Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017 Ran by ibrahim (administrator) on IBRAHIM-PC (23-03-2017 09:57:54) Running from C:\Users\ibrahim\Desktop Loaded Profiles: ibrahim (Available Profiles: ibrahim) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: العربية (السعودية)‏ Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe (Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe () C:\Program Files\PdaNet for Android\PdaNetPC.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2017-03-18] (Silicon Integrated Systems Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-21] (AVAST Software) HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4005944 2017-02-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-21] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2017-03-23] ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-03-18] ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{AE9A9A96-30D8-4108-98D7-DE5E5E8AD1D7}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{BD3BC5BD-A77F-4144-94B0-6297F9635CCC}: [DhcpNameServer] 8.8.8.8 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) FireFox: ======== FF HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ibrahim\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\ibrahim\AppData\Roaming\IDM\idmmzcc5 [2017-03-23] [not signed] FF HKU\S-1-5-21-2785253729-1883162254-1830346523-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2017-03-21] () FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-17] (Google Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default [2017-03-23] CHR Extension: (عروض Google التقديمية) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-17] CHR Extension: (محرّر مستندات Google) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17] CHR Extension: (Google Drive) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17] CHR Extension: (Youtube) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17] CHR Extension: (جداول بيانات Google ) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-17] CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-17] CHR Extension: (آدبلوك بلس) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-19] CHR Extension: (Ashish Mishra) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2017-03-19] CHR Extension: (IDM Integration Module) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-03-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17] CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-03-23] CHR Extension: (Gmail) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17] CHR Extension: (Chrome Media Router) - C:\Users\ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-02-13] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-21] (AVAST Software) R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [391472 2013-06-26] (Ralink Technology, Corp.) S2 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-03-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-03-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-03-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-03-21] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [756200 2017-03-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465024 2017-03-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118288 2017-03-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [278776 2017-03-21] (AVAST Software) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-17] (REALiX(tm)) S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [144416 2017-01-30] (Zemana Ltd.) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1635632 2013-09-06] (Ralink Technology Corp.) R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2017-03-18] (Silicon Integrated Systems Corporation) S3 catchme; \??\C:\Users\ibrahim\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-23 09:57 - 2017-03-23 09:58 - 00010277 _____ C:\Users\ibrahim\Desktop\FRST.txt 2017-03-23 09:57 - 2017-03-23 09:57 - 00000000 ____D C:\FRST 2017-03-23 09:53 - 2017-03-23 09:02 - 01766912 _____ (Farbar) C:\Users\ibrahim\Desktop\FRST.exe 2017-03-23 09:51 - 2017-03-23 09:51 - 00002248 _____ C:\Users\ibrahim\Desktop\AdwCleaner[C0]2 تنظيف.txt 2017-03-23 09:43 - 2017-03-23 09:42 - 00002377 _____ C:\Users\ibrahim\Desktop\AdwCleaner[S0].txt 2017-03-23 09:40 - 2017-03-23 09:45 - 00000000 ____D C:\AdwCleaner 2017-03-23 09:40 - 2017-03-23 09:03 - 04031440 _____ C:\Users\ibrahim\Desktop\adwcleaner_6.044.exe 2017-03-23 09:35 - 2017-03-23 09:35 - 00003538 _____ C:\Users\ibrahim\Desktop\JRT.txt 2017-03-23 09:31 - 2017-03-23 08:50 - 01663904 _____ (Malwarebytes) C:\Users\ibrahim\Desktop\JRT.exe 2017-03-23 09:28 - 2017-03-23 09:28 - 00262705 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ♦◄ شرح أداة JunkWare Removal Tool ►♦ جمعتنا المحبة ♥.html 2017-03-23 09:28 - 2017-03-23 09:28 - 00253462 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ___تجديد شرح أداة AdwCleaner لإزالة البرامج الإشهارية والتولبارات___.html 2017-03-23 09:28 - 2017-03-23 09:28 - 00230094 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز FRST.html 2017-03-23 09:28 - 2017-03-23 09:28 - 00000000 ____D C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ___تجديد شرح أداة AdwCleaner لإزالة البرامج الإشهارية والتولبارات____files 2017-03-23 09:28 - 2017-03-23 09:28 - 00000000 ____D C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ ♦◄ شرح أداة JunkWare Removal Tool ►♦ جمعتنا المحبة ♥_files 2017-03-23 09:28 - 2017-03-23 09:28 - 00000000 ____D C:\Users\ibrahim\Desktop\منتديات ستار تايمز FRST_files 2017-03-22 20:12 - 2017-03-22 20:12 - 00091196 _____ C:\Users\ibrahim\Desktop\ZHPDiag.txt 2017-03-22 19:03 - 2017-03-22 19:03 - 00000000 ___SD C:\ComboFix 2017-03-22 19:03 - 2017-03-22 19:02 - 07275640 _____ C:\Users\ibrahim\Desktop\Video_2017-03-22_190259.wmv 2017-03-22 19:00 - 2017-03-22 19:00 - 03346662 _____ C:\Users\ibrahim\Documents\capture1.bmp 2017-03-22 16:11 - 2017-03-22 16:11 - 00015955 _____ C:\ComboFix.txt 2017-03-22 16:00 - 2017-03-22 19:03 - 00000000 ____D C:\Qoobox 2017-03-22 16:00 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2017-03-22 16:00 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2017-03-22 16:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-03-22 16:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-03-22 16:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-03-22 16:00 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2017-03-22 16:00 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2017-03-22 16:00 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2017-03-22 15:59 - 2017-03-22 16:09 - 00000000 ____D C:\Windows\erdnt 2017-03-22 15:46 - 2017-03-22 15:41 - 05659269 ____R (Swearware) C:\Users\ibrahim\Desktop\ComboFix.exe 2017-03-22 12:45 - 2017-03-22 12:45 - 00001087 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2017-03-22 12:45 - 2017-03-22 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2017-03-22 12:45 - 2017-03-22 12:45 - 00000000 ____D C:\Program Files\CPUID 2017-03-22 11:03 - 2017-03-22 11:03 - 00000020 _____ C:\Users\ibrahim\Desktop\كونفج 15-04-2017.rar 2017-03-22 10:46 - 2017-03-22 20:10 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\ZHP 2017-03-22 10:46 - 2017-03-22 10:46 - 00000784 _____ C:\Users\ibrahim\Desktop\ZHPDiag.lnk 2017-03-22 09:27 - 2017-03-22 10:27 - 02203282 _____ C:\Users\ibrahim\Downloads\لم يتم تأكيده 860017.crdownload 2017-03-21 18:23 - 2017-03-22 11:20 - 00068285 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-03-21 18:23 - 2017-03-22 09:01 - 00143004 _____ C:\Windows\ZAM.krnl.trace 2017-03-21 18:22 - 2017-03-22 12:43 - 00000000 ____D C:\Program Files\Zemana AntiLogger 2017-03-21 18:22 - 2017-03-22 09:01 - 00000000 ____D C:\Program Files\KeyCryptSDK 2017-03-21 18:22 - 2017-01-30 12:09 - 00144416 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt32.sys 2017-03-21 18:21 - 2017-03-21 18:23 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Zemana 2017-03-21 18:14 - 2017-03-21 18:14 - 00506750 _____ C:\Users\ibrahim\Desktop\Video_2017-03-21_181410.wmv 2017-03-21 18:12 - 2017-03-21 18:12 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\FastStone 2017-03-21 18:12 - 2017-03-21 18:12 - 00000000 ____D C:\Users\ibrahim\AppData\Local\FastStone 2017-03-21 18:11 - 2017-03-21 18:11 - 00001037 _____ C:\Users\Public\Desktop\FastStone Capture.lnk 2017-03-21 18:11 - 2017-03-21 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture 2017-03-21 18:11 - 2017-03-21 18:11 - 00000000 ____D C:\Program Files\FastStone Capture 2017-03-21 17:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2017-03-21 17:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2017-03-21 17:59 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2017-03-21 17:58 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2017-03-21 17:57 - 2017-03-21 17:57 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2017-03-21 17:57 - 2017-03-21 17:57 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2017-03-21 17:55 - 2017-03-21 17:56 - 00000000 ____D C:\Program Files\Windows Live 2017-03-21 17:55 - 2017-03-21 17:55 - 00001188 _____ C:\Users\Public\Desktop\Windows Movie Maker.lnk 2017-03-21 17:55 - 2017-03-21 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2017-03-21 17:55 - 2017-03-21 17:55 - 00000000 ____D C:\Program Files\Windows Movie Maker 2017-03-21 14:01 - 2017-03-21 14:01 - 00000000 ____D C:\Program Files\MyPlayCity.com 2017-03-21 13:06 - 2017-03-21 13:06 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\AVAST Software 2017-03-21 13:06 - 2017-03-21 13:06 - 00000000 ____D C:\Users\ibrahim\AppData\Local\CEF 2017-03-21 13:05 - 2017-03-21 13:05 - 00002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-03-21 13:05 - 2017-03-21 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-03-21 13:05 - 2017-03-21 13:05 - 00000000 ____D C:\Program Files\Common Files\AV 2017-03-21 13:04 - 2017-03-21 18:09 - 00465024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-03-21 13:04 - 2017-03-21 13:05 - 00278776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-03-21 13:04 - 2017-03-21 13:03 - 00756200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-03-21 13:04 - 2017-03-21 13:03 - 00118288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-03-21 13:04 - 2017-03-21 13:03 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-03-21 13:04 - 2017-03-21 13:03 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-03-21 13:04 - 2017-03-21 13:03 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-03-21 13:04 - 2017-03-21 13:03 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-03-21 13:03 - 2017-03-21 13:03 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll 2017-03-21 13:03 - 2017-03-21 13:03 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-03-21 12:26 - 2017-03-21 12:26 - 00000000 ____D C:\Program Files\AVAST Software 2017-03-21 12:18 - 2017-03-21 12:18 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-20 19:28 - 2017-03-20 19:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2017-03-20 15:14 - 2017-03-20 15:14 - 00007597 _____ C:\Users\ibrahim\AppData\Local\Resmon.ResmonCfg 2017-03-20 11:39 - 2017-03-20 11:39 - 00004536 _____ C:\Users\ibrahim\AppData\Roaming\CamStudio.cfg 2017-03-20 11:38 - 2017-03-20 11:39 - 00000000 ____D C:\Users\ibrahim\Documents\My CamStudio Temp Files 2017-03-20 11:38 - 2017-03-20 11:38 - 00000096 _____ C:\Users\ibrahim\AppData\Roaming\version2.xml 2017-03-20 11:38 - 2017-03-20 11:38 - 00000000 ____D C:\Users\ibrahim\Documents\My CamStudio Videos 2017-03-20 10:20 - 2017-03-20 10:20 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\AVS4YOU 2017-03-20 10:20 - 2017-03-20 10:20 - 00000000 ____D C:\ProgramData\AVS4YOU 2017-03-20 10:19 - 2017-03-20 10:19 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2017-03-20 10:18 - 2017-03-20 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2017-03-20 10:18 - 2017-03-20 10:19 - 00000000 ____D C:\Program Files\Common Files\AVSMedia 2017-03-20 10:18 - 2017-03-20 10:18 - 00001163 _____ C:\Users\ibrahim\Desktop\AVS Video Editor.lnk 2017-03-20 10:16 - 2017-03-20 10:19 - 00000000 ____D C:\Program Files\AVS4YOU 2017-03-20 10:16 - 2011-06-23 12:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2017-03-20 10:16 - 2011-06-23 12:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll 2017-03-19 22:47 - 2017-03-19 22:47 - 00001080 _____ C:\Users\ibrahim\Desktop\DimScreen - رمز اختصار.lnk 2017-03-19 17:31 - 2017-03-19 17:31 - 00000821 _____ C:\Users\ibrahim\Desktop\استماع - رمز اختصار.lnk 2017-03-19 17:28 - 2017-03-19 17:28 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\TuneUp Software 2017-03-19 17:27 - 2017-03-19 17:27 - 00000000 ____D C:\ProgramData\TuneUp Software 2017-03-19 17:26 - 2017-03-19 17:26 - 00000000 __SHD C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357} 2017-03-19 16:08 - 2017-03-19 16:08 - 00000193 _____ C:\Windows\WORDPAD.INI 2017-03-19 16:05 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-03-19 16:05 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-03-19 16:05 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-03-19 16:05 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2017-03-19 16:05 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2017-03-19 16:05 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2017-03-19 16:05 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2017-03-19 16:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2017-03-19 16:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2017-03-19 11:44 - 2016-10-26 17:29 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-03-19 10:58 - 2017-03-19 10:58 - 00000000 ____D C:\Users\ibrahim\Documents\The KMPlayer 2017-03-19 10:58 - 2017-03-19 10:58 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Macromedia 2017-03-19 10:56 - 2017-03-19 10:58 - 00000000 ____D C:\Program Files\The KMPlayer 2017-03-19 10:56 - 2017-03-19 10:56 - 00000997 _____ C:\Users\ibrahim\Desktop\KMPlayer.lnk 2017-03-19 10:56 - 2017-03-19 10:56 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer 2017-03-19 07:32 - 2017-03-19 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-03-19 07:31 - 2017-03-19 07:33 - 00000030 _____ C:\Windows\QQPlayer.INI 2017-03-18 19:42 - 2017-03-18 19:42 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Foxit Software 2017-03-18 19:41 - 2017-03-21 18:06 - 00000000 ____D C:\Program Files\Bonjour 2017-03-18 19:41 - 2017-03-18 19:41 - 00000000 ____D C:\ProgramData\Apple 2017-03-18 19:40 - 2017-03-19 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5kplayer 2017-03-18 19:40 - 2017-03-18 19:49 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\5kplayer 2017-03-18 19:40 - 2017-03-18 19:40 - 00001024 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2017-03-18 19:40 - 2017-03-18 19:40 - 00000000 ____D C:\Program Files\Foxit Software 2017-03-18 19:40 - 2017-03-18 19:40 - 00000000 ____D C:\Program Files\DearMob 2017-03-18 19:38 - 2017-03-19 07:32 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-03-18 19:38 - 2017-03-19 07:32 - 00000000 ____D C:\Program Files\CCleaner 2017-03-18 18:03 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2017-03-18 12:54 - 2017-03-18 12:55 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Kodi 2017-03-18 12:53 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-03-18 12:53 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-03-18 12:52 - 2017-03-18 12:52 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-18 12:50 - 2017-03-18 12:56 - 00000000 ____D C:\Program Files\Kodi 2017-03-18 12:09 - 2017-03-18 12:09 - 00000656 _____ C:\Users\ibrahim\Desktop\التحميلات - رمز اختصار.lnk 2017-03-18 10:54 - 2017-03-18 10:54 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Adobe 2017-03-18 10:38 - 2017-03-18 12:54 - 00000000 ____D C:\Program Files\MKV Player 2017-03-18 09:20 - 2017-03-18 09:20 - 00001253 _____ C:\Users\ibrahim\Desktop\Media Player Classic.lnk 2017-03-18 09:05 - 2017-03-18 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiS VGA Utilities 2017-03-18 09:05 - 2017-03-18 09:05 - 00000000 ____D C:\Program Files\SiS VGA Utilities 2017-03-18 09:05 - 2017-03-18 09:04 - 00006656 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSApi.dll 2017-03-18 09:04 - 2017-03-18 09:04 - 04080128 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSGlv.dll 2017-03-18 09:04 - 2017-03-18 09:04 - 03653632 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SISGRUMD.dll 2017-03-18 09:04 - 2017-03-18 09:04 - 00655360 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSClone.dll 2017-03-18 09:04 - 2017-03-18 09:04 - 00466432 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\Drivers\SISGRKMD.sys 2017-03-18 09:04 - 2017-03-18 09:04 - 00212992 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSFunc.dll 2017-03-18 09:04 - 2017-03-18 09:04 - 00006656 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSCo.dll 2017-03-18 09:04 - 2017-03-18 09:04 - 00005632 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\SiSKrl.dll 2017-03-18 08:49 - 2017-03-18 08:49 - 00031245 _____ C:\Users\ibrahim\Desktop\منتديات ستار تايمز_ IObit Driver Booster Pro 3.0.3.257 Final Multilingual + Serial.html 2017-03-18 08:46 - 2017-03-18 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack 2017-03-18 08:46 - 2017-03-18 08:46 - 00000000 ____D C:\Program Files\Combined Community Codec Pack 2017-03-18 08:01 - 2017-03-18 19:35 - 00000000 ____D C:\KMPlayer 2017-03-18 07:55 - 2017-03-18 07:55 - 00058400 _____ (Silicon Integrated Systems Corporation) C:\Windows\system32\Drivers\sisagpx.sys 2017-03-18 07:35 - 2017-03-18 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android 2017-03-18 07:34 - 2017-03-23 09:32 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\DMCache 2017-03-18 07:34 - 2017-03-22 09:36 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\IDM 2017-03-18 07:34 - 2017-03-18 10:55 - 00000000 ____D C:\Users\ibrahim\Downloads\Video 2017-03-18 07:34 - 2017-03-18 10:55 - 00000000 ____D C:\Users\ibrahim\Downloads\Compressed 2017-03-18 07:34 - 2017-03-18 07:34 - 00000983 _____ C:\Users\ibrahim\Desktop\Internet Download Manager.lnk 2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\ProgramData\IDM 2017-03-18 07:34 - 2017-03-18 07:34 - 00000000 ____D C:\Program Files\Internet Download Manager 2017-03-18 07:32 - 2017-03-21 17:57 - 00000000 ____D C:\ProgramData\TEMP 2017-03-18 07:32 - 2017-03-18 07:32 - 00001048 _____ C:\Users\ibrahim\Desktop\Your Unin-staller!.lnk 2017-03-18 07:32 - 2017-03-18 07:32 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\URSoft 2017-03-18 07:32 - 2017-03-18 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010 2017-03-18 07:32 - 2017-03-18 07:32 - 00000000 ____D C:\Program Files\Your Uninstaller 2010 2017-03-17 21:04 - 2017-03-18 19:39 - 00000000 ____D C:\Windows\Panther 2017-03-17 20:56 - 2017-03-17 20:56 - 00000000 ____D C:\Windows.old 2017-03-17 20:35 - 2017-03-18 07:35 - 00000000 ____D C:\Program Files\PdaNet for Android 2017-03-17 19:49 - 2017-03-22 09:09 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Media Player Classic 2017-03-17 18:38 - 2017-03-17 18:38 - 00000000 ____D C:\Users\ibrahim\AppData\Local\ElevatedDiagnostics 2017-03-17 14:31 - 2017-03-17 14:31 - 00000000 ____D C:\Users\ibrahim\AppData\LocalLow\Temp 2017-03-17 14:06 - 2017-03-17 14:06 - 00000000 ____D C:\ProgramData\Ralink 2017-03-17 14:06 - 2017-03-17 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless 2017-03-17 14:06 - 2011-09-08 05:51 - 00237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll 2017-03-17 14:06 - 2011-09-08 05:50 - 01100288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll 2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\Windows\system32\RaLanguages 2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\ProgramData\Ralink Driver 2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\Program Files\Ralink 2017-03-17 14:05 - 2017-03-17 14:05 - 00000000 ____D C:\Program Files\Cisco 2017-03-17 14:05 - 2013-09-06 20:43 - 01635632 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys 2017-03-17 14:05 - 2013-08-27 09:18 - 00239920 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll 2017-03-17 14:05 - 2013-08-27 09:18 - 00080316 _____ C:\Windows\system32\Drivers\FW_7610.bin 2017-03-17 14:05 - 2013-08-27 09:18 - 00046692 _____ C:\Windows\system32\Drivers\FW_7601.bin 2017-03-17 14:05 - 2013-08-27 09:18 - 00008192 _____ C:\Windows\system32\Drivers\FW_2870.bin 2017-03-17 14:05 - 2013-08-27 09:18 - 00004096 _____ C:\Windows\system32\Drivers\FW_3573.bin 2017-03-17 14:05 - 2012-08-01 16:47 - 00795648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll 2017-03-17 14:05 - 2012-01-10 11:29 - 00117760 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll 2017-03-17 14:05 - 2011-05-04 13:56 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll 2017-03-17 14:05 - 2010-06-29 10:34 - 00480608 _____ C:\Windows\system32\DiagFunc.dll 2017-03-17 14:05 - 2010-01-27 11:54 - 00000451 _____ C:\Windows\system32\DiagFunc.ini 2017-03-17 14:01 - 2013-08-27 09:18 - 00013973 _____ C:\Windows\system32\RaCoInst.dat 2017-03-17 13:52 - 2017-03-18 09:04 - 00000000 ____D C:\Users\ibrahim\Desktop\Backups 2017-03-17 13:44 - 2017-03-17 13:44 - 00000000 ____D C:\Windows\IObit 2017-03-17 13:43 - 2017-03-18 16:18 - 00002224 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk 2017-03-17 13:43 - 2017-03-17 13:44 - 00000000 ____D C:\Users\ibrahim\AppData\LocalLow\IObit 2017-03-17 13:43 - 2017-03-17 13:43 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS 2017-03-17 13:43 - 2017-03-17 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4 2017-03-17 13:43 - 2017-03-17 13:43 - 00000000 ____D C:\ProgramData\IObit 2017-03-17 13:43 - 2017-03-17 13:43 - 00000000 ____D C:\Program Files\IObit 2017-03-17 13:33 - 2017-03-17 13:33 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\IObit 2017-03-17 13:32 - 2017-03-17 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-03-17 13:32 - 2017-03-17 13:32 - 00000000 ____D C:\Program Files\K-Lite Codec Pack 2017-03-17 13:32 - 2012-06-09 18:21 - 00178688 _____ C:\Windows\system32\unrar.dll 2017-03-17 13:31 - 2017-03-21 19:16 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Thinstall 2017-03-17 13:31 - 2017-03-17 13:31 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Thinstall 2017-03-17 13:22 - 2017-03-21 13:22 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-03-17 13:22 - 2017-03-21 13:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-03-17 13:22 - 2017-03-21 13:21 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-17 13:17 - 2017-03-17 13:17 - 00013943 _____ C:\Users\ibrahim\Desktop\07-03 - رمز اختصار.lnk 2017-03-17 13:11 - 2017-03-17 13:11 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-17 13:11 - 2017-03-17 13:11 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\WinRAR 2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-03-17 13:02 - 2017-03-17 13:02 - 00000000 ____D C:\Program Files\WinRAR 2017-03-17 12:59 - 2017-03-17 16:54 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Google 2017-03-17 12:59 - 2017-03-17 13:11 - 00000000 ____D C:\Program Files\Google 2017-03-17 12:57 - 2017-03-17 12:57 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\MPC-HC 2017-03-17 12:56 - 2017-03-17 12:56 - 00000474 _____ C:\Users\ibrahim\Desktop\القرص المحلي ‭(E)‬ - رمز اختصار.lnk 2017-03-17 12:56 - 2017-03-17 12:56 - 00000474 _____ C:\Users\ibrahim\Desktop\القرص المحلي ‭(D)‬ - رمز اختصار.lnk 2017-03-17 12:53 - 2017-03-20 23:38 - 00000000 ____D C:\Windows\Minidump 2017-03-17 12:48 - 2017-03-17 12:48 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-03-17 12:23 - 2011-11-25 00:26 - 00013440 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys 2017-03-17 12:18 - 2017-03-20 10:19 - 00057968 _____ C:\Users\ibrahim\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-17 12:18 - 2017-03-17 12:19 - 00000000 ____D C:\Users\ibrahim\AppData\Local\Microsoft Games 2017-03-17 12:16 - 2017-03-22 08:38 - 00000000 ____D C:\Users\ibrahim 2017-03-17 12:16 - 2017-03-17 12:16 - 00001393 _____ C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-03-17 12:16 - 2017-03-17 12:16 - 00000020 ___SH C:\Users\ibrahim\ntuser.ini 2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\قائمة ابدأ 2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\My Documents 2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\Documents\My Videos 2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\Documents\My Pictures 2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\Documents\My Music 2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 _SHDL C:\Users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\البرامج 2017-03-17 12:16 - 2017-03-17 12:16 - 00000000 ____D C:\Users\ibrahim\AppData\Local\VirtualStore 2017-03-17 12:16 - 2010-11-21 01:46 - 00000000 ____D C:\Users\ibrahim\AppData\Roaming\Media Center Programs 2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\Users\Default\قائمة ابدأ 2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\البرامج 2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\ProgramData\قائمة ابدأ 2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\ProgramData\سطح المكتب 2017-03-17 12:15 - 2017-03-17 12:15 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\البرامج 2017-03-17 12:09 - 2017-03-17 12:09 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2017-03-17 12:09 - 2017-03-17 12:09 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2017-03-17 12:08 - 2017-03-17 12:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2017-03-02 07:46 - 2017-03-05 09:55 - 00032256 ____H C:\~WRL0092.tmp 2017-03-02 07:46 - 2017-03-04 15:42 - 00031744 ____H C:\~WRL0003.tmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-23 09:55 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-23 09:55 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-23 09:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-22 17:49 - 2011-02-07 13:31 - 00684756 _____ C:\Windows\system32\perfh00C.dat 2017-03-22 17:49 - 2011-02-07 13:31 - 00434890 _____ C:\Windows\system32\perfh001.dat 2017-03-22 17:49 - 2011-02-07 13:31 - 00126872 _____ C:\Windows\system32\perfc00C.dat 2017-03-22 17:49 - 2011-02-07 13:31 - 00076040 _____ C:\Windows\system32\perfc001.dat 2017-03-22 17:49 - 2010-11-20 22:01 - 02024198 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-22 17:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2017-03-22 16:09 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini 2017-03-21 17:55 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-03-20 19:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2017-03-20 15:09 - 2009-07-14 05:33 - 00267496 _____ C:\Windows\system32\FNTCACHE.DAT 2017-03-20 10:13 - 2016-03-24 18:04 - 00000000 ____D C:\Program Files\Microsoft Office 2017-03-17 21:04 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2017-03-17 21:03 - 2009-07-14 05:34 - 00000000 ____D C:\Windows\Setup 2017-03-17 18:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2017-03-17 12:09 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-03-17 12:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\sysprep 2017-03-17 12:06 - 2010-11-21 01:46 - 00000000 ____D C:\Windows\CSC ==================== Files in the root of some directories ======= 2017-03-20 11:39 - 2017-03-20 11:39 - 0004536 _____ () C:\Users\ibrahim\AppData\Roaming\CamStudio.cfg 2017-03-20 11:38 - 2017-03-20 11:38 - 0000096 _____ () C:\Users\ibrahim\AppData\Roaming\version2.xml 2017-03-20 15:14 - 2017-03-20 15:14 - 0007597 _____ () C:\Users\ibrahim\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-18 12:37 ==================== End of FRST.txt ============================