Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2017
Ran by rofida (administrator) on ROFIDA-PC (22-04-2017 12:42:01)
Running from C:\Users\rofida\Desktop
Loaded Profiles: rofida (Available Profiles: rofida)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Ø§ÙØ¹Ø±Ø¨ÙØ© (Ø§ÙØ³Ø¹ÙØ¯ÙØ©)â
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\UCBrowser\Application\UCService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Â© 2015 Microsoft Corporation) C:\Users\rofida\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) D:\rofida\rofidahost.exe
() C:\Users\rofida\AppData\Roaming\70493327\408926.exe
(Microsoft Corporation) D:\rofida\rofidahost.exe
(CANON INC.) C:\Windows\System32\CNAB4RPK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Program Files\UCBrowser\Application\6.1.2015.1007\UCAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files\Internet Download Manager\idmBroker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5089480 2015-07-08] (ESET)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4512432 2013-05-10] (VIA)
HKLM\...\Run: [Sysrofidatem] => D:\rofida\rofidahost.exe [126976 2004-08-19] (Microsoft Corporation)
HKLM\...\Run: [Manrofidaual] => C:\rofida\rofidahost.exe [126976 2004-08-19] (Microsoft Corporation)
HKU\S-1-5-21-4156086232-4276291699-4231531313-1000\...\Run: [BingSvc] => C:\Users\rofida\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (Â© 2015 Microsoft Corporation)
HKU\S-1-5-21-4156086232-4276291699-4231531313-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7045848 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-4156086232-4276291699-4231531313-1000\...\Run: [677321987] => C:\Users\rofida\AppData\Roaming\70493327\408926.exe [6144 2017-04-08] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\rofida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Helprofida.lnk [2017-04-22]
ShortcutTarget: Helprofida.lnk -> C:\rofida\rofidahost.exe (Microsoft Corporation)
Startup: C:\Users\rofida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manualrofida.lnk [2017-04-22]
ShortcutTarget: Manualrofida.lnk -> D:\rofida\rofidahost.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{11179F46-3AFC-472F-ACD9-D18C381772AB}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies: 0Ø·Â´Ø¸Ù¹Ø¸Ù¹Ø¸â¦Ø·Â§Ø·Ø

Internet Explorer:
==================
HKU\S-1-5-21-4156086232-4276291699-4231531313-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: e60tj9ub.default
FF ProfilePath: C:\Users\rofida\AppData\Roaming\Mozilla\Firefox\Profiles\e60tj9ub.default [2017-04-22]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\e60tj9ub.default -> Bing 
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\e60tj9ub.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\e60tj9ub.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\e60tj9ub.default -> hxxps://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\e60tj9ub.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (Bing Search) - C:\Users\rofida\AppData\Roaming\Mozilla\Firefox\Profiles\e60tj9ub.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-08-09]
FF SearchPlugin: C:\Users\rofida\AppData\Roaming\Mozilla\Firefox\Profiles\e60tj9ub.default\searchplugins\bing-.xml [2016-08-09]
FF HKU\S-1-5-21-4156086232-4276291699-4231531313-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-4156086232-4276291699-4231531313-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\rofida\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\rofida\AppData\Roaming\IDM\idmmzcc5 [2016-09-08] [not signed]
FF HKU\S-1-5-21-4156086232-4276291699-4231531313-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4156086232-4276291699-4231531313-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\rofida\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.dz/"
CHR Profile: C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (Google Slides) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-19]
CHR Extension: (Bob Marley) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\alpnhingmddeadgmgjbfefmaanaeifak [2016-09-17]
CHR Extension: (Google Docs) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-19]
CHR Extension: (Google Drive) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (Skype Calling) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-04-22]
CHR Extension: (YouTube) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19]
CHR Extension: (Raga Minions) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\cajlfianhckdhhdcfiopmnobmgbecdbe [2017-02-17]
CHR Extension: (Google Search) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Tampermonkey) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-16]
CHR Extension: (Adobe Acrobat) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (A. Powerups) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\efedcgdhahoncejkihgfnecicebndbhc [2016-04-17]
CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-02-21]
CHR Extension: (Google Sheets) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-19]
CHR Extension: (Slither.io Mod Play with friends Without LAGS) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\foocpcikeakahdlplgpgfoilanoajijf [2016-07-10]
CHR Extension: (Google Docs Offline) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (A. Infinity) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbdacdpcaooaaedmfmbkfejjllegfk [2016-04-15]
CHR Extension: (Skype) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-08]
CHR Extension: (IDM Integration Module) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\rofida\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-10-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280696 2016-06-28] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1353720 2015-07-08] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274040 2016-06-28] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [463896 2012-07-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
R2 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [629648 2017-02-21] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-03-31] (Baidu, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-13] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [185176 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46656 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [60552 2015-07-13] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2016-07-20] (LogMeIn, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-06-28] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-13] (Intel Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1846448 2013-05-10] (VIA Technologies, Inc.)
S3 cpuz138; \??\C:\Users\rofida\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X] <==== ATTENTION
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 srService; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 12:42 - 2017-04-22 12:42 - 00014892 _____ C:\Users\rofida\Desktop\FRST.txt
2017-04-22 12:41 - 2017-04-22 12:42 - 00000000 ____D C:\FRST
2017-04-22 12:40 - 2017-04-22 12:41 - 01767424 _____ (Farbar) C:\Users\rofida\Desktop\FRST.exe
2017-04-22 12:19 - 2017-04-22 12:19 - 00003424 ____N C:\bootsqm.dat
2017-04-22 12:14 - 2017-04-22 12:14 - 00009776 ____R C:\Users\rofida\Desktop\Pre_Scan_22_04_2017_12_14_45.txt
2017-04-22 12:14 - 2017-04-22 12:14 - 00009776 ____R C:\Pre_Scan_22_04_2017_12_14_45.txt
2017-04-22 12:06 - 2017-04-22 12:14 - 00000000 ____D C:\Pre_Scan
2017-04-22 12:06 - 2017-04-22 12:06 - 00001526 _____ C:\Users\rofida\Desktop\Pre_Scan_Restore.lnk
2017-04-22 12:06 - 2017-04-22 12:06 - 00001088 _____ C:\Users\rofida\Desktop\Pre_Scan_Donate.lnk
2017-04-22 12:05 - 2017-04-22 12:05 - 03511720 _____ (SosVirus) C:\Users\rofida\Desktop\Pre_Scan.exe
2017-04-21 10:24 - 2017-04-21 10:49 - 116712012 _____ C:\Users\rofida\Downloads\Ø³ÙØ³ÙØ© ÙØ¨Ø§Ø¬ Ø¹ÙÙÙ ÙÙØ²ÙØ§Ø¦ÙØ© 1 Ø«Ø§ÙÙÙ.rar
2017-04-21 08:47 - 2017-04-21 08:47 - 00000822 _____ C:\Users\rofida\Desktop\ZHPDiag.lnk
2017-04-21 08:45 - 2017-04-21 08:45 - 02718720 _____ C:\Users\rofida\Desktop\ZHPDiag3.exe
2017-04-21 08:44 - 2017-04-21 08:44 - 00000527 _____ C:\DelFix.txt
2017-04-20 06:10 - 2017-04-21 08:48 - 00000000 ____D C:\Users\rofida\AppData\Roaming\ZHP
2017-04-19 19:48 - 2017-04-19 19:48 - 00025736 _____ C:\Users\rofida\Downloads\ta3lime.com-941318966b.rar
2017-04-19 19:48 - 2017-04-19 19:48 - 00010359 _____ C:\Users\rofida\Downloads\ta3lime.com-1aaae812ef.rar
2017-04-19 19:40 - 2017-04-20 05:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-19 16:46 - 2017-04-19 16:47 - 00000000 ____D C:\Users\rofida\AppData\Local\ZHP
2017-04-19 13:34 - 2017-04-22 12:20 - 00001968 _____ C:\Users\rofida\Desktop\Internet Explorer.lnk
2017-04-17 19:24 - 2017-04-17 19:24 - 03074179 _____ C:\Users\rofida\Downloads\Ø¥Ø®ØªØ¨Ø§Ø±Ø§Øª Ø§ÙØ¹ÙÙÙ Ø§ÙØ·Ø¨ÙØ¹ÙØ© ÙÙØ£ÙÙÙ Ø«Ø§ÙÙÙ Ø§ÙÙØµÙ Ø§ÙØ«Ø§ÙØ« Ø¹ÙÙÙ.rar
2017-04-17 19:20 - 2017-04-17 19:20 - 01090070 _____ C:\Users\rofida\Downloads\utf-8''sciense.zip
2017-04-17 19:14 - 2017-04-17 19:14 - 00397217 _____ C:\Users\rofida\Downloads\1395087104511.rar
2017-04-17 19:13 - 2017-04-17 19:13 - 00270633 _____ C:\Users\rofida\Downloads\1395087578961.rar
2017-04-16 22:26 - 2017-04-16 22:26 - 00600078 _____ C:\Users\rofida\Documents\Guide 1AS.pdf
2017-04-16 22:11 - 2017-04-16 22:12 - 01034563 _____ C:\Users\rofida\Downloads\sciences-1as-teacherbook(1).rar
2017-04-16 22:00 - 2017-04-16 22:00 - 01034563 _____ C:\Users\rofida\Downloads\sciences-1as-teacherbook.rar
2017-04-09 18:26 - 2017-04-21 10:29 - 00223232 ___SH C:\Users\rofida\Desktop\Thumbs.db
2017-04-08 19:29 - 2017-04-08 19:29 - 00000000 ____D C:\Users\rofida\AppData\Roaming\70493327
2017-04-08 19:29 - 2017-04-08 19:29 - 00000000 ____D C:\Program Files\QI8IEM46B8
2017-04-08 19:29 - 2017-04-08 19:29 - 00000000 ____D C:\Program Files\O8CML9EZM1
2017-04-08 19:29 - 2017-04-08 19:29 - 00000000 ____D C:\Program Files\BestZiper
2017-04-07 09:05 - 2017-04-07 09:05 - 00521646 _____ C:\Users\rofida\Downloads\1an.pdf
2017-04-06 13:41 - 2017-04-06 13:41 - 00000000 ___RD C:\Users\rofida\Documents\Scanned Documents
2017-04-06 13:41 - 2017-04-06 13:41 - 00000000 ____D C:\Users\rofida\Documents\Fax
2017-04-06 13:35 - 2017-04-06 13:35 - 00064119 _____ C:\Users\rofida\Documents\585555855446846545646564545.xps
2017-04-06 13:34 - 2017-04-06 13:34 - 00064119 _____ C:\Users\rofida\Documents\454564.xps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 12:28 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-22 12:28 - 2009-07-14 05:34 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-22 12:20 - 2017-03-07 08:56 - 00001786 _____ C:\Users\rofida\Desktop\Mozilla Firefox.lnk
2017-04-22 12:20 - 2016-11-11 13:12 - 00001999 _____ C:\Users\rofida\Desktop\Google Chrome.lnk
2017-04-22 12:19 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 12:06 - 2016-11-26 20:36 - 00000000 ____D C:\Users\rofida\AppData\LocalLow\Mozilla
2017-04-20 12:52 - 2016-11-24 21:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-19 16:41 - 2011-02-07 13:31 - 00736906 _____ C:\Windows\system32\perfh00C.dat
2017-04-19 16:41 - 2011-02-07 13:31 - 00478274 _____ C:\Windows\system32\perfh001.dat
2017-04-19 16:41 - 2011-02-07 13:31 - 00148834 _____ C:\Windows\system32\perfc00C.dat
2017-04-19 16:41 - 2011-02-07 13:31 - 00094100 _____ C:\Windows\system32\perfc001.dat
2017-04-19 16:41 - 2010-11-20 22:01 - 02229580 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-19 16:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-04-19 14:27 - 2009-07-14 05:53 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-19 14:25 - 2016-06-28 13:37 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-04-19 14:25 - 2016-06-28 09:52 - 00000000 ____D C:\Users\rofida\AppData\Roaming\IObit
2017-04-19 14:25 - 2016-06-28 09:52 - 00000000 ____D C:\ProgramData\IObit
2017-04-12 13:49 - 2016-10-04 20:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-11 14:55 - 2016-12-01 20:39 - 00000000 ____D C:\Users\rofida\Desktop\Ø§ÙØ³ÙØ© Ø§ÙØ±Ø§Ø¨Ø¹Ø© Ø§Ø¨ØªØ¯Ø§Ø¦Ù
2017-04-11 14:54 - 2015-10-14 06:10 - 00000000 ____D C:\Users\rofida\.umplayer
2017-04-10 09:53 - 2017-03-09 20:48 - 00000000 ____D C:\Users\rofida\Desktop\Ø§ÙÙ
2017-04-09 08:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-04-07 08:59 - 2016-02-05 14:32 - 00002161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-07 08:59 - 2016-02-05 14:32 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-27 09:03 - 2017-01-21 13:44 - 00000000 ____D C:\Users\rofida\AppData\Roaming\BitTorrent

==================== Files in the root of some directories =======

2016-06-14 18:00 - 2016-06-14 18:01 - 0000000 _____ () C:\Users\rofida\AppData\Local\{366E67CD-FCD2-4409-95DF-745E1A398BFA}
2016-10-14 20:44 - 2016-10-14 20:44 - 0000000 _____ () C:\Users\rofida\AppData\Local\{4B8F22D5-52BF-4227-BEF7-969B4CF3014A}
2016-03-12 18:03 - 2016-03-12 18:03 - 0000000 _____ () C:\Users\rofida\AppData\Local\{7EB0F694-2B51-438E-B2A8-3BE81673D0A8}
2016-06-26 05:26 - 2016-06-26 05:27 - 0000000 _____ () C:\Users\rofida\AppData\Local\{AF35F2B1-4071-4434-B462-85C91DA97C1D}
2016-06-20 08:21 - 2016-06-20 08:22 - 0000000 _____ () C:\Users\rofida\AppData\Local\{F8C47BC6-98BA-41EC-A568-9B2BA0D096F5}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 11:09

==================== End of FRST.txt ============================