____ C:\Users\fadi\AppData\Roaming\Lamdex.bin
2017-02-05 09:11 - 2017-02-05 09:11 - 01907651 _____ C:\Users\fadi\AppData\Roaming\Zoosontone.tst
2017-02-05 09:10 - 2017-02-05 09:10 - 00126464 _____ C:\Users\fadi\AppData\Roaming\lobby.dat
2017-02-05 09:10 - 2017-02-05 09:10 - 00072787 _____ C:\Users\fadi\AppData\Roaming\Overex.tst
2017-02-05 09:08 - 2017-02-05 11:10 - 00206312 __RSH C:\grldr
2017-02-05 09:08 - 2017-02-05 09:08 - 00000020 ___SH C:\Users\fadi\ntuser.ini
2017-02-05 09:08 - 2017-02-05 09:08 - 00000000 _SHDL C:\Users\fadi\My Documents
2017-02-05 09:08 - 2017-02-05 09:08 - 00000000 _SHDL C:\Users\fadi\Documents\My Videos
2017-02-05 09:08 - 2017-02-05 09:08 - 00000000 _SHDL C:\Users\fadi\Documents\My Pictures
2017-02-05 09:08 - 2017-02-05 09:08 - 00000000 _SHDL C:\Users\fadi\Documents\My Music
2017-02-05 09:08 - 2017-02-05 09:08 - 00000000 ____D C:\Users\fadi
2017-02-05 09:08 - 2010-11-20 16:46 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Media Center Programs
2017-02-05 09:01 - 2017-02-05 18:05 - 00000000 ____D C:\Program Files\WinRAR
2017-02-05 09:01 - 2017-02-05 09:01 - 00000000 ____D C:\Users\fadi\AppData\Roaming\WinRAR
2017-02-05 09:01 - 2017-02-05 09:01 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-05 09:01 - 2017-02-05 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-05 08:58 - 2017-02-05 08:58 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-02-05 08:58 - 2017-02-05 08:58 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-02-05 08:58 - 2016-10-26 16:29 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-05 08:57 - 2017-02-05 08:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-02-05 08:53 - 2017-02-05 09:08 - 00000000 ____D C:\Windows\Panther
2017-02-05 08:53 - 2017-02-05 08:53 - 00008192 __RSH C:\BOOTSECT.BAK
2017-02-05 08:53 - 2010-11-20 13:29 - 00383786 __RSH C:\bootmgr
2017-02-05 08:42 - 2017-02-11 06:00 - 00000000 ____D C:\Users\fadi\AppData\Local\Microsoft Games
2017-02-05 08:32 - 2017-02-05 08:32 - 00002231 _____ C:\Users\fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chedot.lnk
2017-02-05 08:32 - 2017-02-05 08:32 - 00000000 ____D C:\Users\fadi\AppData\Local\Chedot
2017-02-05 08:30 - 2017-02-20 15:22 - 00000000 ____D C:\Users\fadi\AppData\Roaming\DMCache
2017-02-05 08:30 - 2017-02-19 14:48 - 00000000 ____D C:\Users\fadi\AppData\Roaming\IDM
2017-02-05 08:30 - 2017-02-16 19:48 - 00000000 ____D C:\Users\fadi\Downloads\Compressed
2017-02-05 08:30 - 2017-02-16 10:59 - 00000000 ____D C:\Users\fadi\Downloads\Video
2017-02-05 08:30 - 2017-02-05 10:16 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-02-05 08:30 - 2017-02-05 08:30 - 00000983 _____ C:\Users\fadi\Desktop\Internet Download Manager.lnk
2017-02-05 08:30 - 2017-02-05 08:30 - 00000000 ____D C:\Users\fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-05 08:30 - 2017-02-05 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 15:28 - 2009-07-13 20:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-20 15:28 - 2009-07-13 20:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-20 15:20 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-19 18:09 - 2011-02-07 04:31 - 00693124 _____ C:\Windows\system32\perfh00C.dat
2017-02-19 18:09 - 2011-02-07 04:31 - 00435188 _____ C:\Windows\system32\perfh001.dat
2017-02-19 18:09 - 2011-02-07 04:31 - 00127204 _____ C:\Windows\system32\perfc00C.dat
2017-02-19 18:09 - 2011-02-07 04:31 - 00076298 _____ C:\Windows\system32\perfc001.dat
2017-02-19 18:09 - 2010-11-20 13:01 - 02024198 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-19 18:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2017-02-09 02:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-05 17:24 - 2009-07-13 20:33 - 00413168 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-05 10:51 - 2010-11-20 16:46 - 00000000 ____D C:\Windows\ShellNew
2017-02-05 10:51 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\MSBuild
2017-02-05 10:51 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-05 10:49 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-05 10:49 - 2009-07-13 18:04 - 00000478 _____ C:\Windows\win.ini
2017-02-05 09:08 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-05 09:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2017-02-05 09:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\oobe
2017-02-05 08:58 - 2009-07-13 20:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-05 08:58 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\sysprep
2017-02-05 08:54 - 2010-11-20 16:46 - 00000000 ____D C:\Windows\CSC
2017-02-05 08:53 - 2009-07-13 20:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-02-05 08:53 - 2009-07-13 20:34 - 00000000 ____D C:\Windows\Setup

==================== Files in the root of some directories =======

2017-02-05 09:12 - 2017-02-05 09:12 - 1938532 _____ () C:\Users\fadi\AppData\Roaming\Lamdex.bin
2017-02-05 09:10 - 2017-02-05 09:10 - 0126464 _____ () C:\Users\fadi\AppData\Roaming\lobby.dat
2017-02-05 09:10 - 2017-02-05 09:10 - 0072787 _____ () C:\Users\fadi\AppData\Roaming\Overex.tst
2017-02-05 09:11 - 2017-02-05 09:11 - 1907651 _____ () C:\Users\fadi\AppData\Roaming\Zoosontone.tst

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 06:45

==================== End of FRST.txt ============================