Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Remove Smart Screen infection due to Resource in use error


  • This topic is locked This topic is locked
18 replies to this topic

#1 bill2507733

bill2507733

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 29 April 2017 - 07:33 PM

 
Hello All,
 
I did something really stupid and ran somefiles that I should have known were infected. I've got the typical adware/spyware symptoms such as the google redirects. However, i cant run any antimalware due to the SmartScreen process. I cannot even enter advanced startup options.  Ive posted my frst log here, and would really appreciate some help. 
 
I am on 64bit windows 10. 
 
Thank you!
 
 
FRST LOG
____________________________________________________________________________________________________________________
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Bilal (administrator) on BILAL-SURFACE (29-04-2017 20:17:43)
Running from C:\Users\Bilal\Downloads
Loaded Profiles: Bilal &  (Available Profiles: Bilal)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Users\Bilal\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Windows\System32\tprdpw32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(JetBrains) C:\Users\Bilal\AppData\Local\JetBrains\Toolbox\bin\jetbrains-toolbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ClipX\clipx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bilal\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(winscr) C:\Users\Bilal\AppData\Local\ntuserlitelist\winscr\winscr.exe
() C:\Users\Bilal\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Bilal\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corp.) C:\Users\Bilal\Downloads\cows.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bilal\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bilal\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Bilal\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-11-30] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [224600 2014-03-24] (SecureW2 B.V.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28344536 2017-04-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [cpx] => "C:\Users\Bilal\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Bilal\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKU\S-1-5-21-3662434705-292330180-2919207271-1001\...\Run: [JetBrains Toolbox] => C:\Users\Bilal\AppData\Local\JetBrains\Toolbox\bin\jetbrains-toolbox.exe [2749632 2017-03-16] (JetBrains)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001\...\Run: [GoogleChromeAutoLaunch_67DEBAD8C6D90901D7D3E662054FAEB3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1144664 2017-04-19] (Google Inc.)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001\...\MountPoints2: {540ef3df-2454-11e7-bc97-60029242b52a} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-3662434705-292330180-2919207271-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [JetBrains Toolbox] => C:\Users\Bilal\AppData\Local\JetBrains\Toolbox\bin\jetbrains-toolbox.exe [2749632 2017-03-16] (JetBrains)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_67DEBAD8C6D90901D7D3E662054FAEB3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1144664 2017-04-19] (Google Inc.)
HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {540ef3df-2454-11e7-bc97-60029242b52a} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-04-21]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-04-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{624b2ffd-429f-41c9-af58-1ae02d9a90e1}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3662434705-292330180-2919207271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=H4Tzamobl20603AU,dae3e90c-adea-426d-9d2e-ee5a67c46fbd,&vp=ch&prd=set_ie
HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=H4Tzamobl20603AU,dae3e90c-adea-426d-9d2e-ee5a67c46fbd,&vp=ch&prd=set_ie
SearchScopes: HKU\S-1-5-21-3662434705-292330180-2919207271-1001 -> {D2CAC06E-6FDF-444D-A35A-DD4199D9988C} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H4Tzamobl20603AU,dae3e90c-adea-426d-9d2e-ee5a67c46fbd,
SearchScopes: HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D2CAC06E-6FDF-444D-A35A-DD4199D9988C} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H4Tzamobl20603AU,dae3e90c-adea-426d-9d2e-ee5a67c46fbd,
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-29] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-29] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-29] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-29] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5s2llwzn.default
FF ProfilePath: C:\Users\Bilal\AppData\Roaming\Zotero\Zotero\Profiles\5s2llwzn.default [2017-04-29]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2017-04-29] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2017-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-25]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Development\JRE\bin\dtplugin\npDeployJava1.dll [2017-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Development\JRE\bin\plugin2\npjp2.dll [2017-04-16] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=H4Tzamobl20603AU,dae3e90c-adea-426d-9d2e-ee5a67c46fbd,&vp=ch&prd=set_ch
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default [2017-04-29]
CHR Extension: (Google Translate) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-04-16]
CHR Extension: (Google Slides) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-16]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2017-04-16]
CHR Extension: (Google Docs) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-16]
CHR Extension: (Google Drive) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-16]
CHR Extension: (QR-Code Tag Extension) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfddoencoiedfjgepnlhcpfikgaogdg [2017-04-16]
CHR Extension: (YouTube) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-16]
CHR Extension: (Honey) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-04-29]
CHR Extension: (Adblock Plus) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-16]
CHR Extension: (TypingWeb Typing Tutor) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcgempicojkfhpnepfecmklndooebjk [2017-04-16]
CHR Extension: (Google News) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2017-04-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-16]
CHR Extension: (Tabs Outliner) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-04-16]
CHR Extension: (Google Calendar) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-04-16]
CHR Extension: (Zotero Connector) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2017-04-29]
CHR Extension: (Google Play Music) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-04-29]
CHR Extension: (Google Sheets) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-16]
CHR Extension: (LibX for Google Chrome ™) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffkfoaiikoedjcjlpnnaidojhfchiafk [2017-04-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-04-16]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-04-16]
CHR Extension: (Google Docs Offline) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-16]
CHR Extension: (Wolfram
Alpha (Official)) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-04-16]
CHR Extension: (Google Play Music) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-04-16]
CHR Extension: (Coursera Materials Downloader) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijkboagofaehocnjacacdhdcbbcpilih [2017-04-16]
CHR Extension: (Occupy The Bookstore: Compare Textbook Prices) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipheiokfflghncbmedblogighkbongmo [2017-04-16]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-04-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-04-16]
CHR Extension: (Google Hangouts) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-04-16]
CHR Extension: (StayFocusd) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2017-04-16]
CHR Extension: (Google Scholar Button) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2017-04-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-16]
CHR Extension: (Google Maps) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-04-16]
CHR Extension: (Graph.tk) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2017-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-16]
CHR Extension: (Gmail) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR HKU\S-1-5-21-3662434705-292330180-2919207271-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3662434705-292330180-2919207271-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-04-21] (Microsoft Corporation)
R2 Dataup; C:\Users\Bilal\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-29] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-04-26] (Dropbox, Inc.)
S3 debugregsvc; C:\WINDOWS\System32\debugregsvc.dll [74752 2017-03-17] (Microsoft Corporation)
S3 DeveloperToolsService; C:\WINDOWS\System32\DeveloperToolsSvc.exe [103936 2017-03-17] (Microsoft Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2017-01-09] (Intel Corporation)
S3 LxssManager; C:\WINDOWS\system32\lxss\LxssManager.dll [357888 2017-04-16] (Microsoft Corporation)
S2 MaskitService; C:\Program Files (x86)\Maskit\MaskitService.exe [93696 2017-04-25] (Digital Action Consulting LTD) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [2989056 2017-04-29] (Search Module Ltd.) [File not signed] <==== ATTENTION
S3 SshBroker; C:\WINDOWS\System32\SshBroker.dll [373760 2017-03-17] (Microsoft Corporation)
S3 SshProxy; C:\WINDOWS\System32\SshProxy.dll [266240 2017-03-17] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S4 WebManagement; C:\WINDOWS\system32\WebManagement.exe [1034240 2017-03-17] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Bilal\AppData\Local\ububzfgt\ct.exe [947200 2017-03-29] (Google Inc.) [File not signed] <==== ATTENTION
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows ® Win 7 DDK provider) [File not signed]
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [24568 2015-09-19] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [99320 2015-09-19] (Intel Corporation)
R0 lxss; C:\WINDOWS\System32\drivers\lxss.sys [17312 2017-04-16] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [194776 2017-04-29] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [100312 2015-09-19] (Intel Corporation)
R3 mrvlpcie8897; C:\WINDOWS\System32\drivers\mrvlpcie8897.sys [1036288 2017-03-18] (Marvell Semiconductors Inc.)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [414448 2015-09-19] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-04-29] ()
R3 SurfaceAccessoryDevice; C:\WINDOWS\System32\drivers\SurfaceAccessoryDevice.sys [60568 2015-09-19] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\WINDOWS\System32\drivers\SurfaceCapacitiveHomeButton.sys [52864 2015-09-19] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\WINDOWS\System32\drivers\SurfaceDisplayCalibration.sys [50328 2015-09-19] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\WINDOWS\System32\drivers\SurfaceIntegrationDriver.sys [58488 2015-09-19] (Microsoft Corporation)
R0 SurfacePciController; C:\WINDOWS\System32\drivers\SurfacePciController.sys [35440 2015-09-19] (Microsoft Corporation)
R3 SurfacePenDriver; C:\WINDOWS\System32\drivers\SurfacePenDriver.sys [115600 2017-03-07] (Microsoft Corporation)
S3 SurfaceSoftwareServicing; C:\WINDOWS\System32\drivers\SurfaceSoftwareServicingDriver.sys [33544 2015-09-19] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\WINDOWS\System32\drivers\SurfaceTypeCover.sys [58896 2015-09-19] (Microsoft Corporation)
S3 SurfaceTypeCoverV3Integration; C:\WINDOWS\System32\drivers\SurfaceTypeCoverV3Integration.sys [44072 2015-09-19] (Microsoft Corporation)
R3 TrueColor; C:\WINDOWS\system32\DRIVERS\TrueColor.sys [44664 2015-09-19] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: LxssManager -> C:\Windows\system32\lxss\LxssManager.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-29 22:52 - 2017-04-29 22:56 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-04-29 20:17 - 2017-04-29 20:18 - 00032517 _____ C:\Users\Bilal\Downloads\FRST.txt
2017-04-29 20:16 - 2017-04-29 20:17 - 00000000 ____D C:\FRST
2017-04-29 20:12 - 2017-04-29 20:12 - 02427392 _____ (Farbar) C:\Users\Bilal\Downloads\FRST64.exe
2017-04-29 20:09 - 2017-04-29 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-29 20:09 - 2017-04-29 20:09 - 00194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-29 20:09 - 2017-04-29 20:09 - 00000000 ____D C:\Users\Bilal\Desktop\mbar
2017-04-29 20:09 - 2017-04-29 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-29 20:08 - 2017-04-29 20:09 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Bilal\Downloads\cows.exe
2017-04-29 20:08 - 2017-04-29 20:08 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Bilal\Downloads\mbar-1.09.4.1001.exe
2017-04-29 20:01 - 2017-04-29 20:01 - 05766464 _____ (Zemana Ltd. ) C:\Users\Bilal\Downloads\dropbox.exe
2017-04-29 20:00 - 2017-04-29 20:01 - 05766464 _____ (Zemana Ltd. ) C:\Users\Bilal\Downloads\eXplorer.exe
2017-04-29 19:57 - 2017-04-29 19:44 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bilal\Downloads\WiNlOgOn - Copy.exe
2017-04-29 19:49 - 2017-04-29 19:49 - 00686544 _____ (Malwarebytes) C:\Users\Bilal\Downloads\jjnknbkjbn.exe
2017-04-29 19:47 - 2017-04-29 19:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bilal\Downloads\jhbvhjbvhj.exe
2017-04-29 19:43 - 2017-04-29 19:44 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bilal\Downloads\WiNlOgOn.exe
2017-04-29 19:43 - 2017-04-29 19:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bilal\Downloads\hyuggytfgvhucvfytf.exe
2017-04-29 19:31 - 2017-04-29 19:32 - 00000000 ____D C:\Users\Bilal\Downloads\rkill
2017-04-29 19:19 - 2017-04-29 19:19 - 00912452 _____ C:\Users\Bilal\Downloads\rkill.zip
2017-04-29 19:17 - 2017-04-29 19:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bilal\Downloads\iExplore.exe
2017-04-29 19:15 - 2017-04-29 19:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bilal\Downloads\chrome.exe
2017-04-29 19:12 - 2017-04-29 19:12 - 00000000 ____D C:\Users\Bilal\AppData\Local\ElevatedDiagnostics
2017-04-29 19:08 - 2017-04-29 19:08 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-29 18:59 - 2017-04-29 18:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Bilal\Downloads\chrmetester.exe
2017-04-29 18:57 - 2017-04-29 18:58 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Bilal\Downloads\mbar-1.09.3.1001.exe
2017-04-29 18:46 - 2017-04-29 19:18 - 00000000 ____D C:\Users\Bilal\AppData\Local\llssoft
2017-04-29 18:45 - 2017-04-29 19:58 - 00000000 ____D C:\Users\Bilal\AppData\Local\ntuserlitelist
2017-04-29 18:42 - 2017-04-29 18:43 - 60107896 _____ (Malwarebytes ) C:\Users\Bilal\Downloads\tst.exe
2017-04-29 18:41 - 2017-04-29 18:41 - 00004410 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_31323332333538332d5737325a786c5a3237344541
2017-04-29 18:41 - 2017-04-29 18:41 - 00000000 ____D C:\ProgramData\SearchModule
2017-04-29 18:40 - 2017-04-29 18:40 - 00348672 _____ C:\ProgramData\smp2.exe
2017-04-29 18:40 - 2017-04-29 18:40 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-04-29 18:40 - 2017-04-29 18:40 - 00004256 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-04-29 18:40 - 2017-04-29 18:40 - 00002942 _____ C:\WINDOWS\System32\Tasks\MaskitAutorun
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____H C:\WINDOWS\system32\BIT6DDD.tmp
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\c
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____D C:\Users\Bilal\AppData\Local\ububzfgt
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____D C:\Users\Bilal\AppData\Local\fxaqzufg
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____D C:\ProgramData\VideoMemoryDiagnostic
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____D C:\Program Files (x86)\s5
2017-04-29 18:40 - 2017-04-29 18:40 - 00000000 ____D C:\Program Files (x86)\Maskit
2017-04-29 18:40 - 2017-04-27 16:36 - 00000195 _____ C:\Users\Bilal\Desktop\Download Video and Audio Online.url
2017-04-29 18:39 - 2017-04-29 18:39 - 02403520 _____ (BitTorrent Inc.) C:\Users\Bilal\Downloads\SnapGene.torrent
2017-04-29 18:38 - 2017-04-29 18:38 - 07390256 _____ (Disc Soft Ltd) C:\Users\Bilal\Downloads\SnapGene.exe
2017-04-29 18:36 - 2017-04-29 18:36 - 00011119 _____ C:\Users\Bilal\Downloads\SnapGene.exe.htm
2017-04-29 18:31 - 2017-04-29 18:31 - 00000000 ____D C:\Users\Bilal\Downloads\vectors
2017-04-29 18:30 - 2017-04-29 18:30 - 00131335 _____ C:\Users\Bilal\Downloads\vectors.zip
2017-04-29 18:16 - 2017-04-29 18:16 - 00000000 ____D C:\Users\Bilal\Downloads\SnapGene 3.3.0 Win
2017-04-29 18:00 - 2017-04-29 18:02 - 34918998 _____ C:\Users\Bilal\Downloads\SnapGene 3.3.0 Win.zip
2017-04-29 17:57 - 2017-04-29 19:55 - 00000000 ___RD C:\Users\Bilal\Dropbox
2017-04-29 17:57 - 2017-04-29 17:57 - 00001306 _____ C:\Users\Bilal\Desktop\Dropbox.lnk
2017-04-29 17:56 - 2017-04-29 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-29 17:55 - 2017-04-29 17:55 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Dropbox
2017-04-29 17:54 - 2017-04-29 18:57 - 00000000 ____D C:\Users\Bilal\AppData\Local\Dropbox
2017-04-29 17:54 - 2017-04-29 18:56 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-29 17:54 - 2017-04-29 18:56 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-29 17:54 - 2017-04-29 17:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-29 17:54 - 2017-04-29 17:54 - 00690080 _____ (Dropbox, Inc.) C:\Users\Bilal\Downloads\DropboxInstaller.exe
2017-04-29 17:54 - 2017-04-29 17:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-04-29 17:54 - 2017-04-29 17:54 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-04-29 17:54 - 2017-04-29 17:54 - 00000000 ____D C:\ProgramData\Dropbox
2017-04-29 17:46 - 2017-04-29 17:47 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\FlowJo10
2017-04-29 17:46 - 2017-04-29 17:46 - 00000000 ____D C:\Users\Bilal\flowjoInit
2017-04-29 17:46 - 2017-04-29 17:46 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\fltk.org
2017-04-29 17:46 - 2017-04-29 17:46 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\FlowJo X
2017-04-29 17:46 - 2017-04-29 17:46 - 00000000 ____D C:\Users\Bilal\.swt
2017-04-29 17:46 - 2017-04-29 17:46 - 00000000 ____D C:\ProgramData\fltk.org
2017-04-29 17:44 - 2017-04-29 17:46 - 00000000 ____D C:\Program Files\FlowJo VX
2017-04-29 17:44 - 2017-04-29 17:45 - 00000000 ___HD C:\Program Files\Zero G Registry
2017-04-29 17:44 - 2017-04-29 17:45 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlowJo VX
2017-04-29 17:43 - 2017-04-29 17:43 - 00000000 ___HD C:\Users\Bilal\InstallAnywhere
2017-04-29 17:42 - 2017-04-29 17:42 - 00000000 ____D C:\Users\Bilal\Downloads\FlowJo VX
2017-04-29 17:42 - 2017-04-14 14:57 - 133670030 _____ C:\Users\Bilal\Downloads\FlowJo VX.7z
2017-04-29 16:50 - 2017-04-29 16:50 - 05681092 _____ C:\Users\Bilal\Downloads\annurev-biochem-060210-093619.pdf
2017-04-29 16:45 - 2017-04-29 16:45 - 01374965 _____ C:\Users\Bilal\Downloads\nsmb.2780.pdf
2017-04-29 16:02 - 2017-04-29 16:02 - 00001172 _____ C:\Users\Bilal\Downloads\My Library.bib
2017-04-29 16:00 - 2017-04-29 16:00 - 00001148 _____ C:\Users\Bilal\Downloads\pmcid-PMC3587009.ris
2017-04-29 15:58 - 2017-04-29 15:58 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Zotero
2017-04-29 15:58 - 2017-04-29 15:58 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Mozilla
2017-04-29 15:58 - 2017-04-29 15:58 - 00000000 ____D C:\Users\Bilal\AppData\Local\Zotero
2017-04-29 15:57 - 2017-04-29 15:57 - 00001247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2017-04-29 15:57 - 2017-04-29 15:57 - 00001235 _____ C:\Users\Public\Desktop\Zotero Standalone.lnk
2017-04-29 15:57 - 2017-04-29 15:57 - 00000000 ____D C:\Program Files (x86)\Zotero Standalone
2017-04-29 15:56 - 2017-04-29 15:56 - 39323128 _____ (Mozilla) C:\Users\Bilal\Downloads\Zotero-4.0.29.17_setup.exe
2017-04-29 15:54 - 2017-04-29 15:55 - 92912640 _____ C:\Users\Bilal\Downloads\ENX8Inst.msi
2017-04-29 15:54 - 2017-04-29 15:54 - 00000764 _____ C:\Users\Bilal\Downloads\License.dat
2017-04-29 03:29 - 2017-04-29 03:29 - 00000000 ____D C:\Users\Bilal\AppData\LocalLow\Sun
2017-04-29 02:26 - 2017-04-29 02:26 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Google
2017-04-28 08:48 - 2017-04-28 08:48 - 08408433 _____ C:\Users\Bilal\Downloads\GIGABYTE+AM4+Overclocking+Guide+.pdf
2017-04-28 08:48 - 2017-04-28 08:48 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\PDAppFlex
2017-04-27 21:41 - 2017-04-27 21:41 - 00000000 ____D C:\Users\Bilal\AppData\Local\lxss
2017-04-27 11:37 - 2017-04-27 11:37 - 00488158 _____ C:\Users\Bilal\Documents\Purchase Request_ 031434.pdf
2017-04-26 14:02 - 2017-04-26 14:02 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-04-21 15:53 - 2017-04-29 18:31 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\GSLBiotech
2017-04-21 15:52 - 2017-04-21 15:52 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\SnapGene
2017-04-21 15:52 - 2017-04-21 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnapGene
2017-04-21 15:52 - 2017-04-21 15:52 - 00000000 ____D C:\Program Files (x86)\SnapGene
2017-04-21 15:51 - 2017-04-21 15:51 - 34943768 _____ (GSL Biotech LLC) C:\Users\Bilal\Downloads\snapgene_3.3.3_win.exe
2017-04-21 12:28 - 2017-04-21 12:28 - 00000000 ____D C:\Users\Bilal\AppData\Local\EvernoteNW
2017-04-21 12:22 - 2017-04-21 12:26 - 00000000 ____D C:\Users\Bilal\Evernote
2017-04-21 12:13 - 2017-04-21 12:13 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2017-04-21 12:13 - 2017-04-21 12:13 - 00000000 ____D C:\Users\Bilal\AppData\LocalLow\Evernote
2017-04-21 12:13 - 2017-04-21 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-04-21 12:13 - 2017-04-21 12:13 - 00000000 ____D C:\Program Files (x86)\Evernote
2017-04-21 12:11 - 2017-04-21 12:11 - 102568832 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Bilal\Downloads\evernote.exe
2017-04-20 14:50 - 2017-04-20 14:50 - 17052160 _____ C:\Users\Bilal\Downloads\Lecture+23++2017.ppt
2017-04-20 13:54 - 2017-04-20 13:54 - 00006560 _____ C:\Users\Bilal\Downloads\resume.tex
2017-04-20 12:31 - 2017-04-20 12:31 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\MiKTeX
2017-04-19 20:53 - 2017-04-19 20:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-19 20:13 - 2017-04-19 20:53 - 00034977 _____ C:\Users\Bilal\Desktop\Book1.xlsxLabData.xlsx
2017-04-19 20:13 - 2017-04-19 20:26 - 00000165 ____H C:\Users\Bilal\Desktop\~$Book1.xlsxLabData.xlsx
2017-04-19 20:13 - 2017-04-19 20:13 - 00000000 ____D C:\Users\Bilal\Documents\Custom Office Templates
2017-04-18 14:33 - 2017-04-18 14:33 - 00000000 ____D C:\Users\Bilal\Documents\OneNote Notebooks
2017-04-18 12:03 - 2017-04-18 12:03 - 00000000 ____D C:\Users\Bilal\AppData\Local\CEF
2017-04-18 11:12 - 2017-04-18 11:12 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-04-18 11:12 - 2017-04-18 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-18 11:11 - 2017-04-18 11:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-04-18 10:48 - 2017-04-18 10:48 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
2017-04-18 10:48 - 2017-04-18 10:48 - 00000000 ____D C:\Users\Bilal\AppData\Local\DBG
2017-04-16 14:56 - 2017-04-18 10:48 - 00003230 _____ C:\WINDOWS\System32\Tasks\SecureW2 Task
2017-04-16 14:56 - 2017-04-18 10:48 - 00000000 ____D C:\Program Files (x86)\SecureW2
2017-04-16 14:55 - 2017-04-16 14:56 - 01664896 _____ C:\Users\Bilal\Downloads\Athens.exe
2017-04-16 14:55 - 2017-04-16 14:55 - 01739880 _____ C:\Users\Bilal\Downloads\WiFi_Columbia_University_Wrapper.exe
2017-04-16 14:50 - 2017-04-18 14:48 - 00000000 ____D C:\Users\Bilal\AppData\LocalLow\Adobe
2017-04-16 14:47 - 2017-04-28 08:48 - 00000000 ____D C:\Users\Bilal\AppData\Local\Adobe
2017-04-16 14:47 - 2017-04-28 08:48 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-16 14:47 - 2017-04-25 14:47 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-16 14:46 - 2017-04-25 14:47 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-04-16 14:46 - 2017-04-25 14:47 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-04-16 14:46 - 2017-04-16 14:50 - 00000000 ____D C:\ProgramData\Adobe
2017-04-16 14:46 - 2017-04-16 14:46 - 00002098 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2017-04-16 14:46 - 2017-04-16 14:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-16 14:43 - 2017-04-16 14:44 - 00000000 ____D C:\Users\Bilal\Desktop\Adobe Acrobat
2017-04-16 14:02 - 2017-04-16 14:42 - 00000000 ____D C:\Users\Bilal\Downloads\Adobe Acrobat Pro DC 2015.010.20060 Multilingual Incl Patch-=TEAM OS=-
2017-04-16 14:01 - 2017-04-29 18:52 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\qBittorrent
2017-04-16 14:01 - 2017-04-16 14:01 - 00000000 ____D C:\Users\Bilal\AppData\Local\qBittorrent
2017-04-16 13:50 - 2017-04-16 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-04-16 13:50 - 2017-04-16 13:50 - 00000000 ____D C:\Program Files\qBittorrent
2017-04-16 13:48 - 2017-04-16 13:48 - 19741271 _____ (The qBittorrent project) C:\Users\Bilal\Downloads\qbittorrent_3.3.12_x64_setup.exe
2017-04-16 06:02 - 2017-04-27 21:03 - 00000000 ____D C:\Windows.old
2017-04-16 06:02 - 2017-04-16 06:02 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 23675392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 11869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 08319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-16 06:02 - 2017-04-16 06:02 - 08247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 06756920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-16 06:02 - 2017-04-16 06:02 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-16 06:02 - 2017-04-16 06:02 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-16 06:02 - 2017-04-16 06:02 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-16 06:02 - 2017-04-16 06:02 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-16 06:02 - 2017-04-16 06:02 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-16 06:02 - 2017-04-16 06:02 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-16 06:02 - 2017-04-16 06:02 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-16 06:02 - 2017-04-16 06:02 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-16 06:02 - 2017-04-16 06:02 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-16 06:02 - 2017-04-16 06:02 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00205728 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-16 06:02 - 2017-04-16 06:02 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-16 06:02 - 2017-04-16 06:02 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-16 06:01 - 2017-04-16 06:01 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-16 06:01 - 2017-04-16 06:01 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-16 05:57 - 2017-04-16 05:57 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-16 05:56 - 2015-09-19 05:38 - 00058488 ____R (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SurfaceIntegrationDriver.sys
2017-04-16 05:56 - 2015-09-19 05:37 - 00100312 ____R (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-04-16 04:17 - 2017-04-16 04:17 - 00000000 _SHDL C:\Documents and Settings
2017-04-16 04:15 - 2017-04-16 04:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsHid_02_15_00.Wdf
2017-04-16 04:15 - 2017-04-16 04:15 - 00000000 ____D C:\Intel
2017-04-16 04:15 - 2015-10-05 20:10 - 01046536 _____ (Marvell Semiconductors Inc.) C:\WINDOWS\system32\Drivers\SET2630.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 30404056 _____ (Intel Corporation) C:\WINDOWS\system32\SET8FE6.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 13727296 _____ (Intel Corporation) C:\WINDOWS\system32\SET88AF.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 06389688 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\SET8590.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 06305696 _____ (Intel Corporation) C:\WINDOWS\system32\SET9B79.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 04498432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\SET3C78.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 02931416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\SET3CE7.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 02461528 _____ (Dolby Laboratories) C:\WINDOWS\system32\SET403C.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 00518248 ____R (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2017-04-16 04:15 - 2015-09-19 05:38 - 00331808 ____R (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll
2017-04-16 04:15 - 2015-09-19 05:38 - 00313888 ____R (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2017-04-16 04:15 - 2015-09-19 05:38 - 00282216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\SETB30C.tmp
2017-04-16 04:15 - 2015-09-19 05:38 - 00206848 ____R (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4256.dll
2017-04-16 04:15 - 2015-09-19 05:38 - 00184832 ____R (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\MicRotateAPO.dll
2017-04-16 04:15 - 2015-09-19 05:38 - 00143904 ____R (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2017-04-16 04:14 - 2017-04-16 04:14 - 00000000 ___HD C:\$SysReset
2017-04-16 04:12 - 2017-04-16 04:14 - 00000000 _____ C:\Recovery.txt
2017-04-16 02:44 - 2017-04-21 12:53 - 00000000 ___SD C:\WINDOWS\system32\lxss
2017-04-16 02:44 - 2017-04-16 02:44 - 00000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2017-04-16 02:44 - 2017-04-16 02:44 - 00000000 ___RD C:\WINDOWS\WebManagement
2017-04-16 02:32 - 2017-04-16 02:32 - 00000432 __RSH C:\Users\Bilal\ntuser.pol
2017-04-16 02:32 - 2017-03-18 08:48 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2017-04-16 02:32 - 2017-03-17 22:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2017-04-16 02:32 - 2017-03-17 22:00 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2017-04-16 02:32 - 2017-03-17 21:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2017-04-16 02:32 - 2017-03-17 21:59 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2017-04-16 02:32 - 2017-03-17 21:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2017-04-16 02:32 - 2017-03-17 21:57 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2017-04-16 02:32 - 2017-03-17 21:56 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2017-04-16 02:32 - 2017-03-17 21:56 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2017-04-16 02:32 - 2017-03-17 21:56 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2017-04-16 02:32 - 2017-03-17 21:55 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2017-04-16 02:32 - 2017-03-17 21:53 - 01034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2017-04-16 02:32 - 2017-03-17 21:53 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2017-04-16 02:29 - 2017-04-29 15:49 - 00000000 ____D C:\Users\Bilal\AppData\Local\PackageStaging
2017-04-16 02:13 - 2017-04-16 02:13 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-16 02:12 - 2017-04-16 13:06 - 00000000 ____D C:\Users\Bilal\AppData\Local\ConnectedDevicesPlatform
2017-04-16 02:12 - 2017-04-16 02:12 - 00000020 ___SH C:\Users\Bilal\ntuser.ini
2017-04-16 02:12 - 2017-04-16 02:12 - 00000000 ____D C:\ProgramData\USOShared
2017-04-16 02:11 - 2017-04-16 02:11 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-16 02:10 - 2017-04-16 02:10 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-04-16 02:10 - 2017-04-16 02:10 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-04-16 02:09 - 2017-04-29 19:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 02:09 - 2017-04-28 08:31 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-16 02:09 - 2017-04-28 08:31 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-16 02:09 - 2017-04-16 02:09 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-16 02:07 - 2017-04-16 02:07 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-16 02:06 - 2017-04-16 02:08 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-16 02:06 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-16 02:05 - 2017-04-29 17:57 - 00000000 ____D C:\Users\Bilal
2017-04-16 02:05 - 2017-04-16 02:05 - 00000000 _SHDL C:\Users\Bilal\My Documents
2017-04-16 02:05 - 2017-04-16 02:05 - 00000000 _SHDL C:\Users\Bilal\Documents\My Videos
2017-04-16 02:05 - 2017-04-16 02:05 - 00000000 _SHDL C:\Users\Bilal\Documents\My Pictures
2017-04-16 02:05 - 2017-04-16 02:05 - 00000000 _SHDL C:\Users\Bilal\Documents\My Music
2017-04-16 02:04 - 2017-04-29 19:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TrueColor_01011.Wdf
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SurfacePenDriver_01011.Wdf
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____D C:\WINDOWS\SysWOW64\TrueColor5.2
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____D C:\WINDOWS\system32\TrueColor5.2
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____D C:\WINDOWS\Firmware
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 ____D C:\Program Files\Intel
2017-04-16 02:04 - 2017-04-16 02:04 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-04-16 02:04 - 2017-01-09 22:59 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-04-16 02:04 - 2015-09-19 05:38 - 00035440 ____R (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SurfacePciController.sys
2017-04-16 02:03 - 2017-04-29 19:53 - 00402304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 02:03 - 2017-04-29 15:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-16 02:03 - 2017-04-16 02:03 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-16 01:40 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2017-04-16 01:39 - 2017-04-16 01:39 - 00000000 ____D C:\Users\Bilal\AppData\Local\MiKTeX
2017-04-16 01:39 - 2017-04-16 01:39 - 00000000 ____D C:\ProgramData\MiKTeX
2017-04-16 01:33 - 2017-04-07 18:06 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-16 01:31 - 2017-04-16 01:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-16 01:30 - 2017-04-16 01:31 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-16 01:27 - 2017-04-16 01:27 - 00000017 _____ C:\Users\Bilal\AppData\Local\resmon.resmoncfg
2017-04-16 01:25 - 2017-04-29 18:52 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\TeXstudio
2017-04-16 01:25 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
2017-04-16 01:25 - 2017-04-16 01:27 - 202083592 _____ (MiKTeX.org) C:\Users\Bilal\Downloads\basic-miktex-2.9.6236-x64.exe
2017-04-16 01:22 - 2017-04-16 01:22 - 32426432 _____ (Benito van der Zander ) C:\Users\Bilal\Downloads\texstudio-2.12.4-win-qt5.6.2.exe
2017-04-16 01:18 - 2017-04-29 19:54 - 00000000 ___RD C:\Users\Bilal\Google Drive
2017-04-16 01:18 - 2017-04-16 01:18 - 00001844 _____ C:\Users\Bilal\Desktop\Google Drive.lnk
2017-04-16 01:17 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-04-16 01:17 - 2017-04-16 01:17 - 00002122 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-04-16 01:17 - 2017-04-16 01:17 - 00002120 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-04-16 01:17 - 2017-04-16 01:17 - 00002110 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-04-16 01:16 - 2017-04-16 01:16 - 01129376 _____ (Google Inc.) C:\Users\Bilal\Downloads\googledrivesync.exe
2017-04-16 01:15 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-16 01:15 - 2017-04-16 01:15 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-16 01:15 - 2017-04-16 01:15 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Sun
2017-04-16 01:14 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-04-16 01:14 - 2017-04-16 01:14 - 00000000 ____D C:\ProgramData\Oracle
2017-04-16 01:09 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-04-16 01:09 - 2017-04-16 01:09 - 00000000 ____D C:\Users\Bilal\AppData\Local\Package Cache
2017-04-16 01:04 - 2017-04-20 12:57 - 00000000 ____D C:\Development
2017-04-16 01:03 - 2017-04-16 01:03 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\JetBrains
2017-04-16 01:03 - 2017-04-16 01:03 - 00000000 ____D C:\Users\Bilal\AppData\LocalLow\Oracle
2017-04-16 01:02 - 2017-04-16 02:08 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClipX
2017-04-16 01:02 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-04-16 01:02 - 2017-04-16 01:03 - 00000000 ____D C:\Program Files (x86)\ClipX
2017-04-16 01:02 - 2017-04-16 01:02 - 00000000 ____D C:\Program Files\7-Zip
2017-04-16 01:02 - 2017-04-16 01:02 - 00000000 ____D C:\Program Files (x86)\SurfaceUpdate
2017-04-16 00:59 - 2017-04-16 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pharos
2017-04-16 00:59 - 2017-04-16 00:59 - 00000000 ____D C:\Users\Bilal\AppData\Local\PeerDistRepub
2017-04-16 00:59 - 2017-04-16 00:59 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2017-04-16 00:59 - 2017-04-16 00:59 - 00000000 ____D C:\Program Files (x86)\PharosSystems
2017-04-16 00:59 - 2017-04-16 00:59 - 00000000 ____D C:\Program Files (x86)\Pharos
2017-04-16 00:59 - 2015-05-24 11:36 - 02960896 ____T (Pharos Systems International) C:\WINDOWS\system32\PSRB38C1.DLL
2017-04-16 00:59 - 2015-05-24 11:36 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4.dll
2017-04-16 00:59 - 2015-05-24 11:36 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4r.dll
2017-04-16 00:58 - 2017-04-16 02:08 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains Toolbox
2017-04-16 00:58 - 2017-04-16 00:58 - 00000000 ____D C:\Users\Bilal\AppData\Local\JetBrains
2017-04-16 00:57 - 2017-04-16 00:57 - 04181816 _____ (Microsoft Corporation) C:\Users\Bilal\Downloads\Setup.X86.en-us_O365ProPlusRetail_0ecef112-df58-4c4e-b31c-c668c3efc2ec_TX_PR_b_16_.exe
2017-04-16 00:53 - 2017-04-16 00:54 - 84566171 _____ C:\Users\Bilal\Downloads\PawPrintColor2Popup_for_x64.exe
2017-04-16 00:53 - 2017-04-16 00:54 - 84566009 _____ C:\Users\Bilal\Downloads\PAWPRINT_POPUP2_for_x64.exe
2017-04-16 00:53 - 2017-04-16 00:54 - 36785432 _____ C:\Users\Bilal\Downloads\jetbrains-toolbox-1.2.2314.exe
2017-04-16 00:53 - 2017-04-16 00:53 - 00003560 _____ C:\Users\Bilal\Downloads\login.shtml
2017-04-16 00:52 - 2017-04-16 00:53 - 31392272 _____ (Python Software Foundation) C:\Users\Bilal\Downloads\python-3.6.1-amd64.exe
2017-04-16 00:52 - 2017-04-16 00:53 - 01381582 _____ (Igor Pavlov) C:\Users\Bilal\Downloads\7z1604-x64.exe
2017-04-16 00:52 - 2017-04-16 00:52 - 00111614 _____ C:\Users\Bilal\Downloads\clipx-1.0.3.8-setup.exe
2017-04-16 00:51 - 2017-04-16 00:55 - 00000000 ____D C:\Users\Bilal\Downloads\Install
2017-04-16 00:51 - 2017-04-16 00:53 - 205004856 _____ (Oracle Corporation) C:\Users\Bilal\Downloads\jdk-8u121-windows-x64.exe
2017-04-16 00:51 - 2017-04-16 00:51 - 04747781 _____ C:\Users\Bilal\Downloads\Wintab_x64_1.0.0.20.zip
2017-04-16 00:48 - 2017-04-16 02:08 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-16 00:46 - 2017-04-29 19:58 - 00002473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-16 00:46 - 2017-04-29 19:58 - 00002461 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-16 00:45 - 2017-04-29 18:50 - 00000000 ____D C:\Users\Bilal\AppData\Local\Google
2017-04-16 00:45 - 2017-04-16 01:16 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-16 00:45 - 2017-04-16 00:45 - 01129376 _____ (Google Inc.) C:\Users\Bilal\Downloads\ChromeSetup.exe
2017-04-16 00:40 - 2017-04-16 02:12 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-16 00:40 - 2017-04-16 00:40 - 07884764 _____ C:\Users\Bilal\Downloads\AuroraBorealis.themepack
2017-04-16 00:40 - 2017-04-16 00:40 - 05471529 _____ C:\Users\Bilal\Downloads\NASASpacescapes.themepack
2017-04-16 00:40 - 2017-04-16 00:40 - 00000000 ____D C:\Program Files (x86)\Intel
2017-04-16 00:38 - 2017-04-16 00:40 - 00000036 _____ C:\WINDOWS\progress.ini
2017-04-16 00:32 - 2017-04-16 01:08 - 00000000 ____D C:\Users\Bilal\AppData\Local\Comms
2017-04-16 00:31 - 2017-04-16 00:31 - 06581904 _____ (Microsoft Corporation) C:\Users\Bilal\Downloads\Windows10Upgrade9252.exe
2017-04-16 00:31 - 2017-04-16 00:31 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Macromedia
2017-04-16 00:30 - 2017-04-16 00:30 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Skype
2017-04-16 00:30 - 2017-04-16 00:30 - 00000000 ____D C:\Users\Bilal\AppData\Local\MicrosoftEdge
2017-04-16 00:26 - 2017-04-29 17:58 - 00000000 ___RD C:\Users\Bilal\OneDrive
2017-04-16 00:26 - 2017-04-16 00:38 - 00000000 ___HD C:\$GetCurrent
2017-04-16 00:25 - 2017-04-16 02:14 - 00000000 ____D C:\Windows10Upgrade
2017-04-16 00:25 - 2017-04-16 00:31 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-04-16 00:25 - 2017-04-16 00:31 - 00000726 _____ C:\Users\Bilal\Desktop\Windows 10 Upgrade Assistant.lnk
2017-04-16 00:25 - 2017-04-16 00:25 - 00000000 ____D C:\Users\Bilal\AppData\Local\ActiveSync
2017-04-16 00:24 - 2017-04-29 15:49 - 00000000 ____D C:\Users\Bilal\AppData\Local\Packages
2017-04-16 00:24 - 2017-04-27 11:37 - 00000000 ____D C:\Users\Bilal\AppData\Roaming\Adobe
2017-04-16 00:24 - 2017-04-16 02:27 - 00000000 ____D C:\Users\Bilal\AppData\Local\VirtualStore
2017-04-16 00:24 - 2017-04-16 00:24 - 00000000 ____D C:\Users\Bilal\AppData\Local\TileDataLayer
2017-04-16 00:24 - 2017-04-16 00:24 - 00000000 ____D C:\Users\Bilal\AppData\Local\Publishers
2017-04-16 00:23 - 2017-04-16 00:23 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-04-16 00:22 - 2017-04-16 00:22 - 00000000 ____D C:\WINDOWS\CSC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-29 19:59 - 2015-12-06 23:42 - 01016036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-29 19:54 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-29 19:53 - 2017-03-18 07:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-04-29 17:45 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-29 15:49 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-29 02:49 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-29 02:48 - 2015-12-06 23:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-25 15:57 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-21 12:53 - 2017-03-18 22:31 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-04-21 12:53 - 2017-03-18 22:28 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\Com
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\IME
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-21 12:53 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-21 12:53 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-21 12:53 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-21 12:53 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\servicing
2017-04-19 20:53 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-18 10:45 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-17 00:00 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-16 14:56 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\tracing
2017-04-16 06:03 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-16 06:02 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-16 05:02 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-16 02:32 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-16 02:15 - 2017-03-18 16:56 - 00864160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxcore.sys
2017-04-16 02:15 - 2017-03-18 16:56 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LxRun.exe
2017-04-16 02:15 - 2017-03-18 16:56 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
2017-04-16 02:15 - 2017-03-18 16:56 - 00017312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys
2017-04-16 02:12 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-16 02:12 - 2015-12-06 23:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 02:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-16 02:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-16 02:10 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-16 02:09 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-16 02:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-16 02:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-16 02:06 - 2015-12-06 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-04-16 02:04 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-16 02:04 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-04-16 02:04 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-04-16 01:09 - 2015-12-06 23:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-03 12:56 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-03 12:56 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-04-16 01:27 - 2017-04-16 01:27 - 0000017 _____ () C:\Users\Bilal\AppData\Local\resmon.resmoncfg
2017-04-16 02:04 - 2017-04-16 02:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-29 18:40 - 2017-04-29 18:40 - 0348672 _____ () C:\ProgramData\smp2.exe
 
Files to move or delete:
====================
C:\ProgramData\smp2.exe
 
 
Some files in TEMP:
====================
2017-04-29 18:40 - 2017-04-29 18:41 - 25034370 _____ (AppTrailers) C:\Users\Bilal\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-04-29 18:40 - 2017-04-29 18:40 - 1281024 _____ (t ) C:\Users\Bilal\AppData\Local\Temp\browser_air_setup.exe
2017-04-29 18:40 - 2017-04-29 18:40 - 0922904 _____ (Star Line                                                   ) C:\Users\Bilal\AppData\Local\Temp\mktus.exe
2017-04-29 18:40 - 2017-04-29 18:40 - 0545792 _____ () C:\Users\Bilal\AppData\Local\Temp\setup.exe
2017-04-29 18:40 - 2017-04-29 18:40 - 1199825 _____ () C:\Users\Bilal\AppData\Local\Temp\unins000.exe
2017-04-29 18:40 - 2017-04-29 18:40 - 1250190 _____ (VideoBox                                                    ) C:\Users\Bilal\AppData\Local\Temp\vbsetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-29 03:20
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 29 April 2017 - 09:09 PM

Hi bill :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me the content of the "mbar-log-TODAY'S-date.txt" log after running the scan and deleting the threats it detected (the log will be located in the MBAR folder).

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you cannot run MBAR, please let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 bill2507733

bill2507733
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 29 April 2017 - 09:49 PM

Hi Yoan,

 

Thank you so so much for your reply. So since I posted this, I actually went ahead and created a fixlog.txt and cleaned the system with FRST. That finally allowed to run MBAR which found thousands of hits. After a reboot, I went through and rand MBAM, hitman pro, and Zemana, each of which again found a few hits. Sorry for getting ahead, but I was desperate to get a usable system. I wont take any further steps until you ask me to.

 

 I've attached the MBAR logs from today's runs. Do you want another FRST scan to go with it? 

Attached Files


Edited by bill2507733, 29 April 2017 - 09:52 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 29 April 2017 - 10:36 PM

Did you create the fixlist yourself, or did you copy/paste it from somewhere else? Also yes, please stick to my instructions only for now. Since I don't have access to your system, I need to ensure that I know exactly what action is taken on it during the clean-up to make sure everything goes well :)

Now, you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 bill2507733

bill2507733
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 29 April 2017 - 10:43 PM

I made the file the file myself. 

 

I already went through and scanned with Malwarebytes the first time, so this time did not return any hits. 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 29 April 2017 - 10:46 PM

Do you still have the log so I can check it?

And we'll move on with JRT and AdwCleaner then.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 bill2507733

bill2507733
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 29 April 2017 - 11:54 PM

Here you go!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Bilal (Administrator) on 2017-04-30 at  0:43:01.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\Bilal\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_67DEBAD8C6D90901D7D3E662054FAEB3 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D2CAC06E-6FDF-444D-A35A-DD4199D9988C} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-04-30 at  0:46:06.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

# AdwCleaner v6.045 - Logfile created 30/04/2017 at 00:51:33
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-29.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Bilal - BILAL-SURFACE
# Running from : C:\Users\Bilal\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\WINDOWS\rsrcs.dll
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: MaskitAutorun
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-3662434705-292330180-2919207271-1001\Software\VideoBox
[#] Key deleted on reboot: HKCU\Software\VideoBox
[-] Key deleted: HKLM\SOFTWARE\xs
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s5m
[#] Key deleted on reboot: [x64] HKCU\Software\VideoBox
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1125 Bytes] - [30/04/2017 00:51:33]
C:\AdwCleaner\AdwCleaner[S0].txt - [1375 Bytes] - [30/04/2017 00:50:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1271 Bytes] ##########


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 30 April 2017 - 09:30 AM

Good :) Now let's grab a fresh set of FRST logs to see if there's anything left to remove manually.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 bill2507733

bill2507733
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 01 May 2017 - 12:09 AM

Here You are!

Attached Files



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 01 May 2017 - 07:31 AM

Good news that there isn't much left to remove :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
How's your system behaving now? Were there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 bill2507733

bill2507733
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 01 May 2017 - 02:40 PM

Everything is working well except for chrome, which seems to be missing some of my saved info/extensions. I was just going to do a reinstall to fix that if thats good with you? 

 

 

Here is the log file 

Attached Files



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 01 May 2017 - 06:43 PM

Where did you download that fixlist.txt from? It isn't the one I included in my last post.

And yes, you are free to reinstall Google Chrome.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 bill2507733

bill2507733
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 01 May 2017 - 07:32 PM

Im almost positive that it is the same file? the small section on the log that gives the fix list is identical to the fixlist youve attached. I may have accidently run it twice which is why it says file not found, The program was updating at first and restarted, so i though the restart was a part of the update and not the fix 



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 01 May 2017 - 07:33 PM

The fixlist you ran isn't the one I created. Please download it and run it again.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 bill2507733

bill2507733
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 05 May 2017 - 09:05 PM

hey sorry for the late reply. 

 

here it is!

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users