Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-04-2017
Ran by YAHYA (administrator) on YAHYA-PC (17-04-2017 00:56:08)
Running from C:\Users\YAHYA\Desktop
Loaded Profiles: YAHYA (Available Profiles: YAHYA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-894818285-553289155-393376485-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3941584 2016-04-28] (Tonec Inc.)
HKU\S-1-5-21-894818285-553289155-393376485-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-894818285-553289155-393376485-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-894818285-553289155-393376485-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\YAHYA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\YAHYA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\YAHYA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\YAHYA\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\YAHYA\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\YAHYA\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 43.225.188.187 pes6gate-ec.winning-eleven.net      # Pes6Stars Server127.0.0.1 l.heouts.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C89E589-764D-4FCB-AC30-9AF299D15821}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}: [NameServer] 208.67.222.123,208.67.220.123

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)

FireFox:
========
FF HKU\S-1-5-21-894818285-553289155-393376485-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\YAHYA\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\YAHYA\AppData\Roaming\IDM\idmmzcc5 [2017-04-17] [not signed]
FF HKU\S-1-5-21-894818285-553289155-393376485-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-03-10]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.jo/
CHR StartupUrls: Default -> "hxxps://www.google.jo/"
CHR Profile: C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default [2017-04-17]
CHR Extension: (Ø¹Ø±ÙØ¶ Google Ø§ÙØªÙØ¯ÙÙÙØ©) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-14]
CHR Extension: (ÙØ­Ø±ÙØ± ÙØ³ØªÙØ¯Ø§Øª Google) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-14]
CHR Extension: (Google Drive) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-14]
CHR Extension: (MEGA) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-04-16]
CHR Extension: (Youtube) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-14]
CHR Extension: (Ø¬Ø¯Ø§ÙÙ Ø¨ÙØ§ÙØ§Øª Google ) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-14]
CHR Extension: (ÙØ³ØªÙØ¯Ø§Øª Google ÙÙ ÙØ¶Ø¹ Ø¹Ø¯Ù Ø§ÙØ§ØªØµØ§Ù) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-14]
CHR Extension: (IDM Integration Module) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (TunnelBear VPN) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-03-07]
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2017-02-14]
CHR Extension: (Gmail) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-14]
CHR Extension: (Chrome Media Router) - C:\Users\YAHYA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-04-15]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-04-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2836296 2016-12-14] (ESET)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60536 2017-01-17] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-14] (REALiX(tm))
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-17 00:56 - 2017-04-17 00:56 - 00011076 _____ C:\Users\YAHYA\Desktop\FRST.txt
2017-04-17 00:55 - 2017-04-17 00:56 - 00000000 ____D C:\FRST
2017-04-17 00:55 - 2017-04-17 00:54 - 02424320 _____ (Farbar) C:\Users\YAHYA\Desktop\FRST64.exe
2017-04-16 04:27 - 2017-04-16 05:01 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-16 04:27 - 2017-04-16 04:27 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-16 04:27 - 2017-04-16 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-16 04:27 - 2017-04-16 04:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-16 04:27 - 2017-04-16 04:27 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-16 04:27 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-16 02:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-04-16 01:32 - 2017-04-16 04:47 - 00000000 ____D C:\Users\YAHYA\AppData\Local\ZHP
2017-04-14 09:08 - 2017-04-14 09:09 - 01603111 _____ C:\Users\YAHYA\Downloads\fawaz.htm
2017-04-13 01:09 - 2017-04-13 01:09 - 00002116 _____ C:\Users\Public\Desktop\MTA San Andreas 1.5.lnk
2017-04-13 01:09 - 2017-04-13 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.5
2017-04-13 01:04 - 2017-04-16 05:06 - 00000000 ____D C:\Users\YAHYA\Documents\GTA San Andreas User Files
2017-04-13 00:32 - 2017-04-13 00:45 - 00000000 ____D C:\Users\YAHYA\Documents\MEGAsync Downloads
2017-04-13 00:31 - 2017-04-13 00:31 - 00000000 ___RD C:\Users\YAHYA\Documents\MEGAsync
2017-04-13 00:31 - 2017-04-13 00:31 - 00000000 ____D C:\Users\YAHYA\AppData\Local\Mega Limited
2017-04-13 00:30 - 2017-04-13 00:30 - 00001048 _____ C:\Users\YAHYA\Desktop\MEGAsync.lnk
2017-04-13 00:30 - 2017-04-13 00:30 - 00000000 ____D C:\Users\YAHYA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-04-13 00:30 - 2017-04-13 00:30 - 00000000 ____D C:\Users\YAHYA\AppData\Local\MEGAsync
2017-04-09 23:15 - 2017-04-09 23:15 - 00000000 ____D C:\Users\YAHYA\AppData\Local\CEF
2017-04-09 23:14 - 2017-04-13 01:09 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-04-09 23:14 - 2017-04-13 01:09 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.5
2017-04-09 23:06 - 2017-04-13 01:09 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2017-04-06 22:24 - 2017-04-08 11:42 - 00000000 ____D C:\Users\YAHYA\AppData\Local\CrashDumps
2017-04-06 18:16 - 2017-04-06 18:16 - 00001392 _____ C:\Users\YAHYA\Desktop\Hein Recovery 1.7.lnk
2017-04-06 18:16 - 2017-04-06 18:16 - 00001309 _____ C:\Users\YAHYA\Desktop\Hein 4.5.lnk
2017-04-02 23:26 - 2017-04-02 23:26 - 00000000 ____D C:\Users\YAHYA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-04-02 23:26 - 2017-04-02 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-03-28 21:33 - 2017-04-01 14:10 - 00058332 _____ C:\Users\YAHYA\Desktop\nice goals wite mate m.Amin.tscproj
2017-03-28 21:03 - 2017-03-28 21:03 - 00000000 ____D C:\Users\YAHYA\AppData\Roaming\TechSmith
2017-03-28 21:02 - 2017-04-01 13:55 - 00000000 ____D C:\Users\YAHYA\Documents\Camtasia Studio
2017-03-28 21:02 - 2017-03-28 21:02 - 00000000 ____D C:\Users\YAHYA\AppData\Local\TechSmith
2017-03-28 21:01 - 2017-03-28 21:01 - 00001077 _____ C:\Users\Public\Desktop\Camtasia 9.lnk
2017-03-28 21:01 - 2017-03-28 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-03-28 20:59 - 2017-03-28 20:59 - 00000000 ____D C:\ProgramData\TechSmith
2017-03-28 20:59 - 2017-03-28 20:59 - 00000000 ____D C:\Program Files\TechSmith
2017-03-24 13:50 - 2017-03-24 13:50 - 00001392 _____ C:\Users\YAHYA\Desktop\Hein Recovery 1.6.lnk
2017-03-24 13:50 - 2017-03-24 13:50 - 00001317 _____ C:\Users\YAHYA\Desktop\Hein 4.4.2.lnk
2017-03-24 04:59 - 2017-03-24 04:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-24 04:59 - 2017-03-24 04:59 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-24 04:56 - 2013-10-02 05:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-03-24 04:56 - 2013-10-02 05:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-03-24 04:56 - 2013-10-02 05:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-03-24 04:56 - 2013-10-02 04:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-03-24 04:56 - 2013-10-02 04:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-03-24 04:56 - 2013-10-02 04:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-03-24 04:56 - 2013-10-02 04:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-03-24 04:56 - 2013-10-02 03:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-03-24 04:56 - 2013-10-02 03:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-03-24 04:56 - 2013-10-02 03:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-03-24 04:56 - 2013-10-02 03:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-03-24 04:56 - 2013-10-02 03:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-03-24 04:56 - 2013-10-02 02:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-03-24 04:56 - 2013-10-02 02:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-03-24 04:56 - 2013-10-02 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-03-24 04:56 - 2013-10-02 01:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-03-24 04:56 - 2013-10-01 23:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-03-24 04:56 - 2013-10-01 23:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-03-24 04:54 - 2012-08-23 17:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-03-24 04:54 - 2012-08-23 17:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2017-03-24 04:54 - 2012-08-23 17:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-03-24 04:54 - 2012-08-23 17:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2017-03-24 04:54 - 2012-08-23 16:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-03-24 04:54 - 2012-08-23 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-03-24 04:54 - 2012-08-23 13:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2017-03-24 04:54 - 2012-08-23 12:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-03-24 04:17 - 2017-02-23 02:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-24 04:17 - 2017-02-23 02:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-24 04:17 - 2017-02-18 17:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-24 04:17 - 2017-02-18 17:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-24 04:17 - 2016-12-31 18:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-24 04:17 - 2016-12-31 18:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-24 04:17 - 2016-12-31 18:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-24 04:17 - 2016-12-31 18:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-24 04:17 - 2016-12-31 18:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-24 04:17 - 2016-03-24 01:40 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-03-24 04:17 - 2015-08-05 20:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-03-24 04:17 - 2015-08-05 20:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-03-24 04:12 - 2015-12-16 21:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-03-24 04:12 - 2015-12-16 21:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-03-24 04:12 - 2015-12-16 21:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-03-24 04:12 - 2015-12-16 21:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-03-24 04:12 - 2015-12-16 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-03-24 04:12 - 2015-12-16 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-03-19 03:28 - 2017-03-19 03:28 - 00000000 ____D C:\Users\YAHYA\AppData\Local\ElevatedDiagnostics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-17 00:31 - 2017-02-14 03:40 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3CBA854-97AF-40BC-873E-FD9AD0012458}
2017-04-16 23:58 - 2017-02-14 05:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-04-16 11:04 - 2017-02-14 03:57 - 00060496 _____ C:\Users\YAHYA\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-16 05:09 - 2009-07-14 07:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-16 05:09 - 2009-07-14 07:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-16 05:04 - 2017-02-14 03:59 - 00000000 ____D C:\Users\YAHYA\AppData\Roaming\DMCache
2017-04-16 05:02 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-04-16 05:00 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-16 04:59 - 2017-02-22 17:45 - 00000000 ____D C:\Users\YAHYA\AppData\Roaming\ZHP
2017-04-16 02:20 - 2009-07-14 07:45 - 00273504 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-14 20:36 - 2017-02-18 04:45 - 00646152 _____ C:\Windows\system32\perfh00C.dat
2017-04-14 20:36 - 2017-02-18 04:45 - 00445688 _____ C:\Windows\system32\perfh001.dat
2017-04-14 20:36 - 2017-02-18 04:45 - 00122464 _____ C:\Windows\system32\perfc00C.dat
2017-04-14 20:36 - 2017-02-18 04:45 - 00087130 _____ C:\Windows\system32\perfc001.dat
2017-04-14 20:36 - 2009-07-14 08:13 - 02026404 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-11 21:06 - 2017-02-14 03:59 - 00003274 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 21:06 - 2017-02-14 03:59 - 00003146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-07 23:42 - 2017-02-19 22:35 - 00000000 ____D C:\Program Files (x86)\DkZ Studio
2017-04-06 18:17 - 2017-02-20 23:50 - 00000000 __SHD C:\Users\YAHYA\AppData\Roaming\Latas
2017-04-06 02:07 - 2017-02-14 04:02 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 02:07 - 2017-02-14 04:02 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-30 22:27 - 2009-07-14 08:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-28 20:58 - 2017-02-14 03:16 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-25 06:47 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\AppCompat
2017-03-24 13:47 - 2017-02-16 14:09 - 00000406 __RSH C:\ProgramData\ntuser.pol
2017-03-24 05:39 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2017-03-24 05:00 - 2017-03-07 23:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-24 05:00 - 2017-02-14 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-24 04:59 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-24 04:58 - 2017-02-14 03:09 - 01983028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-24 04:35 - 2017-03-07 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-19 17:38 - 2017-02-14 03:59 - 00000000 ____D C:\Users\YAHYA\AppData\Roaming\IDM
2017-03-19 03:28 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2017-02-28 09:07 - 2016-11-23 16:37 - 0000570 _____ () C:\Users\YAHYA\AppData\Local\TroubleshooterConfig.json
2017-02-14 23:25 - 2017-02-14 23:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 13:23

==================== End of FRST.txt ============================