Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16.05.2018 01
Ran by POSTE01 (administrator) on POSTE01-PC (01-06-2018 23:16:54)
Running from C:\Users\POSTE01\Desktop
Loaded Profiles: POSTE01 (Available Profiles: POSTE01 & DefaultAppPool)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: العربية (السعودية)‏
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashPlayerFeedbackService.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Mobiconnect\AssistantServices.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.236\WsAppService.exe
(Wondershare) C:\Program Files\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
() C:\Program Files\Mobiconnect\CancelAutoPlay_byt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\Mobiconnect\UIExec.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Bo Zheng) C:\Program Files\USB Disk Security\backupmaster.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
() C:\Program Files\Mobiconnect\UIMain.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 12\Snagit32.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 12\SnagPriv.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 12\SnagitEditor.exe
() C:\Program Files\Mobiconnect\CMUpdater.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(SysTools Software Pvt. Ltd.) C:\Program Files\SysTools vCard Viewer\VcardViwer.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(fCoder SIA, 2017) C:\Windows\System32\spool\drivers\w32x86\3\udceng.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [16553472 2018-04-15] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [695528 2015-01-31] (Zbshareware Lab)
HKLM\...\Run: [CancelAutoPlay_byt] => C:\Program Files\Mobiconnect\CancelAutoPlay_byt.exe [431432 2012-12-03] ()
HKLM\...\Run: [UIExec] => C:\Program Files\Mobiconnect\UIExec.exe [157000 2012-12-03] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [170128 2018-04-19] (ESET)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AutoTransfer PC] => C:\Program Files\USB Disk Security\backupmaster.exe [397200 2018-04-08] (Bo Zheng)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4113520 2018-03-30] (Tonec Inc.)
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13619968 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [13619968 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\MountPoints2: {6d933df2-eca2-11e7-b2c5-8e264e7e00b1} - H:\AutoRun.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\MountPoints2: {761bf6cc-2627-11e8-9d7a-ecb83eb9258f} - I:\AutoRun.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\MountPoints2: {ce04102e-252e-11e8-8e63-f5512908d680} - J:\autorun.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\MountPoints2: {ce041038-252e-11e8-8e63-f5512908d680} - J:\autorun.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\MountPoints2: {e2bc6ab8-fbb0-11e7-87d8-e199d7cfbe74} - H:\AutoRun.exe
HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2017-12-31]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{F1B77915-4FED-440A-9068-DF4DABAD2139}: [NameServer] 8.26.56.26 64.6.64.6

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-1435942032-1186533181-3962646738-1000] ATTENTION => Default URLSearchHook is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rj552s67.default
FF ProfilePath: C:\Users\POSTE01\AppData\Roaming\Mozilla\Firefox\Profiles\rj552s67.default [2018-06-01]
FF Homepage: Mozilla\Firefox\Profiles\rj552s67.default -> www.google.fr
FF HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files\Internet Download Manager\idmmzcc3.xpi [2018-02-28]
FF HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\POSTE01\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\POSTE01\AppData\Roaming\IDM\idmmzcc5 [2017-12-29] [Legacy] [not signed]
FF HKU\S-1-5-21-1435942032-1186533181-3962646738-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_117.dll [2018-03-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1233203.dll [2018-05-15] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default [2018-06-01]
CHR Extension: (العروض التقديمية) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (المستندات) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-16]
CHR Extension: (Google Drive) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-05]
CHR Extension: (Youtube) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-16]
CHR Extension: (جداول البيانات) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-18]
CHR Extension: (IDM Integration Module) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-18]
CHR Extension: (Gmail) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\POSTE01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-10]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2018-03-30]

Opera:
=======
OPR Extension: (IDM Integration Module) - C:\Users\POSTE01\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-04-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeFlashPlayerFeedbackSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerFeedbackService.exe [207360 2018-03-08] (Adobe Systems Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-03] (Malwarebytes)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2017-02-22] (Microsoft)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 UI Assistant Service; C:\Program Files\Mobiconnect\AssistantServices.exe [275784 2012-12-03] ()
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare)
R2 WsDrvInst; C:\Program Files\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [118048 2017-06-22] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CLMirrorDriver; C:\Windows\System32\DRIVERS\CLMirrorDriver.sys [21264 2015-05-20] (CyberLink)
S3 clwvd7; C:\Windows\System32\DRIVERS\clwvd7.sys [36824 2015-03-24] (CyberLink Corporation)
S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [103552 2008-08-29] (Mobile Connector) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [120728 2018-02-14] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [92664 2018-01-08] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150784 2018-01-08] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43816 2018-01-08] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [73416 2018-01-08] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [54232 2018-01-08] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [93688 2018-01-08] (ESET)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [56832 2018-04-15] (GenesysLogic)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2018-04-15] (REALiX(tm))
R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2018-05-05] (Logix4u) [File not signed]
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-07-18] (Qualcomm Atheros Co., Ltd.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-06-01] (Malwarebytes)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1619760 2013-06-28] (Ralink Technology Corp.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [389632 2013-01-25] (QUALCOMM Incorporated)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-29] (Samsung Electronics) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [119952 2016-07-16] (MBB)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S2 WCMVCAM; system32\DRIVERS\wcmvcam.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F582FC7976F1248AC5FBD6875C626B41
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys 969C70E502C7EE07B186C34F07835549
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 28AF7D4427868B7CE4C00CAB1864C7F6
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 000B58009E5D0962C0A71D6477029A3F
C:\Windows\System32\DRIVERS\CLMirrorDriver.sys 51853084F6D842026392335CCC338D67
C:\Windows\System32\DRIVERS\clwvd7.sys 675BB1ABDEABD3F7105174CC20A40E5C
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmusbser.sys BDDE322DD3E6ABBC589C5DC8A948A661
C:\Windows\System32\Drivers\cng.sys 7F7D4B16389CEF932950F6B2604D2601
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 2962AB36BF231188BBECF58A5E93798D
C:\Windows\System32\DRIVERS\ssudbus.sys B8AF290680D6995D98801F70E1BAB56D
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6B
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416
C:\Windows\System32\drivers\dxgkrnl.sys 897AE9430D037B056CF76A49CF588542
C:\Windows\System32\DRIVERS\eamonm.sys E383F3E0FF7218918DBF2D237B7C8C68
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\edevmon.sys E27C3EBF961AE5D713BED1B4AEC3A70E
C:\Windows\System32\DRIVERS\ehdrv.sys 7AF7D48F33A3577A054658BCB81A7E54
C:\Windows\System32\DRIVERS\ekbdflt.sys 4B33AC7791610D8DFE4844D731F4ABC4
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfw.sys DB210CCAB306901A518D31F34A5C6EBD
C:\Windows\System32\DRIVERS\EpfwLWF.sys 9B685B56330D82427A651A672CB8A177
C:\Windows\System32\DRIVERS\epfwwfp.sys 6F7B5B73309508354FAF50C315AC15F0
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys 53E8732CC70CC0991839DF9FC8996E4A
C:\Windows\system32\Drivers\fastfat.sys 24F422E5D7517FEBDA2324116F1A7BE6
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys F07B0E42088848BDC9F2C91780231E9D
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GeneStor.sys D20910743B024C355C7D759D719749C1
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys E6D40D774076BCD7119CB7FAAA1A6004
C:\Windows\system32\drivers\HWiNFO32.SYS 4004657E385E6C714825EB9031ED2062
C:\Windows\System32\Drivers\hwinterface.sys 448BB2FE30F1DDE9EAA4F0E87B52B687
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\idmwfp.sys 68A754FEA927C37C04EED95CBB43C34A
C:\Windows\System32\DRIVERS\igdkmd32.sys 1EC36A3CA56B0A31B4920399EE6D77EB
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys E67C75FEF1E3499FB3A5582069E7289A
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Program Files\UltraISO\drivers\ISODrive.sys 2F03CEB28307983F3B36216D35FFA5AA
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 433C6B6D6214D3771593B60C01A0D91F
C:\Windows\System32\Drivers\ksecpkg.sys 3A518CE9FD5762EA2C40B73292A441EB
C:\Windows\System32\DRIVERS\L1C62x86.sys EB8B99107FE7160DC44E72C3B436B52A
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 4BA509FEF4DB0B683C46821ACDF20B9E
C:\Windows\System32\drivers\massfilter.sys 79EC6C0033776F89DD5131241F0170E1
C:\Windows\System32\Drivers\mbamswissarmy.sys 349D7054443CE6CBFD4C04B79B6AA8C0
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 9664F55623B43FD85D5642A202976AEE
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 20BE6173FD814436000DED25973D3FDC
C:\Windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686
C:\Windows\System32\DRIVERS\mrxsmb.sys 137359129EBA2BEABD5C37A19C7429DD
C:\Windows\System32\DRIVERS\mrxsmb10.sys 12AEBFA31640A50F20D352598464EBD4
C:\Windows\System32\DRIVERS\mrxsmb20.sys CDC3459B5266834D333675C93087BDE3
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 5F2B9CD280C48A8015AD70FCF4DFB758
C:\Windows\System32\drivers\ndis.sys F241CF64EC874861775B81F122532B94
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys EB806AED1697ABD9A0D21BB00888233C
C:\Windows\System32\DRIVERS\netbt.sys 2E226E666C6E11DC8C850071A90BE2DC
C:\Windows\System32\DRIVERS\netr28u.sys C5E19F44F7C5082D3BAD38F971793F63
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys C68AA651F93450ECA51A60D45A8E266C
C:\Windows\system32\Drivers\Ntfs.sys F0CCA0FFC94FE93C03E00A6646D6A3D1
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys DC0453903820086F9043C513FFC4E4AA
C:\Windows\System32\DRIVERS\qcusbser.sys CAB020B18A425690762F2EDC311E5D51
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 856D4FDA0F2FACEDD68ED8B6C52BCA14
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys 2AA7FB156B876CAC20FC1FDEB2D1E95C
C:\Windows\System32\DRIVERS\revoflt.sys B9BB8E2093C1615AD6EA55AD96214354
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 0D702F909C178474660AEA2DD385F2EB
C:\Windows\System32\DRIVERS\srv2.sys E820CCE246A33A933FD7268ECA431528
C:\Windows\System32\DRIVERS\srvnet.sys 5D423D81728D54566A4806C819BC2652
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\System32\DRIVERS\ssudmdm.sys AF6E785B1B28BFED5EF6D95F76977C03
C:\Windows\System32\DRIVERS\ssudserd.sys 9AA7BA5EC7199E9129919A4BE1D5F513
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys C25848DB4A86839A7EDD1077F62AD980
C:\Windows\System32\DRIVERS\tcpip.sys C25848DB4A86839A7EDD1077F62AD980
C:\Windows\System32\drivers\tcpipreg.sys A4BF8BE9D1F7D563C7868AC7B2561545
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 8F143F86FDD8CF4F7BD25973C5983F9D
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6841C85446F906E4584D43A70484E318
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 87632869F4350B7CE711B356B1936B2B
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys EF8127E7E612694F4E8FFDA37D9D00E4
C:\Windows\System32\DRIVERS\usbhub.sys 711E9F7CA6F9A2351F4F97F31004E589
C:\Windows\system32\drivers\usbohci.sys 831F708F06CD5BF3933FBDFB388C606D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745
C:\Windows\system32\drivers\usbuhci.sys 89BDF895EB76E3EC1C02EEF5AA18928D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 21D83DD717E8D681364A5E44A5459717
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomrouterfilter.sys A2C8ACDAB08B0E4C62EA54F23D4B6C54
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\usb2ser.sys 00B7C9B94AD2E62920D46D574D8825B1
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys DF515E1D9B4A510AC60CFD7F77CF466E
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys DF515E1D9B4A510AC60CFD7F77CF466E
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys DF515E1D9B4A510AC60CFD7F77CF466E

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-01 23:16 - 2018-06-01 23:18 - 000035117 _____ C:\Users\POSTE01\Desktop\FRST.txt
2018-06-01 23:16 - 2018-06-01 23:16 - 000000000 ____D C:\FRST
2018-06-01 23:16 - 2018-06-01 23:15 - 001773568 _____ (Farbar) C:\Users\POSTE01\Desktop\FRST.exe
2018-06-01 22:57 - 2018-06-01 23:15 - 001773568 _____ (Farbar) C:\Users\POSTE01\Downloads\FRST.exe
2018-06-01 22:06 - 2018-06-01 22:06 - 000001305 _____ C:\Users\POSTE01\Desktop\Malwarebyt.txt
2018-06-01 21:36 - 2018-06-01 21:36 - 000001908 _____ C:\Users\POSTE01\Desktop\AdwCleaner[C00].txt
2018-06-01 21:35 - 2018-06-01 21:35 - 000133656 _____ C:\Users\POSTE01\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-01 20:11 - 2018-06-01 20:11 - 000001933 _____ C:\Users\POSTE01\Desktop\AdwCleaner[S00].txt
2018-06-01 20:07 - 2018-06-01 20:12 - 000000000 ____D C:\AdwCleaner
2018-06-01 20:07 - 2018-06-01 20:05 - 007271632 _____ (Malwarebytes) C:\Users\POSTE01\Desktop\adwcleaner_7.1.1.exe
2018-06-01 19:27 - 2018-06-01 20:05 - 007271632 _____ (Malwarebytes) C:\Users\POSTE01\Downloads\adwcleaner_7.1.1.exe
2018-06-01 18:56 - 2018-06-01 18:56 - 000032488 _____ C:\Users\POSTE01\Documents\Mobile Security.pdf
2018-05-29 09:56 - 2018-05-29 09:56 - 000000000 _____ C:\Windows\Irremote.ini
2018-05-27 11:32 - 2018-06-01 20:16 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-27 02:44 - 2018-05-27 02:44 - 000018664 _____ C:\Users\POSTE01\Documents\Book1.xlsx
2018-05-25 01:23 - 2018-05-25 01:23 - 000001992 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-25 01:23 - 2018-05-25 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-25 01:23 - 2018-05-25 01:23 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-25 01:23 - 2018-04-26 05:36 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-05-24 09:42 - 2018-05-24 09:42 - 000000000 ____D C:\Users\POSTE01\Documents\Action!
2018-05-24 09:42 - 2018-05-24 09:42 - 000000000 ____D C:\Users\POSTE01\AppData\Local\CEF
2018-05-24 09:39 - 2018-05-24 09:39 - 000001927 _____ C:\Users\POSTE01\Desktop\ESET Security.lnk
2018-05-24 09:38 - 2018-05-29 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2018-05-24 09:38 - 2018-05-29 09:42 - 000000000 ____D C:\Program Files\Mirillis
2018-05-24 09:25 - 2018-05-24 09:25 - 000001734 _____ C:\Users\POSTE01\Downloads\Action_Run.bat.txt
2018-05-24 08:43 - 2018-05-24 08:43 - 000000000 _____ C:\Users\POSTE01\Desktop\مستند نصي جديد ‫‬.txt
2018-05-24 08:37 - 2018-05-24 08:37 - 000235892 _____ C:\Users\POSTE01\Desktop\ZHPDiag01.txt
2018-05-24 08:19 - 2018-05-24 08:18 - 000164758 _____ C:\Users\POSTE01\Desktop\ZHPDiag.txt
2018-05-24 08:01 - 2018-05-24 08:18 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\ZHP
2018-05-24 08:01 - 2018-05-24 08:01 - 000000784 _____ C:\Users\POSTE01\Desktop\ZHPDiag.lnk
2018-05-24 08:01 - 2018-05-24 08:01 - 000000000 ____D C:\Users\POSTE01\AppData\Local\ZHP
2018-05-23 16:38 - 2018-05-23 16:38 - 000001630 _____ C:\Users\POSTE01\Desktop\Malwarebytes.txt
2018-05-23 11:56 - 2018-05-23 11:56 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\CDTPL
2018-05-23 11:55 - 2018-05-23 11:55 - 000001044 _____ C:\Users\Public\Desktop\SysTools vCard Viewer.lnk
2018-05-23 11:55 - 2018-05-23 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools vCard Viewer
2018-05-23 11:55 - 2018-05-23 11:55 - 000000000 ____D C:\Program Files\Common Files\CDTPL
2018-05-23 11:54 - 2018-05-23 11:57 - 000000000 ____D C:\Program Files\SysTools vCard Viewer
2018-05-20 03:09 - 2018-05-20 03:09 - 000527680 _____ C:\Users\POSTE01\Documents\جهات اتصال001.spb
2018-05-20 03:09 - 2018-05-20 03:09 - 000000000 ____D C:\Users\POSTE01\Documents\BackUp
2018-05-20 02:41 - 2018-05-20 02:42 - 008909450 _____ C:\Users\POSTE01\Downloads\Ayat Al Quran_v2.9.1_apkpure.com.apk
2018-05-19 17:07 - 2018-05-19 17:08 - 000000056 _____ C:\Users\POSTE01\Downloads\host.txt
2018-05-19 17:05 - 2018-05-19 17:05 - 000003128 _____ C:\Users\POSTE01\Downloads\license.conf
2018-05-19 00:28 - 2018-05-19 00:28 - 000000066 _____ C:\Users\POSTE01\inittk.ini
2018-05-19 00:15 - 2018-05-19 00:15 - 000000000 ____D C:\Users\POSTE01\AppData\Local\MultiPlayerManager
2018-05-18 02:02 - 2018-05-18 02:02 - 000000045 _____ C:\Users\POSTE01\nuuid.ini
2018-05-18 02:02 - 2018-05-18 02:02 - 000000041 _____ C:\Users\POSTE01\inst.ini
2018-05-18 02:02 - 2018-05-18 02:02 - 000000000 ____D C:\Users\POSTE01\Nox_share
2018-05-18 02:01 - 2018-05-19 19:20 - 000000000 ____D C:\Users\POSTE01\vmlogs
2018-05-18 02:01 - 2018-05-19 19:06 - 000000000 ____D C:\Users\POSTE01\.BigNox
2018-05-18 02:01 - 2018-05-18 02:01 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2018-05-18 01:56 - 2018-05-19 23:54 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Nox
2018-05-18 00:06 - 2018-05-18 00:06 - 000001016 _____ C:\Users\Public\Desktop\AutoTransfer PC.lnk
2018-05-12 17:30 - 2018-05-12 17:31 - 001817380 _____ C:\Users\POSTE01\Documents\لتميز.pdf
2018-05-12 12:09 - 2018-05-12 12:09 - 000000000 ____D C:\Program Files\Quran_in_Word
2018-05-11 00:55 - 2018-05-11 00:55 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Icecream
2018-05-11 00:55 - 2018-05-11 00:55 - 000000000 ____D C:\Users\POSTE01\.Icecream Slideshow Maker
2018-05-11 00:53 - 2018-05-13 11:39 - 000000000 ____D C:\Program Files\Icecream Slideshow Maker
2018-05-11 00:53 - 2018-05-13 11:12 - 000001093 _____ C:\Users\Public\Desktop\Icecream Slideshow Maker.lnk
2018-05-11 00:53 - 2018-05-13 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Slideshow Maker
2018-05-09 17:25 - 2018-05-09 17:25 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Publish Providers
2018-05-09 17:21 - 2018-05-09 17:21 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Sony
2018-05-09 16:18 - 2018-05-09 16:18 - 000001002 _____ C:\Users\Public\Desktop\Vegas Pro 10.0.lnk
2018-05-09 16:17 - 2018-05-09 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2018-05-09 16:15 - 2018-05-09 16:15 - 000000000 ____D C:\ProgramData\Sony
2018-05-09 16:15 - 2018-05-09 16:15 - 000000000 ____D C:\Program Files\Sony
2018-05-09 16:06 - 2018-05-09 17:24 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Sony
2018-05-07 23:15 - 2012-12-07 10:34 - 000025416 _____ (Khalil Azzouzi) C:\Windows\system32\Drivers\ndiskhaz.sys
2018-05-05 23:18 - 2018-05-05 23:18 - 000000000 ____D C:\Users\POSTE01\Documents\Wondershare
2018-05-05 23:08 - 2018-05-05 23:08 - 000002274 _____ C:\Users\Public\Desktop\dr.fone toolkit for Android.lnk
2018-05-05 23:08 - 2018-05-05 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-05-05 16:04 - 2018-05-05 16:04 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\HMYGSetting
2018-05-05 02:59 - 2018-05-05 02:59 - 000003026 _____ (Logix4u) C:\Windows\system32\Drivers\hwinterface.sys
2018-05-05 00:40 - 2018-05-05 16:12 - 000002043 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2018-05-05 00:19 - 2016-07-22 08:21 - 001121040 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2018-05-05 00:19 - 2016-07-22 08:21 - 000589944 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2018-05-05 00:19 - 2016-07-22 08:21 - 000146048 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudserd.sys
2018-05-05 00:19 - 2016-07-22 08:21 - 000146048 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2018-05-05 00:19 - 2016-07-22 08:21 - 000107648 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2018-05-05 00:08 - 2018-05-05 00:08 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2018-05-05 00:07 - 2018-05-05 16:28 - 000000000 ____D C:\Users\POSTE01\Documents\samsung
2018-05-05 00:07 - 2018-05-05 00:07 - 000001912 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2018-05-05 00:07 - 2018-05-05 00:07 - 000001902 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2018-05-05 00:07 - 2018-05-05 00:07 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Samsung
2018-05-05 00:05 - 2018-05-05 00:07 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Samsung
2018-05-04 23:58 - 2018-05-05 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-05-04 23:58 - 2016-05-18 14:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2018-05-04 23:58 - 2016-05-18 14:49 - 000821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2018-05-04 23:58 - 2016-05-18 14:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2018-05-04 15:49 - 2018-05-04 15:50 - 010114756 _____ C:\Users\POSTE01\Documents\Document1.pdf
2018-05-04 13:17 - 2018-05-04 13:17 - 000002522 _____ C:\Users\POSTE01\Desktop\Windows 7 USB DVD Download Tool.lnk
2018-05-04 13:17 - 2018-05-04 13:17 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2018-05-04 13:17 - 2018-05-04 13:17 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2018-05-04 12:17 - 2018-05-05 18:06 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Devolutions
2018-05-04 11:31 - 2018-05-04 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPassword
2018-05-04 11:31 - 2018-05-04 11:31 - 000000000 ____D C:\Program Files\WinPassword
2018-05-04 10:50 - 2018-05-04 10:59 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Wondershare
2018-05-04 10:50 - 2018-05-04 10:50 - 000000000 ____D C:\Program Files\Common Files\Wondershare
2018-04-26 08:52 - 2018-04-26 08:52 - 000001907 _____ C:\Users\Public\Desktop\ESET حماية الدفع المصرفي.lnk
2018-04-26 08:50 - 2018-04-26 08:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-04-26 08:50 - 2018-04-26 08:50 - 000000000 ____D C:\ProgramData\ESET
2018-04-26 08:50 - 2018-04-26 08:50 - 000000000 ____D C:\Program Files\ESET
2018-04-26 08:16 - 2018-05-11 00:55 - 000000000 ____D C:\Users\POSTE01\log
2018-04-26 08:16 - 2018-04-26 08:16 - 000000000 ____D C:\Users\POSTE01\AppData\Local\CrashRpt
2018-04-26 08:15 - 2018-04-26 08:15 - 000000000 ____D C:\Program Files\Common Files\WebM Project
2018-04-26 07:36 - 2018-04-26 07:58 - 000000704 _____ C:\Users\POSTE01\Documents\serialat.windawes.txt
2018-04-25 14:31 - 2018-04-25 14:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_GeneStor_01009.Wdf
2018-04-19 21:28 - 2018-04-19 21:28 - 000000000 ____D C:\Skins
2018-04-19 21:10 - 2018-04-23 21:33 - 000000000 ____D C:\Program Files\EnidSoft
2018-04-19 21:05 - 2018-04-19 21:05 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\OpenOffice
2018-04-19 17:17 - 2018-04-19 17:18 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
2018-04-19 17:17 - 2018-04-19 17:17 - 000001034 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
2018-04-19 17:12 - 2018-04-19 17:15 - 000000000 ____D C:\Program Files\OpenOffice 4
2018-04-19 17:01 - 2018-04-19 17:02 - 000000000 ____D C:\Users\POSTE01\Desktop\OpenOffice 4.1.5 (fr) Installation Files
2018-04-19 15:07 - 2015-07-16 20:12 - 006131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-04-19 15:07 - 2015-07-16 20:12 - 000856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2018-04-19 15:07 - 2015-07-16 20:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2018-04-19 15:07 - 2015-07-16 16:14 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2018-04-19 15:07 - 2014-12-11 18:47 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2018-04-19 15:06 - 2014-08-29 02:44 - 002744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-04-19 15:06 - 2014-05-08 10:06 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2018-04-19 14:39 - 2018-04-19 14:39 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-04-19 14:39 - 2018-04-19 14:39 - 000000000 _SHDL C:\Users\DefaultAppPool\قائمة ابدأ
2018-04-19 14:39 - 2018-04-19 14:39 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\البرامج
2018-04-19 14:39 - 2018-04-19 14:39 - 000000000 ____D C:\Users\DefaultAppPool
2018-04-19 14:39 - 2018-04-15 01:47 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2018-04-19 14:39 - 2017-12-31 21:07 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2018-04-19 14:39 - 2011-04-12 02:44 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2018-04-18 22:14 - 2018-04-18 22:14 - 000002629 _____ C:\Users\POSTE01\Desktop\Microsoft Office PowerPoint 2007.lnk
2018-04-18 20:42 - 2012-08-23 15:48 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-04-18 20:42 - 2012-08-23 15:44 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2018-04-18 20:42 - 2012-08-23 12:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2018-04-18 20:41 - 2013-10-02 01:42 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2018-04-18 20:41 - 2013-10-02 01:32 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2018-04-18 20:41 - 2013-10-02 01:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2018-04-18 20:41 - 2013-10-02 01:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2018-04-18 20:41 - 2013-10-02 01:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2018-04-18 20:41 - 2013-10-02 00:45 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2018-04-18 20:41 - 2013-10-01 23:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2018-04-18 20:31 - 2015-12-16 19:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2018-04-18 20:31 - 2015-12-16 19:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2018-04-18 20:31 - 2015-12-16 19:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2018-04-15 02:05 - 2018-04-15 02:05 - 012334923 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-04-15 02:05 - 2018-04-15 02:05 - 004482048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2018-04-15 02:05 - 2018-04-15 02:05 - 003610088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2018-04-15 02:05 - 2018-04-15 02:05 - 003092336 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 002906624 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 002561968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 002156544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 001791792 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000768808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000371808 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000357152 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000344392 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000307232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000307232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000196000 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000183608 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000181224 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000150552 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000088272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000074376 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000063704 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000060080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2018-04-15 02:05 - 2018-04-15 02:05 - 000022152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2018-04-15 02:04 - 2018-04-15 02:05 - 001948800 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2018-04-15 02:04 - 2018-04-15 02:04 - 003661720 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2018-04-15 02:04 - 2018-04-15 02:04 - 000532888 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2018-04-15 02:04 - 2018-04-15 02:04 - 000243856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-04-15 02:04 - 2018-04-15 02:04 - 000142320 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2018-04-15 02:04 - 2018-04-15 02:04 - 000105648 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2018-04-15 02:04 - 2018-04-15 02:04 - 000101328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-04-15 01:51 - 2018-04-15 01:51 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2018-04-15 01:51 - 2018-04-15 01:51 - 000056832 _____ (GenesysLogic) C:\Windows\system32\Drivers\GeneStor.sys
2018-04-15 01:47 - 2018-04-15 01:47 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2018-04-15 01:47 - 2018-04-15 01:47 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2018-04-15 01:34 - 2018-03-14 18:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-15 01:34 - 2018-03-14 18:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-15 01:34 - 2018-03-14 14:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-15 01:34 - 2018-03-14 14:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-15 01:34 - 2018-03-14 14:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-15 01:34 - 2018-03-14 14:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-15 01:34 - 2018-03-14 14:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-15 01:34 - 2018-03-14 14:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-15 01:34 - 2018-03-14 14:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-15 01:34 - 2018-03-14 14:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-15 01:32 - 2018-06-01 19:09 - 000000000 ____D C:\ProgramData\ProductData
2018-04-15 01:32 - 2018-04-15 01:32 - 000000000 ____D C:\Windows\IObit
2018-04-15 01:29 - 2018-05-24 09:37 - 000002188 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2018-04-15 01:29 - 2018-04-15 01:32 - 000000000 ____D C:\Users\POSTE01\AppData\LocalLow\IObit
2018-04-15 01:29 - 2018-04-15 01:29 - 000023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
2018-04-15 01:29 - 2018-04-15 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-04-15 01:29 - 2018-04-15 01:29 - 000000000 ____D C:\Program Files\IObit
2018-04-15 01:28 - 2018-06-01 20:12 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\IObit
2018-04-15 01:28 - 2018-04-15 01:33 - 000000000 ____D C:\ProgramData\IObit
2018-04-14 23:24 - 2018-04-14 23:25 - 012086482 _____ C:\Users\POSTE01\Documents\قواعد.pdf
2018-04-09 14:24 - 2018-04-15 01:59 - 000000000 ____D C:\Users\POSTE01\AppData\Local\ABBYY
2018-04-09 14:06 - 2018-05-06 21:00 - 000000000 ____D C:\ProgramData\TSRProSettings
2018-04-05 15:13 - 2018-04-05 15:13 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-05 15:13 - 2018-04-05 15:13 - 000000877 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-04-04 22:17 - 2018-04-04 22:17 - 000001374 _____ C:\Users\POSTE01\Desktop\Windows Password Recovery Tool Professional.lnk
2018-04-04 22:17 - 2018-04-04 22:17 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Password Recovery Tool Professional
2018-04-04 22:17 - 2018-04-04 22:17 - 000000000 ____D C:\Program Files\Windows Password Recovery Tool Professional
2018-04-04 15:12 - 2018-04-04 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rene.E Laboratory
2018-04-04 15:12 - 2018-04-04 15:12 - 000000000 ____D C:\Program Files\Rene.E Laboratory
2018-04-03 14:31 - 2018-04-03 14:32 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\GiliSoft
2018-03-31 11:54 - 2018-03-31 11:54 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Picosmos
2018-03-31 11:22 - 2018-03-31 11:22 - 000001230 _____ C:\Users\POSTE01\Desktop\Calculator.lnk
2018-03-31 11:03 - 2018-03-31 11:03 - 000001971 _____ C:\Users\POSTE01\Desktop\KYNG Logo Generator.lnk
2018-03-31 11:03 - 2018-03-31 11:03 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KYNG Logo Generator
2018-03-31 11:03 - 2018-03-31 11:03 - 000000000 ____D C:\Program Files\KYNG Logo Generator
2018-03-30 17:28 - 2018-03-01 15:36 - 000149688 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2018-03-23 14:56 - 2018-04-14 20:33 - 000000000 ____D C:\Program Files\مشغل الفلاش العربي
2018-03-23 14:56 - 2018-03-23 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\مشغل الفلاش العربي
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\مشغل الفلاش العربي
2018-03-17 15:32 - 2018-05-29 09:49 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Apps\Outil de téléchargement USB DVD Windows 7
2018-03-17 15:32 - 2018-03-17 15:32 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outil de téléchargement USB DVD Windows 7
2018-03-17 15:30 - 2018-03-17 15:30 - 000001094 _____ C:\Users\POSTE01\Desktop\USB Disk Storage Format Tool.lnk
2018-03-17 15:30 - 2018-03-17 15:30 - 000000063 _____ C:\Users\POSTE01\Desktop\Create Bootable USB.url
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Storage Format Tool 5.3
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\Program Files\USB Disk Storage Format Tool
2018-03-12 21:02 - 2018-03-12 21:04 - 000000000 ____D C:\Program Files\Mobiconnect
2018-03-12 21:02 - 2018-03-12 21:02 - 000001850 _____ C:\Users\Public\Desktop\Mobiconnect.lnk
2018-03-12 21:02 - 2018-03-12 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobiconnect
2018-03-12 21:02 - 2011-08-29 11:42 - 000107520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2018-03-12 21:02 - 2011-08-29 11:42 - 000107520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2018-03-12 21:02 - 2011-08-29 11:42 - 000107520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2018-03-12 21:02 - 2011-08-29 11:42 - 000009216 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2018-03-12 20:39 - 2018-04-09 14:19 - 000000000 ____D C:\Users\POSTE01\Doctor Web
2018-03-09 21:05 - 2018-05-04 23:53 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Downloaded Installations
2018-03-08 23:00 - 2018-04-11 23:17 - 000000000 ____D C:\Users\POSTE01\Documents\NeroVision
2018-03-08 22:57 - 2018-03-08 22:57 - 000000000 ____D C:\Users\POSTE01\Documents\Nero
2018-03-08 22:44 - 2018-05-11 22:25 - 000000081 _____ C:\Users\POSTE01\AppData\Roaming\default.pls
2018-03-08 21:36 - 2018-03-08 21:43 - 719874288 _____ C:\Users\POSTE01\Documents\TempImage.nrg
2018-03-08 21:00 - 2018-05-29 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
2018-03-08 21:00 - 2018-03-08 21:00 - 000000000 ____D C:\Users\POSTE01\AppData\Local\Ahead
2018-03-08 20:57 - 2018-05-29 09:56 - 000001024 _____ C:\Users\POSTE01\.rnd
2018-03-08 20:54 - 2018-05-29 10:00 - 000000000 ____D C:\Program Files\Common Files\Nero
2018-03-06 22:06 - 2018-03-06 22:06 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\dvdcss

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-01 22:07 - 2017-12-31 22:49 - 000000000 ____D C:\Users\POSTE01\Documents\Snagit
2018-06-01 21:37 - 2018-01-03 20:19 - 000000000 ____D C:\Users\POSTE01\AppData\LocalLow\Mozilla
2018-06-01 21:34 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\ModemLogs
2018-06-01 21:04 - 2018-01-13 21:21 - 000000000 ____D C:\Program Files\TeamViewer
2018-06-01 20:25 - 2009-07-14 05:34 - 000038800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-01 20:25 - 2009-07-14 05:34 - 000038800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-01 20:19 - 2017-12-29 19:28 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\IDM
2018-06-01 20:19 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-06-01 20:18 - 2017-12-31 23:22 - 000000000 ____D C:\Users\POSTE01\AppData\Local\CrashDumps
2018-06-01 20:15 - 2017-12-31 21:08 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-06-01 20:15 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-01 20:08 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\tracing
2018-06-01 19:33 - 2018-01-27 21:29 - 000000000 ____D C:\Users\POSTE01\AppData\LocalLow\Temp
2018-05-29 11:22 - 2017-12-29 19:28 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\DMCache
2018-05-29 10:51 - 2017-12-29 11:50 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\vlc
2018-05-29 10:19 - 2017-12-29 15:19 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-05-29 10:08 - 2018-01-21 01:05 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Nero
2018-05-29 09:56 - 2011-04-12 02:34 - 000715614 _____ C:\Windows\system32\perfh00C.dat
2018-05-29 09:56 - 2011-04-12 02:34 - 000512926 _____ C:\Windows\system32\perfh001.dat
2018-05-29 09:56 - 2011-04-12 02:34 - 000139896 _____ C:\Windows\system32\perfc00C.dat
2018-05-29 09:56 - 2011-04-12 02:34 - 000104510 _____ C:\Windows\system32\perfc001.dat
2018-05-29 09:56 - 2010-11-20 22:01 - 002288884 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-29 09:45 - 2017-12-29 11:55 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Foxit Software
2018-05-29 09:44 - 2017-12-29 11:56 - 000000000 ____D C:\ProgramData\Foxit Software
2018-05-27 11:43 - 2017-12-29 11:49 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-05-27 11:43 - 2017-12-29 11:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-25 03:45 - 2017-12-29 19:28 - 000000000 ____D C:\Users\POSTE01\Downloads\Video
2018-05-25 01:23 - 2018-02-23 13:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-19 19:08 - 2018-01-20 20:41 - 000000000 ____D C:\Users\POSTE01\Downloads\SHAREit
2018-05-19 19:06 - 2017-12-29 19:28 - 000000000 ____D C:\Users\POSTE01\Downloads\Compressed
2018-05-19 00:28 - 2017-12-29 11:15 - 000000000 ____D C:\Users\POSTE01
2018-05-18 02:46 - 2018-01-13 21:21 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\TeamViewer
2018-05-18 02:00 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\Registration
2018-05-18 00:54 - 2017-12-29 21:42 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-18 00:54 - 2017-12-29 21:42 - 000002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-18 00:08 - 2018-01-31 22:44 - 000000000 ____D C:\Program Files\USB Disk Security
2018-05-18 00:07 - 2018-01-31 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2018-05-18 00:07 - 2017-12-29 12:30 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Zbshareware Lab
2018-05-18 00:06 - 2018-01-31 22:44 - 000000992 _____ C:\Users\Public\Desktop\USB Disk Security.lnk
2018-05-16 19:20 - 2018-01-09 15:01 - 000000000 ____D C:\Users\POSTE01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-05-11 16:45 - 2017-12-29 21:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-11 16:40 - 2017-12-29 11:51 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-11 16:37 - 2017-12-29 11:51 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-05-11 16:37 - 2017-12-29 11:51 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-05-10 23:48 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-05-08 22:03 - 2018-01-04 03:06 - 000000000 ____D C:\Windows\system32\MRT
2018-05-08 21:54 - 2018-01-04 03:06 - 138711016 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-08 21:54 - 2018-01-04 03:06 - 138711016 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-05 22:35 - 2018-01-05 21:33 - 000000000 ____D C:\Program Files\Wondershare
2018-05-05 18:16 - 2018-01-07 01:39 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-05-05 18:15 - 2018-01-05 21:33 - 000000000 ____D C:\ProgramData\Wondershare
2018-05-05 15:47 - 2009-07-14 05:53 - 000032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-05 00:39 - 2017-12-30 00:16 - 000000000 ____D C:\Program Files\SAMSUNG
2018-05-04 23:56 - 2018-02-01 18:43 - 000000000 ____D C:\ProgramData\Samsung
2018-05-04 21:39 - 2018-01-27 21:56 - 000000000 ____D C:\Users\POSTE01\Desktop\مجلد جديد ‫‬
2018-05-04 13:01 - 2018-01-01 20:12 - 000000929 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2018-03-08 22:44 - 2018-05-11 22:25 - 000000081 _____ () C:\Users\POSTE01\AppData\Roaming\default.pls
2018-01-27 21:50 - 2018-01-27 21:50 - 000033134 _____ () C:\Users\POSTE01\AppData\Roaming\UserTile.png
2018-01-03 23:20 - 2018-02-01 19:18 - 000005632 _____ () C:\Users\POSTE01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-31 22:37 - 2018-01-31 22:37 - 000000001 _____ () C:\Users\POSTE01\AppData\Local\llftool.4.40.agreement
2018-01-27 21:42 - 2018-04-14 20:39 - 000007607 _____ () C:\Users\POSTE01\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale ar-SA
inherit {globalsettings}
default {current}
resumeobject {498a9e89-ec6f-11e7-8b02-d65330f96f3a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale ar-SA
inherit {bootloadersettings}
recoverysequence {498a9e8b-ec6f-11e7-8b02-d65330f96f3a}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {498a9e89-ec6f-11e7-8b02-d65330f96f3a}
nx OptIn

Windows Boot Loader
-------------------
identifier {498a9e8b-ec6f-11e7-8b02-d65330f96f3a}
device ramdisk=[C:]\Recovery\498a9e8b-ec6f-11e7-8b02-d65330f96f3a\Winre.wim,{498a9e8c-ec6f-11e7-8b02-d65330f96f3a}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\498a9e8b-ec6f-11e7-8b02-d65330f96f3a\Winre.wim,{498a9e8c-ec6f-11e7-8b02-d65330f96f3a}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {498a9e89-ec6f-11e7-8b02-d65330f96f3a}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale ar-SA
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale ar-SA
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {498a9e8c-ec6f-11e7-8b02-d65330f96f3a}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\498a9e8b-ec6f-11e7-8b02-d65330f96f3a\boot.sdi


LastRegBack: 2018-06-01 20:44

==================== End of FRST.txt ============================