Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2019 Ran by hisham idris (administrator) on HISHAMIDRIS-PC (05-01-2019 23:31:57) Running from H:\Downloads\Programs Loaded Profiles: hisham idris (Available Profiles: hisham idris & _ashbackup_) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe (WiseCleaner.com) C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe (WiseCleaner.com) C:\Program Files (x86)\Neptune SystemCare 2017\BootTime.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe () C:\Program Files (x86)\Audials\Audials 2018\AudialsNotifier.exe (Efficient Software) C:\Program Files (x86)\Efficient Sticky Notes Pro\EfficientStickyNotesPro.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (The Qt Company Ltd) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe (The CefSharp Authors) C:\Program Files (x86)\Audials\Audials 2018\CefSharp.BrowserSubprocess.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxcr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc.) HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [91384 2018-11-16] (Bitdefender) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [482024 2018-11-23] (Bitdefender) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4049216 2018-12-13] (Dropbox, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4043888 2018-12-27] (Tonec Inc.) HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.) HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 2018\AudialsNotifier.exe [4294288 2018-11-23] () HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\Policies\Explorer: [] HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2009-07-14] (Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2009-07-14] (Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}] -> C:\Windows\System32\RdpGroupPolicyExtension.dll [2015-12-20] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [167264 2016-11-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [147528 2016-11-14] (NVIDIA Corporation) Startup: C:\Users\hisham idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes Pro.lnk [2018-12-23] ShortcutTarget: Efficient Sticky Notes Pro.lnk -> C:\Program Files (x86)\Efficient Sticky Notes Pro\EfficientStickyNotesPro.exe (Efficient Software) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26936 2016-05-31] (National Instruments Corporation) Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [30008 2016-05-31] (National Instruments Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E2DEDE33-A39F-4C2F-8B01-1DB292A38C9A}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{ECC3E0B0-9D8C-4311-81CA-C7126F69EFB1}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-46804314-439942413-2531280242-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-21] (Internet Download Manager, Tonec Inc.) BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-04] (Bitdefender) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-04] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-12] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-01-04] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-12] (Oracle Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-21] (Internet Download Manager, Tonec Inc.) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-04] (Bitdefender) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-01-04] (Microsoft Corporation) BHO-x32: DIALux 3.1 ULDBrowserHelper Class -> {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} -> C:\Program Files (x86)\DIALux\DLXShellExtension.dll [2010-05-12] (DIAL GmbH, Germany) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-01-04] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-04] (Bitdefender) Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-04] (Bitdefender) Toolbar: HKU\S-1-5-21-46804314-439942413-2531280242-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-04] (Bitdefender) Handler-x32: asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) Handler-x32: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll [2010-05-12] (DIAL GmbH, Germany) Handler-x32: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) Handler-x32: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-04] (Microsoft Corporation) Handler-x32: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) Handler-x32: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) Handler-x32: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWow64\WowCtl2.dll [2006-10-13] (EzTools Software) Handler-x32: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) Handler-x32: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software) FireFox: ======== FF DefaultProfile: oialp6mt.default FF ProfilePath: C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default [2019-01-05] FF Homepage: Mozilla\Firefox\Profiles\oialp6mt.default -> hxxp://hvacrknowlagecenter.homestead.com/Training-DATA.html|hxxp://www.engcouncil.sd/|hxxps://www.youtube.com/user/MechanicalFet/playlists|hxxps://ubuntuforums.org/forum.php|hxxps://www.facebook.com/groups/Arab.mep/ | hxxps://sharewareonsale.com/ | hxxps://go.bluevolt.com/Grundfos/Catalog/Residential-Hydronics-Systems/16924/ | hxxps://xyleminc.csod.com/client/xyleminc/default.aspx?ReturnUrl=https%3a%2f%2fxyleminc.csod.com%2fLMS%2fcatalog%2fWelcome.aspx%3ftab_page_id%3d-67%26tab_id%3d-1 | hxxps://danfoss.sabacloud.com/Saba/Web_wdk/EU2PRD0064/index/prelogin.rdf?spfUrl=%2FSaba%2FWeb_spf%2FEU2PRD0064%2Fcommon%2Fprofile%2Fplans%2Fpersn000000000098982 | hxxp://www.1337institute.com/activate-code | hxxps://stackskills.com/?host=stackskills.com | hxxps://www.udemy.com/ |hxxp://petercorke.com/wordpress/|hxxps://pirateproxy.ist/top/699|hxxp://hvac-talk.com/vbb/forum.php|hxxps://www.maharah.net/users/hisham_idris-20180121164434/dashboard?type=taking FF Extension: (Facebook Container) - C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default\Extensions\@contain-facebook.xpi [2018-11-23] FF Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default\Extensions\info@priceblink.com.xpi [2018-10-16] FF Extension: (Refresh Page) - C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default\Extensions\refreshpage@refreshpage.net.xpi [2018-09-07] FF Extension: (LastPass: Free Password Manager) - C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default\Extensions\support@lastpass.com.xpi [2018-12-14] FF Extension: (Google Translator for Firefox) - C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default\Extensions\translator@zoli.bod.xpi [2018-12-02] FF Extension: (uBlock Origin) - C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default\Extensions\uBlock0@raymondhill.net.xpi [2018-12-01] FF Extension: (wamessenger) - C:\Users\hisham idris\AppData\Roaming\Mozilla\Firefox\Profiles\oialp6mt.default\Extensions\{ef206fda-3358-48d0-99c9-8dd63243fbde}.xpi [2018-07-16] FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2018-11-23] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-12-20] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-12-19] FF HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\hisham idris\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\hisham idris\AppData\Roaming\IDM\idmmzcc5 [2017-05-17] [Legacy] [not signed] FF HKU\S-1-5-21-46804314-439942413-2531280242-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy] FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~4\Bin\NPCOMP~1.DLL [2017-04-20] (Dassault Systemes) FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-12] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-04] (Microsoft Corporation) FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~4\Bin\x86\NPCOMP~1.DLL [2017-04-20] (Dassault Systemes) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-04] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-01-04] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN) FF Plugin HKU\S-1-5-21-46804314-439942413-2531280242-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hisham idris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-46804314-439942413-2531280242-1000: ElectaLive8 -> C:\Program Files (x86)\Electa Live 8.0\ElectaPlugins\npelecta8.dll [2016-12-06] (Electa Communications Ltd) Chrome: ======= CHR HomePage: Default -> hxxp://search.chatzum.com/ CHR StartupUrls: Default -> "hxxps://www.facebook.com/?ref=logo","hxxps://www.youtube.com/channel/UCTZuq-tARWlFxWDhvFIRQtA","hxxps://web.whatsapp.com/","hxxps://www.udemy.com/courses/","hxxp://1337institute.com/myenrolled","hxxps://go.bluevolt.com/Grundfos/CourseOutline/103--Pump-Hydraulics/64107?ActiveTab=Outline#","hxxp://www.engglobe.com/2017/01/blog-post_23.html","hxxps://www.priceindustries.com/content/ptm/launch.aspx?Section=Basics%20of%20HVAC","hxxps://www.youtube.com/watch?v=DNuWN_nvtA4&list=PL_t59qAvrFr1VV8KRu3-b16dXSJiio9Cv","hxxps://stackskills.com/?utm_campaign=purchase_notification&utm_medium=email&utm_source=student_mailer" CHR Profile: C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default [2018-11-29] CHR Extension: (Google Translate) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-11-18] CHR Extension: (Slides) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19] CHR Extension: (Docs) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19] CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2018-11-18] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-07-28] CHR Extension: (TV) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2018-01-03] CHR Extension: (8-Ball Pool) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2018-07-04] CHR Extension: (Tampermonkey) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-07-04] CHR Extension: (Sheets) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19] CHR Extension: (AdBlock) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-11-19] CHR Extension: (Zoom Player Deals) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhepckfebdcnjemeknooaegpociaaiae [2017-07-10] CHR Extension: (Into The Mist) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2017-07-05] CHR Extension: (Google Mail Checker) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-07-06] CHR Extension: (Google Hangouts) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-11-19] CHR Extension: (IDM Integration Module) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-18] CHR Extension: (Save to Pocket) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-04] CHR Extension: (Gmail) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-05] CHR Extension: (Chrome Media Router) - C:\Users\hisham idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-18] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-12-27] CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-12-27] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1388920 2018-05-09] (Autodesk Inc.) S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe [322432 2018-10-25] (AnchorFree Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-11-23] (Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender) R2 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [96568 2018-11-16] (Bitdefender) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-17] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-17] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-12-13] (Dropbox, Inc.) R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [94496 2018-11-23] (Bitdefender) S3 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [184368 2017-04-20] () R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] S3 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2017-04-20] (Intel Corporation) S3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2015-06-05] (National Instruments, Inc.) S3 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50200 2016-06-08] (National Instruments Corporation) S3 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60440 2016-06-08] (National Instruments Corporation) R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2017-07-03] (Microsoft Corporation) S3 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [94752 2016-05-23] (National Instruments Corporation) S3 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [65096 2016-05-31] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [83528 2016-05-31] (National Instruments Corporation) S3 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [594984 2016-05-27] (National Instruments Corporation) S3 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394264 2016-06-08] (National Instruments Corporation) S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S3 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [334424 2016-05-31] (National Instruments Corporation) S3 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [179304 2016-05-31] (National Instruments Corporation) S3 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [102512 2016-05-19] (National Instruments Corporation) S3 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [65080 2016-05-31] (National Instruments Corporation) S3 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [699952 2016-06-05] (National Instruments Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-20] (SolidWorks) [File not signed] S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-03] (Microsoft Corporation) S3 SWVisualize2017.BoostService; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe [58776 2017-04-20] (Dassault Systèmes) S3 SWVisualize2017.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [26008 2017-04-20] (Dassault Systèmes) R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector) S3 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1725408 2017-03-14] (GlavSoft LLC.) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112656 2018-11-23] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [804656 2018-11-23] (Bitdefender) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WiseBootAssistant; C:\Program Files (x86)\Neptune SystemCare 2017\BootTime.exe [646904 2017-03-01] (WiseCleaner.com) [File not signed] S3 ashbackup; "c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupService-ab.exe" "--controlFolder=c:\ProgramData\Ashampoo Backup\control" "--id=ashbackup" daemon R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [48624 2018-06-15] (The OpenVPN Project) R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1292296 2018-06-05] (BitDefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [156912 2018-10-18] (Bitdefender) R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [45728 2018-09-17] (© Bitdefender SRL) R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (BitDefender) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [File not signed] R1 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [359584 2018-10-04] (BitDefender S.R.L. Bucharest, ROMANIA) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [193184 2018-05-29] (BitDefender LLC) R2 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [196352 2018-10-26] (Bitdefender) S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] () S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-07-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [25256 2018-11-23] (Audials AG) S4 RsFx0320; C:\Windows\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21] (The OpenVPN Project) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [609576 2018-06-28] (Bitdefender) S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2018-07-12] (wisecleaner.com) [File not signed] S3 WiseRegNotify; C:\Windows\WiseRegNotify.sys [28080 2017-11-26] (WiseCleaner.com) [File not signed] U3 avgbdisk; no ImagePath U3 SwitchBoard; no ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-05 23:27 - 2019-01-05 23:28 - 000000000 ____D C:\FRST 2019-01-05 20:40 - 2019-01-05 20:42 - 402190684 _____ C:\Users\hisham idris\Desktop\BDSP_HISHAMIDRIS-PC_2019_01_05_20_40.zip 2019-01-05 20:40 - 2019-01-05 20:42 - 000000000 ____D C:\ProgramData\Dumps 2019-01-05 20:15 - 2019-01-05 20:15 - 000000000 ____D C:\Users\hisham idris\Downloads\Corona 1.7.4 (3dsmax 2012-2018) 2019-01-05 20:06 - 2019-01-05 20:08 - 151597245 _____ C:\Users\hisham idris\Downloads\Corona 1.7.4 (3dsmax 2012-2018).rar 2019-01-05 14:12 - 2019-01-05 13:45 - 000044032 _____ C:\Users\hisham idris\Desktop\AL MABDDA HOTEL OFFER-1_Furat_fire.xls 2019-01-05 13:59 - 2019-01-05 17:12 - 000000000 ____D C:\Users\hisham idris\Desktop\Fire 2019-01-05 13:58 - 2019-01-05 13:58 - 000000000 ____D C:\LispsRegistration 2019-01-05 09:34 - 2019-01-05 09:34 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Sync App Settings 2019-01-05 09:33 - 2019-01-05 09:33 - 000000000 ____D C:\ProgramData\Sync App Settings 2019-01-05 09:32 - 2019-01-05 09:33 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allway Sync 2019-01-05 09:32 - 2019-01-05 09:33 - 000000000 ____D C:\Program Files\Allway Sync 2019-01-04 22:45 - 2019-01-04 22:45 - 000058721 _____ C:\ProgramData\dm.1546631096.bdinstall.bin 2019-01-04 22:42 - 2019-01-04 22:42 - 000785240 _____ C:\ProgramData\cl.1546630611.bdinstall.v2.bin 2019-01-04 22:42 - 2019-01-04 22:42 - 000101524 _____ C:\ProgramData\cl.kit.1546630608.bdinstall.v2.bin 2019-01-04 22:39 - 2019-01-04 22:39 - 000002266 ____H C:\Users\Public\Desktop\Bitdefender.lnk 2019-01-04 22:39 - 2019-01-04 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security 2019-01-04 22:38 - 2018-04-19 08:37 - 000023032 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys 2019-01-04 22:37 - 2018-10-26 11:57 - 000196352 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys 2019-01-04 22:37 - 2018-10-18 18:12 - 000156912 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys 2019-01-04 22:37 - 2018-10-04 23:40 - 000359584 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\Gemma.sys 2019-01-04 22:37 - 2018-09-17 05:36 - 000045728 _____ (© Bitdefender SRL) C:\Windows\system32\Drivers\bdprivmon.sys 2019-01-04 22:37 - 2018-06-28 14:39 - 000609576 _____ (Bitdefender) C:\Windows\system32\Drivers\trufos.sys 2019-01-04 22:37 - 2018-06-05 04:32 - 001292296 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys 2019-01-04 22:37 - 2018-05-29 05:04 - 000193184 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2019-01-04 22:37 - 2018-04-27 08:45 - 000096448 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys 2019-01-04 22:36 - 2019-01-04 22:37 - 000000000 ____D C:\Program Files\Common Files\Bitdefender 2019-01-04 21:49 - 2019-01-04 21:49 - 000183632 _____ C:\Users\hisham idris\AppData\Local\GDIPFONTCACHEV1.DAT 2019-01-04 21:28 - 2019-01-04 21:28 - 000578240 _____ C:\Windows\system32\FNTCACHE.DAT 2019-01-04 12:57 - 2019-01-04 12:58 - 000000000 ____D C:\Payazed_Menu_V4.51_Portable 2019-01-04 12:54 - 2019-01-04 13:05 - 279796952 _____ C:\Users\hisham idris\Desktop\AutoCAD شرح الأتوكاد.avi 2019-01-04 12:43 - 2019-01-04 12:43 - 007741744 _____ C:\Users\hisham idris\Desktop\Electrical_Shop_Drawing_V2.pdf 2019-01-04 12:22 - 2019-01-04 12:22 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-01-04 12:22 - 2019-01-04 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-01-04 12:19 - 2019-01-04 12:19 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2019-01-04 10:58 - 2019-01-04 10:58 - 000000000 ____D C:\Program Files\Microsoft Office 15 2019-01-04 10:25 - 2019-01-04 10:51 - 000000000 ____D C:\Payazed_Menu 2019-01-04 10:24 - 2019-01-04 10:24 - 000000116 _____ C:\Users\hisham idris\Documents\acad.err 2019-01-04 10:01 - 2019-01-04 10:01 - 000000000 ____D C:\Payazed_menu_lisps 2019-01-04 08:22 - 2019-01-04 08:22 - 000001145 _____ C:\Users\hisham idris\Desktop\HONEYWELL ENGINEERING MANUAL of AUTOMATIC CONTROL.pdf - Shortcut.lnk 2019-01-03 12:36 - 2019-01-05 13:46 - 000000000 ____D C:\Users\hisham idris\Desktop\test for fire work prices 2019-01-02 16:47 - 2019-01-02 16:49 - 000000000 ____D C:\Users\hisham idris\Desktop\usb 2019-01-02 16:43 - 2019-01-02 16:44 - 000000000 ____D C:\Users\hisham idris\Desktop\Fire only Pricing 2019-01-02 15:08 - 2019-01-02 16:46 - 003692575 _____ C:\Users\hisham idris\Desktop\Everything about Elite Fire.pdf 2019-01-02 14:38 - 2019-01-02 14:38 - 000001186 _____ C:\Users\hisham idris\Desktop\NFPA 2006 - Shortcut.lnk 2019-01-02 14:20 - 2019-01-02 14:22 - 000000000 ____D C:\Users\hisham idris\Desktop\everything with elite 2019-01-02 11:45 - 2019-01-02 11:45 - 000001145 ____H C:\Users\hisham idris\Desktop\DuctNet.lnk 2019-01-02 09:01 - 2019-01-02 09:01 - 000358727 _____ C:\Users\hisham idris\Desktop\Certificate.pdf 2019-01-01 07:49 - 2019-01-01 07:49 - 000001721 _____ C:\Users\hisham idris\Desktop\ما بعد غرفة الطلمبات (( fire fighting ((water system )) - YouTube.mp4 - Shortcut.lnk 2019-01-01 00:14 - 2019-01-01 00:14 - 000001221 _____ C:\Users\hisham idris\Desktop\أنظمة إنذار الحريق.pdf - Shortcut.lnk 2019-01-01 00:04 - 2019-01-01 00:04 - 000001026 _____ C:\Users\hisham idris\Desktop\wsfu حساب اقطار مواسير المياة للمبني.pdf - Shortcut.lnk 2018-12-31 16:45 - 2019-01-01 14:54 - 016125694 _____ C:\Users\hisham idris\Desktop\مشروع فندق المعابدة في مكة المكرمة.pptx 2018-12-31 09:35 - 2018-12-29 20:38 - 000018985 _____ C:\Users\hisham idris\Desktop\HVAC Duct takeoff.xlsx 2018-12-31 08:15 - 2018-12-31 08:15 - 000000010 _____ C:\Users\hisham idris\Desktop\credit rajhee.txt 2018-12-30 11:04 - 2018-12-30 11:04 - 162329442 _____ C:\Users\hisham idris\Desktop\AutoFluidGuide.pdf 2018-12-29 11:46 - 2018-12-29 11:46 - 000620733 _____ C:\Users\hisham idris\Desktop\Anti-Vortex-Assembly.pdf 2018-12-29 11:20 - 2018-12-29 11:20 - 000293411 _____ C:\Users\hisham idris\Desktop\supplemental-correction-sheets-for-pump-systems-(domestic-or-fire)-pc-mech-corr30-2014.pdf 2018-12-28 23:52 - 2018-12-28 23:52 - 000001437 _____ C:\Users\hisham idris\Desktop\كتاب رائع عن المضخات تأليف- تحسين الهاشمي .pdf - Shortcut.lnk 2018-12-28 20:43 - 2018-12-28 20:43 - 000124928 _____ C:\Users\hisham idris\Desktop\AL MABDDA HOTEL OFFER.xls 2018-12-28 13:17 - 2018-12-28 13:17 - 000108805 _____ C:\Users\hisham idris\Desktop\NCB_Fees_and_Charges.pdf 2018-12-27 20:55 - 2018-12-20 14:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2018-12-25 18:07 - 2018-12-25 18:17 - 000000000 ____D C:\Users\hisham idris\AppData\Local\Electa Live 8.0 2018-12-25 17:51 - 2018-12-25 18:06 - 000000000 ____D C:\Program Files (x86)\Electa Live 8.0 2018-12-25 17:51 - 2010-07-19 09:12 - 000394272 _____ C:\Windows\SysWOW64\x64v05.dll 2018-12-25 17:51 - 2010-07-19 09:12 - 000283680 _____ C:\Windows\SysWOW64\prntjpg.dll 2018-12-24 22:24 - 2018-12-24 22:24 - 000001137 _____ C:\Users\hisham idris\Desktop\Pipe Flow Expert User Guide.pdf - Shortcut.lnk 2018-12-23 23:38 - 2018-12-31 15:20 - 000000000 ____D C:\Users\hisham idris\Documents\Efficient Organizer AutoBackup 2018-12-23 23:09 - 2018-12-23 23:09 - 000000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 2018.lnk 2018-12-23 23:09 - 2018-12-23 23:09 - 000000960 _____ C:\Users\Public\Desktop\Audials 2018.lnk 2018-12-23 23:09 - 2018-12-23 23:09 - 000000000 ____D C:\ProgramData\RapidSolution 2018-12-23 23:09 - 2018-12-23 23:09 - 000000000 ____D C:\Program Files (x86)\Audials 2018-12-23 23:08 - 2018-12-23 23:08 - 000000000 ____D C:\Users\hisham idris\AppData\Local\RapidSolution 2018-12-23 22:54 - 2019-01-05 19:45 - 000000000 ____D C:\ProgramData\firebird 2018-12-23 22:54 - 2019-01-05 17:13 - 003383296 _____ C:\Users\hisham idris\Documents\MyStickyNotes.esnw 2018-12-23 22:54 - 2018-12-24 08:35 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Efficient Sticky Notes Pro 2018-12-23 22:54 - 2018-12-23 22:54 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Efficient Software 2018-12-23 22:54 - 2018-12-23 22:54 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Efficient Reminder 2018-12-23 22:54 - 2018-12-23 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efficient Sticky Notes Pro 2018-12-23 22:54 - 2018-12-23 22:54 - 000000000 ____D C:\Program Files (x86)\Efficient Sticky Notes Pro 2018-12-23 12:50 - 2018-12-23 12:50 - 000001929 _____ C:\Users\hisham idris\Desktop\ESP CALCULATION ASHRAE DUCT FITTING DATA BASE COMPLETE HVAC (ENGLISH) hvac - YouTube.mp4 - Shortcut.lnk 2018-12-23 12:46 - 2018-12-23 12:46 - 000001134 _____ C:\Users\hisham idris\Desktop\Elite Fire ahmed badran - Shortcut.lnk 2018-12-23 12:26 - 2018-12-23 12:26 - 000001242 _____ C:\Users\hisham idris\Desktop\AUTO CAD HVAC SYSTEM DRAWING COURSE - Shortcut.lnk 2018-12-23 12:17 - 2018-12-23 12:17 - 000001626 _____ C:\Users\hisham idris\Desktop\تصميم الانظمة الكهربائية للضغط المنخفض باستخدام الاتوكاد.pdf - Shortcut.lnk 2018-12-22 16:50 - 2018-12-22 16:50 - 000000000 ____D C:\Users\hisham idris\AppData\Local\Foxit Reader 2018-12-22 14:10 - 2018-12-22 14:15 - 000013354 _____ C:\Users\hisham idris\Desktop\BAR AL AMAN_MORED _pipe.xlsx 2018-12-20 21:31 - 2018-04-08 15:58 - 003449248 _____ C:\Users\hisham idris\Desktop\ELECTRICAL FINAL-شركه جوهره الاخوه.dwg 2018-12-20 08:44 - 2018-12-20 08:44 - 000076524 _____ C:\ProgramData\agent.update.1545284594.bdinstall.v2.bin 2018-12-19 00:24 - 2018-12-19 00:24 - 000000000 ____D C:\Users\hisham idris\AppData\Local\CrashRpt 2018-12-19 00:24 - 2018-12-19 00:24 - 000000000 ____D C:\Users\hisham idris\AppData\Local\Ashampoo 2018-12-19 00:24 - 2018-12-19 00:24 - 000000000 ____D C:\Program Files (x86)\Ashampoo 2018-12-19 00:07 - 2018-12-19 00:09 - 057644136 _____ (Ashampoo GmbH & Co. KG ) C:\Users\hisham idris\Downloads\Ashampoo Snap 9.exe 2018-12-17 22:22 - 2018-12-17 22:22 - 000000000 ____D C:\Users\hisham idris\Documents\DIALux 2018-12-17 22:13 - 2018-12-17 22:13 - 000002117 _____ C:\Users\hisham idris\Desktop\POV-Ray v3.6.lnk 2018-12-17 22:13 - 2018-12-17 22:13 - 000002117 _____ C:\Users\_ashbackup_\Desktop\POV-Ray v3.6.lnk 2018-12-17 22:13 - 2018-12-17 22:13 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POV-Ray for Windows.lnk 2018-12-17 22:13 - 2018-12-17 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POV-Ray for Windows v3.6 2018-12-17 22:13 - 2018-12-17 22:13 - 000000000 ____D C:\Program Files (x86)\POV-Ray for Windows v3.6 2018-12-17 22:07 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2018-12-17 22:07 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2018-12-17 22:06 - 2018-12-17 22:06 - 000026087 _____ C:\DIALux Setup Information.txt 2018-12-17 22:06 - 2018-12-17 22:06 - 000001859 _____ C:\Users\Public\Desktop\DIALux 4.8 Light.lnk 2018-12-17 22:06 - 2018-12-17 22:06 - 000001845 _____ C:\Users\Public\Desktop\DIALux 4.8.lnk 2018-12-17 22:06 - 2018-12-17 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIALux 2018-12-17 22:06 - 2009-02-16 16:13 - 003833856 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf300.dll 2018-12-17 22:06 - 2006-08-01 14:09 - 001966080 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf251.dll 2018-12-17 22:05 - 2018-12-17 22:06 - 000000101 _____ C:\Windows\Dialux.ini 2018-12-17 22:01 - 2018-12-17 22:28 - 000000000 ____D C:\Program Files (x86)\DIALux 2018-12-17 22:01 - 2018-12-17 22:22 - 000000000 ____D C:\ProgramData\DIALux 2018-12-17 22:00 - 2018-12-17 22:28 - 000007585 _____ C:\DIALux Setup Log.txt 2018-12-17 21:57 - 2018-12-17 21:59 - 000000000 ____D C:\Users\hisham idris\Desktop\DIALux 4.8.0.0 Setup 2018-12-17 21:45 - 2018-12-17 21:45 - 000002163 _____ C:\Users\hisham idris\Desktop\ASHRAE Duct Fitting Database.lnk 2018-12-17 21:45 - 2018-12-17 21:45 - 000002163 _____ C:\Users\_ashbackup_\Desktop\ASHRAE Duct Fitting Database.lnk 2018-12-17 21:45 - 2018-12-17 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashrae 2018-12-17 21:45 - 2018-12-17 21:45 - 000000000 ____D C:\Program Files (x86)\Ashrae 2018-12-17 21:45 - 2003-06-18 08:52 - 000192512 _____ (ComponenetOne) C:\Windows\SysWOW64\c1awk.ocx 2018-12-17 21:45 - 2003-06-12 16:47 - 001122304 _____ (ComponentOne LLC) C:\Windows\SysWOW64\todl8.ocx 2018-12-17 21:45 - 2003-06-11 16:56 - 001093632 _____ (ComponentOne LLC) C:\Windows\SysWOW64\todg8.ocx 2018-12-17 21:45 - 2003-06-11 15:03 - 000249856 _____ (ComponentOne LLC) C:\Windows\SysWOW64\todgub8.dll 2018-12-17 21:45 - 2003-06-11 13:56 - 000503808 _____ (ComponentOne LLC) C:\Windows\SysWOW64\tdbgpp8.dll 2018-12-17 21:45 - 2003-06-10 12:26 - 000192512 _____ (ComponentOne) C:\Windows\SysWOW64\vsvport8.ocx 2018-12-17 21:45 - 2003-05-10 12:32 - 000155648 _____ (Evans Programming) C:\Windows\SysWOW64\EvansFTP.ocx 2018-12-17 21:45 - 2003-05-10 12:32 - 000122880 _____ (Evans Programming) C:\Windows\SysWOW64\eFTPxf.dll 2018-12-17 21:45 - 2003-05-10 12:31 - 000045056 _____ (Evans Programming) C:\Windows\SysWOW64\epFtpThd.exe 2018-12-17 21:45 - 2003-05-10 12:30 - 000245760 _____ (Evans Programming) C:\Windows\SysWOW64\epWINet.dll 2018-12-17 21:45 - 2002-12-19 10:54 - 000200704 _____ (ComponentOne LLC) C:\Windows\SysWOW64\xadb8.ocx 2018-12-17 21:45 - 2002-10-07 23:11 - 000032768 _____ (Evans Programming) C:\Windows\SysWOW64\epPrdct.dll 2018-12-17 21:45 - 2002-07-22 15:09 - 000173784 _____ (ComponentOne ) C:\Windows\SysWOW64\VSPDF.OCX 2018-12-17 21:45 - 2002-07-22 15:08 - 000362200 _____ (ComponentOne) C:\Windows\SysWOW64\vsprint7.ocx 2018-12-17 21:45 - 2002-07-22 15:08 - 000132832 _____ ( ComponentOne) C:\Windows\SysWOW64\vsvport7.ocx 2018-12-17 21:45 - 2002-07-22 14:05 - 000030992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\~GLH0006.TMP 2018-12-17 21:45 - 2002-04-26 09:07 - 000024576 _____ (Evans Programming) C:\Windows\SysWOW64\Eperrors.dll 2018-12-17 21:45 - 2001-05-08 08:00 - 000065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\~GLH0005.TMP 2018-12-17 21:45 - 2001-05-05 14:34 - 000040960 _____ (Evans Programming) C:\Windows\SysWOW64\Epreg.dll 2018-12-17 21:45 - 2001-03-19 17:47 - 000885728 _____ (Infragistics, Inc.) C:\Windows\SysWOW64\ssdw3b32.ocx 2018-12-17 21:45 - 2001-03-19 17:47 - 000582624 _____ (Infragistics, Inc.) C:\Windows\SysWOW64\ssdw3a32.ocx 2018-12-17 21:45 - 2000-10-04 10:10 - 000045056 _____ (Evans Programming) C:\Windows\SysWOW64\Epfilwrk.dll 2018-12-17 21:45 - 2000-10-03 13:34 - 000126976 _____ (ComponenetOne) C:\Windows\SysWOW64\AwkOne.OCX 2018-12-17 21:45 - 2000-01-03 16:30 - 000069632 _____ (Inner Media, Inc.) C:\Windows\SysWOW64\dzstactx.dll 2018-12-17 21:45 - 1999-08-27 17:36 - 000061440 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\ssmedt32.dll 2018-12-17 21:45 - 1998-10-07 15:05 - 000154392 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\SPLITTER.OCX 2018-12-17 21:45 - 1998-10-07 07:53 - 000305432 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\THREED20.OCX 2018-12-17 21:45 - 1998-05-06 15:59 - 000072192 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\ssprn32.dll 2018-12-17 21:29 - 2018-12-17 21:29 - 000000000 ____D C:\ProgramData\DIAL GmbH 2018-12-16 16:38 - 2018-12-16 16:38 - 000001077 ____H C:\Users\Public\Desktop\SWF File Player.lnk 2018-12-16 16:38 - 2018-12-16 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWF File Player 2018-12-16 16:38 - 2018-12-16 16:38 - 000000000 ____D C:\Program Files (x86)\SWF File Player 2018-12-16 14:51 - 2018-12-16 14:51 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pipeflowcalculations.com 2018-12-16 14:50 - 2018-12-16 14:50 - 000000000 ____D C:\Users\hisham idris\AppData\Local\Pipe Flow Calculators 2018-12-16 14:27 - 2018-12-16 14:27 - 007940177 _____ C:\Users\hisham idris\Desktop\Excel Functions.pdf 2018-12-16 01:08 - 2018-12-16 01:08 - 000002439 _____ C:\Users\hisham idris\Desktop\HVAC DUCT DESIGN - SM TECHNO - YouTube.mp4 - Shortcut.lnk 2018-12-16 00:08 - 2018-12-16 00:08 - 000001302 _____ C:\Users\Public\Desktop\Skype.lnk 2018-12-14 02:46 - 2018-12-14 02:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-12-13 20:22 - 2018-12-13 20:22 - 000000000 ____D C:\Windows\system32\elambkup 2018-12-13 18:44 - 2018-12-13 18:44 - 000000904 ____H C:\Users\Public\Desktop\PDF to DWG Converter 2017.lnk 2018-12-13 18:44 - 2018-12-13 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG 2018-12-13 18:44 - 2018-12-13 18:44 - 000000000 ____D C:\Program Files (x86)\AutoDWG 2018-12-13 12:17 - 2018-12-13 12:17 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\AutoDWG 2018-12-13 12:13 - 2018-12-13 12:13 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\AutoP2D 2018-12-13 08:12 - 2018-12-13 08:12 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2018-12-13 08:12 - 2018-12-13 08:12 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2018-12-13 08:12 - 2018-12-13 08:12 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2018-12-13 08:12 - 2018-12-13 08:12 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2018-12-12 09:23 - 2018-10-09 15:50 - 000000000 ____D C:\AUTOFLUID10 2018-12-12 08:38 - 2018-12-12 08:38 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2018-12-11 10:44 - 2018-12-11 10:44 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01009.Wdf 2018-12-11 10:44 - 2018-12-11 10:44 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2018-12-11 10:40 - 2018-12-11 10:40 - 000002099 ____H C:\Users\Public\Desktop\Shop for HP Supplies.lnk 2018-12-11 10:40 - 2018-12-11 10:40 - 000000000 ____D C:\ProgramData\HPSSUPPLY 2018-12-11 10:40 - 2012-09-26 08:45 - 000049664 _____ C:\Windows\system32\HP1100SMs.dll 2018-12-11 10:40 - 2012-08-31 15:03 - 001696256 _____ C:\Windows\system32\HP1100SM.EXE 2018-12-11 10:40 - 2012-08-31 15:03 - 000288768 _____ C:\Windows\system32\HP1100LM.DLL 2018-12-11 10:39 - 2018-12-11 10:40 - 000000000 ____D C:\Program Files (x86)\HP 2018-12-11 10:38 - 2018-12-11 10:38 - 000000000 ____D C:\LJP1100_P1560_P1600_Full_Solution 2018-12-11 08:45 - 2018-12-11 08:45 - 000000000 ____D C:\ProgramData\Gemma ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-05 23:32 - 2017-05-17 01:39 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\DMCache 2019-01-05 23:08 - 2017-05-17 06:11 - 000000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2019-01-05 20:40 - 2017-05-05 21:08 - 000000000 ____D C:\ProgramData\Bitdefender 2019-01-05 19:57 - 2017-05-05 21:48 - 000000000 ____D C:\ProgramData\NVIDIA 2019-01-05 19:54 - 2009-07-14 07:45 - 000037216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-05 19:54 - 2009-07-14 07:45 - 000037216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-05 19:52 - 2017-05-15 20:40 - 000000000 ____D C:\Users\hisham idris\AppData\LocalLow\Mozilla 2019-01-05 19:47 - 2017-05-17 06:21 - 000000000 ___RD C:\Users\hisham idris\Dropbox 2019-01-05 19:44 - 2017-11-26 16:10 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Neptune SystemCare Ultimate 2019-01-05 19:44 - 2017-05-05 21:03 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2019-01-05 19:42 - 2017-11-26 16:51 - 000000466 _____ C:\Windows\Tasks\Neptune.job 2019-01-05 19:42 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-05 17:13 - 2017-12-13 16:31 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\WhatsApp 2019-01-05 17:13 - 2017-05-05 20:46 - 000184516 _____ C:\bdlog.txt 2019-01-05 16:16 - 2017-11-26 16:51 - 000000462 _____ C:\Windows\Tasks\Wise Turbo Checker.job 2019-01-05 16:16 - 2017-05-07 05:49 - 000000000 ____D C:\ProgramData\RevitInterProcess 2019-01-04 22:45 - 2017-05-05 21:08 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Bitdefender 2019-01-04 22:44 - 2017-05-05 20:22 - 000000000 ____D C:\Program Files\Bitdefender 2019-01-04 21:29 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2019-01-04 20:18 - 2017-05-17 02:14 - 000000000 ____D C:\Users\hisham idris\.smplayer 2019-01-04 19:17 - 2018-08-13 14:14 - 000000000 ____D C:\Users\hisham idris\AppData\Local\CrashDumps 2019-01-04 18:31 - 2018-08-24 01:46 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\qBittorrent 2019-01-04 12:20 - 2017-08-08 05:11 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-01-04 12:20 - 2017-05-12 23:25 - 000000000 ____D C:\Program Files\Microsoft Office 2019-01-04 12:20 - 2009-07-14 06:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2019-01-04 10:52 - 2017-05-20 20:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-01-02 16:50 - 2017-05-06 23:06 - 002154194 _____ C:\Windows\system32\perfh001.dat 2019-01-02 16:50 - 2017-05-06 23:06 - 001736714 _____ C:\Windows\system32\perfh00C.dat 2019-01-02 16:50 - 2017-05-06 23:06 - 000717690 _____ C:\Windows\system32\perfc00C.dat 2019-01-02 16:50 - 2017-05-06 23:06 - 000692548 _____ C:\Windows\system32\perfc001.dat 2019-01-02 16:50 - 2009-07-14 08:13 - 000006688 _____ C:\Windows\system32\PerfStringBackup.INI 2019-01-02 16:49 - 2018-09-26 05:49 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\TeraCopy 2019-01-02 12:01 - 2018-09-04 18:25 - 000000000 ____D C:\Users\hisham idris\Documents\TechniSolve 2019-01-02 11:45 - 2017-08-09 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechniSolve 2019-01-02 11:45 - 2017-08-09 23:13 - 000000000 ____D C:\Program Files (x86)\TechniSolve 2018-12-31 16:08 - 2017-08-08 05:05 - 000000000 __RHD C:\MSOCache 2018-12-29 18:16 - 2017-05-17 01:39 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager 2018-12-28 15:12 - 2017-08-27 08:05 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\shamela 2018-12-28 15:12 - 2017-08-27 07:57 - 000000000 ____D C:\shamela_arrawdah 2018-12-28 13:03 - 2017-05-17 01:39 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\IDM 2018-12-23 12:46 - 2017-12-10 14:07 - 000001005 ____H C:\Users\hisham idris\Desktop\Internet Download Manager.lnk 2018-12-22 16:34 - 2017-05-05 22:32 - 000000000 ____D C:\Users\hisham idris\AppData\Local\Autodesk 2018-12-22 16:34 - 2017-05-05 22:18 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Autodesk 2018-12-22 04:09 - 2017-12-13 16:31 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2018-12-22 04:08 - 2018-07-19 00:08 - 000000000 ____D C:\Users\hisham idris\AppData\Local\WhatsApp 2018-12-22 04:04 - 2017-12-13 16:30 - 000000000 ____D C:\Users\hisham idris\AppData\Local\SquirrelTemp 2018-12-21 18:51 - 2018-11-12 21:38 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Confidential 2018-12-21 17:42 - 2017-08-15 01:38 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\vlc 2018-12-21 14:37 - 2017-05-05 22:25 - 000000000 ____D C:\ProgramData\Package Cache 2018-12-21 14:32 - 2018-11-12 21:43 - 000000009 _____ C:\Users\hisham idris\AppData\Roaming\tabbles_hwnd_quick_link 2018-12-21 14:32 - 2018-11-12 21:43 - 000000009 _____ C:\Users\hisham idris\AppData\Roaming\tabbles_hwnd_main 2018-12-20 09:02 - 2018-10-23 13:37 - 000000000 ___RD C:\Users\hisham idris\OneDrive 2018-12-20 09:02 - 2018-03-31 20:01 - 000003198 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-46804314-439942413-2531280242-1000 2018-12-20 09:02 - 2017-05-17 06:15 - 000002179 _____ C:\Users\hisham idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2018-12-20 08:56 - 2017-07-05 17:49 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-12-20 08:56 - 2017-07-05 17:49 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-12-20 08:44 - 2017-05-05 21:01 - 000000000 ____D C:\Program Files\Bitdefender Agent 2018-12-19 00:24 - 2017-05-07 01:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2018-12-19 00:24 - 2017-05-07 01:50 - 000000000 ____D C:\ProgramData\Ashampoo 2018-12-18 18:25 - 2018-07-26 02:10 - 000000000 ____D C:\Users\hisham idris\AppData\Local\NVIDIA Corporation 2018-12-16 16:35 - 2017-07-22 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elite Software 2018-12-16 16:35 - 2009-07-14 05:34 - 000000877 _____ C:\Windows\win.ini 2018-12-16 00:08 - 2017-05-15 20:08 - 000000000 ____D C:\Users\hisham idris\AppData\Roaming\Skype 2018-12-16 00:08 - 2017-05-15 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-12-15 18:53 - 2018-08-13 13:56 - 000001072 ____H C:\Users\hisham idris\Desktop\PDF to X.lnk 2018-12-15 18:49 - 2017-08-09 23:23 - 000000000 ___HD C:\Users\hisham idris\Desktop\ductsizer 2018-12-15 17:46 - 2017-12-10 14:10 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-12-15 17:46 - 2017-05-15 20:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-12-14 14:22 - 2017-07-22 10:33 - 000000000 ____D C:\Users\hisham idris\AppData\LocalLow\Adobe 2018-12-14 14:22 - 2017-06-24 07:53 - 000000000 ____D C:\Users\hisham idris\AppData\Local\Adobe 2018-12-14 14:11 - 2017-06-24 07:51 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-12-14 02:47 - 2017-05-17 06:11 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-12-13 18:44 - 2017-07-07 15:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-12-13 05:30 - 2017-07-05 17:50 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-12-11 10:44 - 2017-08-15 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2018-12-11 10:39 - 2017-08-15 09:21 - 000000000 ____D C:\Program Files\HP 2018-12-11 01:04 - 2010-11-21 06:27 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2018-12-10 12:24 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF 2018-12-10 08:50 - 2017-05-15 20:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2018-12-06 05:11 - 2017-12-13 16:31 - 000002225 ____H C:\Users\hisham idris\Desktop\WhatsApp.lnk ==================== Files in the root of some directories ======= 2018-09-03 18:51 - 2005-03-05 18:37 - 000061440 _____ (Tamerz.Net) C:\Program Files (x86)\Frictial 1.1.exe 2018-11-12 21:43 - 2018-12-21 14:32 - 000000009 _____ () C:\Users\hisham idris\AppData\Roaming\tabbles_hwnd_main 2018-11-12 21:43 - 2018-12-21 14:32 - 000000009 _____ () C:\Users\hisham idris\AppData\Roaming\tabbles_hwnd_quick_link 2017-05-20 23:33 - 2017-05-20 23:33 - 000000000 _____ () C:\Users\hisham idris\AppData\Local\Temptable.xml Some files in TEMP: ==================== 2019-01-04 22:16 - 2018-01-11 00:58 - 000025432 _____ (Autodesk, Inc.) C:\Users\hisham idris\AppData\Local\Temp\AcDeltree.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-01-05 10:34 ==================== End of FRST.txt ============================