Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BestOffer EveryDay virus

Started by MurrayWiseman , Jul 10 2016 10:15 PM

Please log in to reply

#1
MurrayWiseman

Posted 10 July 2016 - 10:15 PM

New Member

Member
7 posts

I see that Geekstogo helped someone with this in 2005. (http://www.geekstogo...ve-it-resolved/). Since that was a long time ago this may be an evolved virus of the same name. I received this virus today when I was downloading a webcam recording software. I am attaching the hijackthis log.

The virus put this icon shortcut on my desktop (https://www.dropbox....rVirus.jpg?dl=0).

The shortcut goes to "C:\Program Files (x86)\Opera\BestOffer.url"

In that Opera folder there is a folder called "pic" containing the same icon called "offer.ico" as well as a file called "vlc-2.2.3win32.exe".

There are three shortcuts in the Opera folder. "BestOffer" which goes to http://go.ad2up.com/afu.php?id=486353. "Offer" which goes to http://go.ad2up.com/afu.php?id=599180. And, "Offer2" which goes to http://go.ad2up.com/afu.php?id=486353

I would greatly appreciate you help with this.

Murray

#2
Jr0x

Posted 11 July 2016 - 10:45 AM

Malware removal team

Malware Removal
1,830 posts

Hi MurrayWiseman,

Welcome to :welcome:

. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
If there is anything you are unclear of, please ask before you start the fix.
Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
There may be delayed response to you as we may live in different timezone.
Inform me of anything that happens unexpectedly during the fix at any point of time.
As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
MurrayWiseman

Posted 11 July 2016 - 07:58 PM

New Member

Topic Starter
Member
7 posts

Thanks for your quick response jr0x. I am relieved that you are helping me.

Here is FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by Mur (administrator) on MURRAY (11-07-2016 21:43:03)
Running from C:\Users\Mur\Desktop
Loaded Profiles: Mur & (Available Profiles: Mur & murra)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Savard Software) C:\Program Files (x86)\TurboTop\TurboTop.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\Install\{FA27A75B-B263-4C9E-8F39-D1BE8ADDC7CB}\DropboxClient_6.4.14.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.4.537\ASUSWSLoader.exe [63272 2015-10-12] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\Run: [KeyboardIndicator] => C:\KeyboardIndicator_1.6.0.1\KeyboardIndicator_1.6.0.1\KeyboardIndicator.exe [267176 2015-10-16] (Roi Dayan)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\Run: [Google Update] => C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-18] (Google Inc.)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\Run: [cdloader] => C:\Users\Mur\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KeyboardIndicator] => C:\KeyboardIndicator_1.6.0.1\KeyboardIndicator_1.6.0.1\KeyboardIndicator.exe [267176 2015-10-16] (Roi Dayan)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-18] (Google Inc.)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cdloader] => C:\Users\Mur\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TurboTop.lnk [2015-10-04]
ShortcutTarget: TurboTop.lnk -> C:\Program Files (x86)\TurboTop\TurboTop.exe (Savard Software)
Startup: C:\Users\Mur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctlaltshft=.ahk - Shortcut.lnk [2016-06-01]
ShortcutTarget: ctlaltshft=.ahk - Shortcut.lnk -> C:\Users\Mur\Desktop\Apps\ctlaltshft=.ahk ()
Startup: C:\Users\Mur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{27edbd0a-3e70-45a0-95e9-c77c587f8945}: [DhcpNameServer] 192.168.40.1
Tcpip\..\Interfaces\{87569a40-f120-4898-a4c4-da4e0aea77be}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1587703405-337945311-2996229846-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1587703405-337945311-2996229846-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-93e65235&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-93e65235&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-93e65235&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-93e65235&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-93e65235&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-93e65235&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-27] (Oracle Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1443660345667
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP50-10011/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll [2016-03-09] (QlikTech International AB)
Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll [2016-03-09] (QlikTech International AB)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mur\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001: @talk.google.com/O1DPlugin -> C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Mur\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mur\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-10-02] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Mur\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mur\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\searchplugins\McSiteAdvisor.xml [2015-11-22]
FF Extension: Español (AR) Language Pack - C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\Extensions\[email protected] [2016-06-09]
FF Extension: Adblock Plus - C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome:
=======
CHR Profile: C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-14]
CHR Extension: (Google Docs) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-14]
CHR Extension: (Google Drive) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Google Search) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Sheets) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-14]
CHR Extension: (Text to Speech App) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\foboeiajimhaijdbfnknapkoiadkohio [2015-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (IE Tab) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-06-11]
CHR Extension: (TTSReader - Unlimited Text-To-Speech) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\melfcogdhodeocnkdiplgdpkllopbhan [2016-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Online speech recognition - Speech Pad) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehlbpmpoabkgenppepoaihkacolpdcf [2016-04-29]
CHR Extension: (Gmail) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-14]
CHR Extension: (US English Female Text-to-speech (by Google)) - C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkidpnnapnfgjhfhkpmjpbckkbaodldb [2015-11-22]
CHR HKU\S-1-5-21-1587703405-337945311-2996229846-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe [71168 2014-12-04] (ASUS Cloud Corporation) [File not signed]
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [98296 2015-12-14] (ASUS Corporation)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11758840 2016-05-25] (Broadcom Corp)
R3 BCMWL63A; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11758840 2016-05-25] (Broadcom Corp)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-09-18] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-26] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-01] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-11 21:43 - 2016-07-11 21:44 - 00032355 _____ C:\Users\Mur\Desktop\FRST.txt
2016-07-11 21:42 - 2016-07-11 21:43 - 00000000 ____D C:\FRST
2016-07-11 21:42 - 2016-07-11 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-11 21:40 - 2016-07-11 21:42 - 02390528 _____ (Farbar) C:\Users\Mur\Desktop\FRST64.exe
2016-07-10 23:30 - 2016-07-10 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mur\Downloads\HijackThis.exe
2016-07-10 20:50 - 2016-07-10 22:36 - 00000000 ____D C:\Users\Mur\AppData\Roaming\vlc
2016-07-10 20:50 - 2016-07-10 20:57 - 00001141 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-10 20:50 - 2016-07-10 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-10 20:50 - 2016-07-10 20:50 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-07-10 20:44 - 2016-07-10 20:44 - 00001138 _____ C:\Users\Mur\Desktop\BestOffer EveryDay.lnk
2016-07-10 20:44 - 2016-07-10 20:44 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-10 20:10 - 2016-07-10 20:17 - 00000000 ____D C:\AdwCleaner
2016-07-10 20:10 - 2016-07-10 20:10 - 03712064 _____ C:\Users\Mur\Downloads\adwcleaner_5.201.exe
2016-07-10 20:00 - 2016-07-10 20:00 - 00459861 _____ C:\Users\Mur\Downloads\SmartCam_v1_4.exe
2016-07-10 19:46 - 2016-07-10 19:51 - 31196040 _____ (VideoLAN ) C:\Users\Mur\Downloads\vlc-2.2.3-win32.exe
2016-07-09 09:55 - 2016-07-09 09:57 - 00000000 ____D C:\Users\Mur\Desktop\tmp
2016-07-03 13:45 - 2016-07-03 13:50 - 00000000 ____D C:\Users\Mur\Documents\QlikExerciseData
2016-07-01 19:16 - 2016-07-02 13:30 - 00000187 _____ C:\Users\Mur\Desktop\StoreTableScript.txt
2016-07-01 12:43 - 2016-07-01 12:43 - 00001395 _____ C:\Users\Mur\Desktop\Qlik Sense Desktop.lnk
2016-07-01 12:43 - 2016-07-01 12:43 - 00000000 ____D C:\Users\Mur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlik Sense
2016-07-01 12:42 - 2016-07-01 12:42 - 00000000 ____D C:\Users\Mur\AppData\Local\Package Cache
2016-06-29 08:37 - 2016-07-06 12:43 - 00000000 ____D C:\Users\Mur\Documents\QlikSources
2016-06-29 08:13 - 2016-06-30 14:44 - 00000000 ____D C:\Users\Mur\Documents\QlikNotes
2016-06-28 17:01 - 2016-06-28 17:01 - 00000000 ____D C:\Users\Mur\Documents\QlikBackups
2016-06-28 07:57 - 2016-06-28 07:57 - 00000000 ____D C:\DataModel
2016-06-23 13:56 - 2016-06-23 13:56 - 00000000 ____D C:\Users\Mur\AppData\Roaming\Qlik
2016-06-23 13:14 - 2016-06-23 13:14 - 00000000 ____D C:\Program Files\Common Files\QlikTech
2016-06-23 13:14 - 2016-06-23 13:14 - 00000000 ____D C:\Program Files\Common Files\Qlik
2016-06-21 10:58 - 2016-06-21 10:58 - 00000939 _____ C:\Users\Mur\Desktop\Sandboxed Web Browser.lnk
2016-06-21 10:58 - 2016-06-21 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-06-21 10:53 - 2016-06-21 10:53 - 00000000 ____D C:\Users\Mur\Documents\Conferences
2016-06-20 17:28 - 2016-06-20 17:28 - 00026379 _____ C:\Users\Mur\Documents\Engro.pdf
2016-06-15 19:31 - 2016-06-16 18:04 - 00000000 ____D C:\Users\Mur\Desktop\Example
2016-06-15 09:10 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 09:10 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 09:10 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 09:10 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 09:10 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 09:10 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 09:10 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 09:10 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 09:10 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 09:10 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 09:10 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 09:10 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 09:10 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 09:09 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 09:09 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 09:09 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 09:09 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 09:09 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 09:09 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 09:09 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 09:09 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 09:09 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 09:09 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 09:09 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 09:09 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 09:09 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 09:09 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 09:09 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 09:09 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 09:09 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 09:09 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 09:09 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 09:09 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 09:09 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 09:09 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 09:09 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 09:09 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 09:09 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 09:09 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 09:09 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 09:09 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 09:09 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 09:09 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 09:09 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 09:09 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 09:09 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 09:09 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 09:09 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 09:09 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 09:09 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 09:09 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 09:09 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 09:09 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 09:09 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 09:09 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 09:09 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 09:09 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 09:09 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 09:09 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 09:09 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 09:09 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 09:09 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 09:09 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 09:09 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 09:09 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 09:09 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 09:09 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 09:09 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 09:09 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 09:09 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 09:09 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 09:09 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 09:09 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 09:09 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 09:09 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 09:09 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 09:09 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 09:09 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 09:09 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 09:09 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 09:09 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 09:09 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 09:09 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 09:09 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 09:09 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 09:09 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 09:09 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 09:09 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 09:09 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 09:09 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 09:09 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 09:09 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 09:09 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 09:09 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 09:09 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 09:09 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 09:09 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 09:09 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 09:09 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 09:09 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 09:09 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 09:09 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 09:09 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 09:09 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 09:09 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 09:09 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 09:09 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 09:09 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 09:09 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 09:09 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 09:09 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 09:09 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 09:09 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 09:09 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 09:09 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 09:09 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 09:09 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 09:09 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 09:09 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 09:09 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 09:09 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 09:09 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 09:09 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 09:09 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 09:09 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 09:09 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 09:09 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 09:09 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 09:09 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 09:09 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 09:09 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 09:09 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 09:09 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 09:09 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 09:09 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 09:09 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 09:09 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 09:09 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 09:09 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 09:09 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 09:09 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 09:09 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 09:09 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 09:09 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 09:09 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 09:09 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 09:09 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 09:09 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 09:09 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 09:09 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 09:09 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-15 09:09 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 09:09 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 09:09 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 09:09 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-15 09:09 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 09:09 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 09:09 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 09:09 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 09:09 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 09:09 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 09:09 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 09:09 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 09:09 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 09:09 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 09:09 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 09:09 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 09:09 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 09:09 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 09:09 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 09:09 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 09:09 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 09:09 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 09:09 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 09:09 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 09:09 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 09:09 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 09:09 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 09:09 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 09:09 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 09:09 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 09:09 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 09:09 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 09:09 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 09:09 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 09:09 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 09:09 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 09:09 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 09:09 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 09:09 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 09:09 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 09:09 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 09:09 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 09:09 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 09:09 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 09:09 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 09:09 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 09:09 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 09:09 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 09:09 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 09:09 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-11 21:43 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-11 21:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-11 21:43 - 2015-09-29 20:13 - 00000000 ___RD C:\Users\Mur\Dropbox
2016-07-11 21:43 - 2015-06-20 14:33 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-11 21:40 - 2015-09-29 20:25 - 00000000 ___RD C:\Users\Mur\Google Drive
2016-07-11 21:40 - 2015-06-20 13:07 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1B14A1C6-D023-46DA-9D51-CC8AC860FA41}
2016-07-11 21:39 - 2015-09-30 11:25 - 00000000 ____D C:\Users\Mur\AppData\Local\CrashDumps
2016-07-11 21:39 - 2015-06-20 13:26 - 00000000 ____D C:\Users\Mur\AppData\Roaming\Skype
2016-07-11 21:35 - 2016-04-08 09:42 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-07-11 21:35 - 2015-06-20 13:01 - 00000125 _____ C:\Users\Mur\AppData\Roaming\sp_data.sys
2016-07-11 21:34 - 2015-11-29 04:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-11 21:34 - 2015-10-19 17:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-11 21:34 - 2015-09-29 20:20 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-11 21:34 - 2015-06-20 14:33 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-11 21:34 - 2015-06-20 12:59 - 00000000 __SHD C:\Users\Mur\IntelGraphicsProfiles
2016-07-11 12:19 - 2016-05-12 12:00 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-07-11 12:19 - 2015-06-20 13:16 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-07-11 12:16 - 2015-10-18 13:50 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1587703405-337945311-2996229846-1001UA.job
2016-07-10 23:49 - 2015-10-16 10:15 - 00000000 ____D C:\tmp
2016-07-10 23:48 - 2015-11-13 18:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-10 23:45 - 2015-10-27 14:55 - 00000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1587703405-337945311-2996229846-1001.job
2016-07-10 23:45 - 2015-09-29 20:20 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-10 23:30 - 2015-06-20 14:33 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-10 23:19 - 2015-10-27 14:55 - 00000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1587703405-337945311-2996229846-1001.job
2016-07-10 20:19 - 2015-11-29 05:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-10 20:18 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-10 19:41 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-10 19:41 - 2015-10-05 16:18 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-10 18:16 - 2015-10-18 13:50 - 00000862 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1587703405-337945311-2996229846-1001Core.job
2016-07-09 09:50 - 2015-06-20 13:00 - 00000000 ____D C:\Users\Mur\AppData\Local\Packages
2016-07-06 20:39 - 2015-10-26 11:13 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-06 12:31 - 2016-02-15 00:03 - 00001644 _____ C:\WINDOWS\Sandboxie.ini
2016-07-05 18:16 - 2015-09-30 21:18 - 00000000 ____D C:\Users\Mur\Documents\Hardware
2016-07-05 18:15 - 2015-10-07 19:10 - 00000000 ____D C:\Users\Mur\AppData\Roaming\Foxit Scanner Images
2016-07-05 18:13 - 2015-10-29 07:40 - 00000000 ____D C:\Users\Mur\AppData\Local\Foxit PhantomPDF
2016-07-03 14:30 - 2015-09-29 20:48 - 00000484 _____ C:\WINDOWS\ODBC.INI
2016-07-02 09:14 - 2015-10-27 14:55 - 00003806 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1587703405-337945311-2996229846-1001
2016-07-02 09:14 - 2015-10-27 14:55 - 00003710 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1587703405-337945311-2996229846-1001
2016-07-01 12:43 - 2015-12-30 17:09 - 00000000 ____D C:\Users\Mur\Documents\Qlik
2016-07-01 09:53 - 2015-06-20 14:15 - 00000000 ____D C:\Users\Mur\AppData\Roaming\FileZilla
2016-06-30 19:51 - 2015-06-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-06-30 19:51 - 2015-06-20 14:15 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-06-29 17:33 - 2015-11-23 10:03 - 00000000 ____D C:\Users\Mur\AppData\Roaming\TeamViewer
2016-06-28 16:53 - 2016-04-27 16:49 - 00000000 ____D C:\Users\Mur\Documents\Software
2016-06-28 14:57 - 2015-11-25 10:00 - 00000000 ____D C:\sqldeveloper
2016-06-28 11:33 - 2015-10-02 08:23 - 00000000 ____D C:\Users\Mur\AppData\LocalLow\WebEx
2016-06-24 15:32 - 2015-12-26 16:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 15:32 - 2015-12-26 16:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-24 15:28 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-23 18:44 - 2015-12-26 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 13:16 - 2015-12-27 14:30 - 00000000 ____D C:\ProgramData\Qlik
2016-06-23 13:14 - 2016-03-22 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QlikView
2016-06-21 20:55 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-21 20:53 - 2015-04-10 06:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-21 11:08 - 2015-10-03 05:47 - 00000000 ____D C:\Users\Mur\Documents\Mesh
2016-06-21 10:58 - 2016-02-15 00:02 - 00000000 ____D C:\Program Files\Sandboxie
2016-06-18 16:40 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-17 20:00 - 2015-11-29 05:01 - 00000000 ____D C:\Users\Mur
2016-06-17 14:46 - 2015-10-14 15:32 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 21:48 - 2015-11-13 18:52 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-06-16 21:47 - 2016-05-26 06:53 - 00000000 ____D C:\Users\Mur\Documents\Course
2016-06-16 19:59 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 19:11 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-16 19:09 - 2015-11-29 04:53 - 00333088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 19:09 - 2015-09-30 21:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-16 18:08 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-16 18:08 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-16 18:08 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 18:19 - 2015-09-29 21:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 18:15 - 2015-09-29 21:39 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-12 11:37 - 2016-05-19 16:17 - 00000000 ____D C:\Users\murra\AppData\Local\Packages
2016-06-12 11:36 - 2016-05-19 16:26 - 00000000 ___RD C:\Users\murra\Dropbox
2016-06-12 11:36 - 2016-05-19 16:17 - 00000125 _____ C:\Users\murra\AppData\Roaming\sp_data.sys
2016-06-12 11:36 - 2016-05-19 16:17 - 00000000 __SHD C:\Users\murra\IntelGraphicsProfiles
2016-06-11 10:06 - 2015-12-04 07:54 - 00000000 ____D C:\Users\Mur\AppData\Local\IE Tab

==================== Files in the root of some directories =======

2015-06-20 13:01 - 2016-07-11 21:35 - 0000125 _____ () C:\Users\Mur\AppData\Roaming\sp_data.sys
2015-10-05 06:19 - 2016-05-16 13:07 - 0000600 _____ () C:\Users\Mur\AppData\Roaming\winscp.rnd
2015-10-05 06:39 - 2015-12-17 12:52 - 0000600 _____ () C:\Users\Mur\AppData\Local\PUTTY.RND
2016-05-14 15:12 - 2016-05-14 15:12 - 0007604 _____ () C:\Users\Mur\AppData\Local\Resmon.ResmonCfg
2015-11-29 04:56 - 2015-11-29 04:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-10 06:45 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2015-04-10 06:45 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2015-04-10 06:45 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\Mur\AppData\Local\Temp\cygiconv-2.dll
C:\Users\Mur\AppData\Local\Temp\cygintl-8.dll
C:\Users\Mur\AppData\Local\Temp\cygwin1.dll
C:\Users\Mur\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptx7wu2.dll
C:\Users\Mur\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Mur\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Mur\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Mur\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Mur\AppData\Local\Temp\libeay32.dll
C:\Users\Mur\AppData\Local\Temp\md5sum.exe
C:\Users\Mur\AppData\Local\Temp\msvcr120.dll
C:\Users\Mur\AppData\Local\Temp\npp.6.9.1.Installer.exe
C:\Users\Mur\AppData\Local\Temp\npp.6.9.2.Installer.exe
C:\Users\Mur\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Mur\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mur\AppData\Local\Temp\sqlite3.dll
C:\Users\Mur\AppData\Local\Temp\vlc-2.2.4-win32.exe
C:\Users\Mur\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-04 10:08

==================== End of FRST.txt ============================

Here is Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01
Ran by Mur (2016-07-11 21:44:45)
Running from C:\Users\Mur\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-29 09:19:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1587703405-337945311-2996229846-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1587703405-337945311-2996229846-503 - Limited - Disabled)
Guest (S-1-5-21-1587703405-337945311-2996229846-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1587703405-337945311-2996229846-1005 - Limited - Enabled)
Mur (S-1-5-21-1587703405-337945311-2996229846-1001 - Administrator - Enabled) => C:\Users\Mur
murra (S-1-5-21-1587703405-337945311-2996229846-1010 - Limited - Enabled) => C:\Users\murra

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.1 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.1.0 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.03.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.57 - ICEpower a/s)
AutoHotkey 1.1.22.07 (HKLM\...\AutoHotkey) (Version: 1.1.22.07 - Lexikos)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 7.35.333.0 - Broadcom Corporation)
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version: - )
Cisco WebEx Meetings (HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
December 8, 2014 (HKLM-x32\...\OpenStat_is1) (Version: - William Miller)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.20 - ASUSTek Computer Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
EXAKT (HKLM-x32\...\{4D49FDFF-E53E-4A8D-8D25-D3744FAAC612}) (Version: 1.00.0000 - OMDEC Inc.)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
Foxit PhantomPDF (HKLM-x32\...\{045A0488-55C1-45B1-9992-4B4134904D61}) (Version: 7.0.59.127 - Foxit Software Inc.)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.3.15 - Open source)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4013 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
magicJack (HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
magicJack (HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM-x32\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
OREST (HKLM-x32\...\{063E53FC-DCFE-4111-A8A8-8EC84D91B694}) (Version: 1.0.0 - BANAK)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
PPspliT (HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\PPspliT) (Version: 1.14 - )
PPspliT (HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PPspliT) (Version: 1.14 - )
ProjectLibre (HKLM-x32\...\{8E2A530F-ABE9-45B4-B4EA-B9DF56698376}) (Version: 1.6.2.0 - ProjectLibre)
Qlik ODBC Connector Package (HKLM\...\{F7DCF54B-1E73-47BC-8F0B-53272D117330}) (Version: 1.0.0.432 - QlikTech International AB)
Qlik Sense - Quick build tutorial (HKLM-x32\...\{42F648B1-046D-4401-9ACC-109F4B510018}}_is1) (Version: 1.0 - QlikTech International AB)
Qlik Sense DemoApps (Version: 3.0.0.0 - QlikTech International AB) Hidden
Qlik Sense Desktop (HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\{2483875a-e0c1-40f0-b0ec-9dc8e2ccf683}) (Version: 3.0.0.0 - QlikTech International AB)
Qlik Sense Desktop (HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{2483875a-e0c1-40f0-b0ec-9dc8e2ccf683}) (Version: 3.0.0.0 - QlikTech International AB)
Qlik Sense Desktop (Version: 3.0.0.0 - QlikTech International AB) Hidden
Qlik Sense Desktop Connectors (Version: 3.0.0.0 - QlikTech International AB) Hidden
QlikView x64 (HKLM\...\{0BD26E4A-562A-47CD-8F1E-C55519B94863}) (Version: 12.0.20001.0 - QlikTech International AB)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7383 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Staples Easy Print (HKLM-x32\...\{b02f4c9a-50e2-11e1-bd19-00059a3c7800}) (Version: 4.0.2 - IKON)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TurboTop 2.7 (HKLM-x32\...\TurboTop_is1) (Version: 2.7.0.1 - Savard Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.4.537 - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9840 - Broadcom Corporation)
Windows Driver Package - ASUS (ATP) Mouse (11/11/2015 6.0.0.66) (HKLM\...\82D024CBD181D16D72E5AE45A426919815D5F456) (Version: 11/11/2015 6.0.0.66 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mur\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mur\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\murra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0242C116-58D6-492F-9704-01C34E0357FD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {04A98838-7BCC-4314-9B47-4BBFB38945B8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {07895ED7-3EC8-4EE1-905B-FF3B54EE3B0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {09F5E11E-3F9B-40BD-9699-6B0B619F6EBC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {20157AE7-0DBD-4934-8B58-FD416F6CEAB2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {26480AB1-31CA-4E2E-988C-49FD68DC51BC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {371C11F6-EC67-4B33-B492-5B86922EA84F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4597C939-253C-4A84-9519-E8D403D7EDF0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {46FA4A2E-BE46-4CA5-8F0A-A59AAC489CD1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4C240B7B-D7E3-40FA-A064-50340757AB5A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-10-22] (Realtek Semiconductor)
Task: {53BC244B-CD9A-4F27-BE79-3CA9A784150D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {58585253-72A9-43DD-BF78-73BB36B93AEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {5D2C9E01-9092-4BD8-AE2D-06B73AEB9F10} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65AB1CEF-E160-44BD-A3B5-04E3BF4572F1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-11] (ASUSTek Computer Inc.)
Task: {7C26D853-E65A-44D5-9C6B-B7FBCE20E6E7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-07] (Dropbox, Inc.)
Task: {7D6C5223-074C-4962-8CED-AEF0590CB129} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7DB97612-CA09-4812-97DA-4D94FA730069} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {87005086-0C55-4E78-8C1D-DD5FCB9E62FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {88F37C13-890D-418E-8BD3-357F79F3989C} - System32\Tasks\G2MUploadTask-S-1-5-21-1587703405-337945311-2996229846-1001 => C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {905CC25D-56AB-4C31-932E-958DA1770203} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {93C6C16D-F373-4147-9149-41FC633CC1B5} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {9831CECE-F707-4573-B4CD-99B05D8D845A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1587703405-337945311-2996229846-1001Core => C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
Task: {9A0F79F6-8AF0-4B99-AD4F-C07388A3C1B3} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-09-11] (ASUS)
Task: {A1327173-F2E7-4491-8581-6918EF72E138} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {B3C664B0-02A4-46EA-A8BA-37883477CF7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BE63A598-5B52-4965-9F76-DE504BE158F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C96B3072-795D-441A-8088-F5F881ECBBA1} - System32\Tasks\G2MUpdateTask-S-1-5-21-1587703405-337945311-2996229846-1001 => C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D203AE0E-3447-471A-AF77-8E6A09911C77} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {D5B04311-6C60-4148-B8A7-7116F7451F0F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-07] (Dropbox, Inc.)
Task: {E2241826-59C4-472C-A243-84BB3719CE8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E8B7138D-E55F-4572-8FA9-F2164539CFAE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F21F1823-400C-4525-B121-978C65A520F8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-03-03] (ASUSTek Computer Inc.)
Task: {F776DE56-37C7-47B0-AD9D-637716C54AEF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {F815DB20-E263-422B-9325-9476476F718B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1587703405-337945311-2996229846-1001UA => C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1587703405-337945311-2996229846-1001.job => C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1587703405-337945311-2996229846-1001.job => C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1587703405-337945311-2996229846-1001Core.job => C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1587703405-337945311-2996229846-1001UA.job => C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlik Sense\Qlik Sense Help.lnk -> hxxp://help.qlik.com/sense/ (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-17 11:31 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2015-10-17 11:31 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2015-10-17 11:31 - 2012-09-18 15:27 - 03162624 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\suhp1020.dll
2015-10-17 11:31 - 2012-09-18 15:27 - 01236992 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\gchp1020.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 09:18 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 09:18 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-23 11:31 - 2016-04-23 11:31 - 00959176 _____ () C:\Users\Mur\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-02-26 08:07 - 2016-06-10 05:05 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-28 14:07 - 2016-03-28 14:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-18 13:07 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 16:14 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 09:09 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 09:09 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 09:09 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 09:09 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-21 18:37 - 2015-09-27 05:26 - 01144320 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2016-04-19 08:58 - 2016-04-19 09:00 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-02-25 17:15 - 2015-02-25 17:15 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-11 21:31 - 2014-09-11 21:31 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-09-11 21:31 - 2014-09-11 21:31 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-09-11 21:31 - 2014-09-11 21:31 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-09-11 21:31 - 2014-09-11 21:31 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-07-11 21:34 - 2016-07-11 21:34 - 00098816 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32api.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00110080 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\pywintypes27.dll
2016-07-11 21:34 - 2016-07-11 21:34 - 00364544 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\pythoncom27.dll
2016-07-11 21:34 - 2016-07-11 21:34 - 00320512 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32com.shell.shell.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00776704 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_hashlib.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 01176576 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._core_.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00806400 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._gdi_.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00816128 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._windows_.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 01067008 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._controls_.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00733184 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._misc_.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00682496 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\pysqlite2._sqlite.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00088064 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_ctypes.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00119808 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32file.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00108544 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32security.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00007168 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\hashobjs_ext.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00017920 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\thumbnails_ext.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00088064 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\usb_ext.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00012288 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\common.time34.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00018432 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32event.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00167936 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32gui.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00046080 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_socket.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 01208320 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_ssl.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00128512 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_elementtree.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00127488 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\pyexpat.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00038912 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32inet.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00036864 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_psutil_windows.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00525208 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\windows._lib_cacheinvalidation.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00011264 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32crypt.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00077312 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._html2.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00027136 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_multiprocessing.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00020480 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\_yappi.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00035840 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32process.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00686080 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\unicodedata.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00078848 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._animate.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00123392 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\wx._wizard.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00024064 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32pipe.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00010240 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\select.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00025600 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32pdh.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00017408 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32profile.pyd
2016-07-11 21:34 - 2016-07-11 21:34 - 00022528 ____R () C:\Users\Mur\AppData\Local\Temp\_MEI76642\win32ts.pyd
2016-06-27 11:22 - 2016-06-27 11:22 - 00048816 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-04-19 08:58 - 2016-04-19 09:00 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 08:58 - 2016-04-19 09:00 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-11 12:14 - 2016-06-06 21:58 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-07-11 21:42 - 2016-06-06 21:58 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-07-11 21:42 - 2016-06-06 21:59 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-07-11 21:42 - 2016-06-06 21:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 12:14 - 2016-06-06 21:58 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 12:14 - 2016-06-06 21:58 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 12:14 - 2016-07-05 14:00 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-07-11 21:42 - 2016-06-06 21:58 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 12:14 - 2016-07-05 14:00 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 12:14 - 2016-06-06 21:58 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-07-11 21:42 - 2016-07-05 13:59 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 12:14 - 2016-06-06 21:59 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-07-11 21:42 - 2016-07-05 13:59 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-07-11 21:42 - 2016-07-05 13:59 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 12:14 - 2016-07-05 14:00 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-07-11 21:42 - 2016-06-06 22:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-18 11:32 - 2016-07-05 14:00 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-18 11:32 - 2016-07-05 14:00 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-07-11 21:42 - 2016-07-05 13:59 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-18 11:32 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 11:32 - 2016-07-05 14:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-18 11:32 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2015-12-11 12:14 - 2016-06-06 21:58 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-07-11 21:42 - 2016-06-06 21:59 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-07-11 21:42 - 2016-07-05 13:59 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 12:14 - 2016-07-05 14:00 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-18 11:32 - 2016-07-05 14:00 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-07-11 21:42 - 2016-06-06 22:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-07-11 21:42 - 2016-07-05 14:00 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-07-11 21:42 - 2016-03-11 20:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-07-11 21:42 - 2016-07-05 14:00 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 21:42 - 2016-07-05 14:00 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 12:14 - 2016-06-06 21:59 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 12:14 - 2016-06-06 22:00 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-14 20:10 - 2016-07-05 14:00 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-11 12:14 - 2016-07-05 14:00 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-07-11 21:42 - 2016-07-05 14:00 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mur\Documents\UnionGasData.zip:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1587703405-337945311-2996229846-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mur\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Mur\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-1587703405-337945311-2996229846-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WbioSrvc => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1587703405-337945311-2996229846-1001\...\StartupApproved\Run: => "KeyboardIndicator"
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "KeyboardIndicator"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{472D5913-C9CA-43CF-AAE1-4379EEF2DAC4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D671147E-628C-45B3-AA8F-9ADBAF97940C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B1F09331-063F-49F3-88F5-C296FD266A14}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ED9C9C5B-6CD2-45B0-9371-5C2EDCDEA10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0210ED46-A26B-4FCF-B3A6-79610317207B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{852FD436-1CCD-4299-B6F6-47D2DF0E0838}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{335F5EFA-0337-431B-A90D-2D7A05E7A546}C:\users\mur\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\mur\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{36BBC032-30E3-44AB-B3D6-B692E6E1ED35}C:\users\mur\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\mur\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{C14B53BC-AA80-46B8-B713-5013E529F1CC}] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{3D5D2B84-65DF-415C-8849-FDA09522EE3C}] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{16B28C3D-9A85-45D8-A19F-C979B69D1B79}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{E1523629-143E-4AED-8898-DE7A3F11F322}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{40EC0B1D-44A8-425D-998A-4C8AC9C31BE5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8CAD50B-842C-4E4B-B006-6DB7113B4AC5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBDD87D9-DE9B-4EC4-A4B8-A377D1AC4A9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D72B2D2-31D2-445D-B5EB-D04FF6ED2D73}] => (Allow) C:\Users\Mur\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{7CAEF898-AB16-45A4-8694-FB427FF472B2}C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe] => (Block) C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [UDP Query User{0AD5A5AB-4FD5-4983-8374-83B705A7854B}C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe] => (Block) C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [TCP Query User{E85F48D6-4581-48C5-9F91-8E3805E372C2}C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe] => (Block) C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe
FirewallRules: [UDP Query User{32490C40-8E51-4840-ACCD-D4578FD49534}C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe] => (Block) C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe
FirewallRules: [{C2305F9A-BC4B-4BFA-B45A-F444A73FE890}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{2C9A8465-27DA-42E5-84B1-C228AC328880}C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe] => (Allow) C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [UDP Query User{F327E2FC-7685-435B-872E-198D54467196}C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe] => (Allow) C:\users\mur\appdata\local\programs\qlik\sense\qliksense.exe
FirewallRules: [TCP Query User{778B5C03-340E-4559-8E8B-0CC4A164C882}C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe] => (Allow) C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe
FirewallRules: [UDP Query User{E94F317F-2AF5-4430-BF1D-1A7C9466D368}C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe] => (Allow) C:\users\mur\appdata\local\temp\dataprepservice2.1.50500.0409.10\dataprepservice.exe
FirewallRules: [{2D8033C5-66E9-4867-9126-6C1D49CDB37F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{05F2A843-2F46-4D43-B80B-781FD3BD0126}C:\users\mur\appdata\local\programs\qlik\sense\engine\engine.exe] => (Allow) C:\users\mur\appdata\local\programs\qlik\sense\engine\engine.exe
FirewallRules: [UDP Query User{D9BFB776-2B3D-400D-BCE1-35C12B5BA372}C:\users\mur\appdata\local\programs\qlik\sense\engine\engine.exe] => (Allow) C:\users\mur\appdata\local\programs\qlik\sense\engine\engine.exe
FirewallRules: [TCP Query User{44F9B3F5-05FF-4750-84B9-AA5134812D8C}C:\users\mur\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\mur\appdata\local\programs\qlik\sense\node\node.exe
FirewallRules: [UDP Query User{501B34FC-BEEC-491A-9405-F0515A7DC99D}C:\users\mur\appdata\local\programs\qlik\sense\node\node.exe] => (Allow) C:\users\mur\appdata\local\programs\qlik\sense\node\node.exe
FirewallRules: [TCP Query User{A830CEDE-5395-4D95-B61A-4118155E35D3}C:\program files (x86)\smartcam\smartcam.exe] => (Allow) C:\program files (x86)\smartcam\smartcam.exe
FirewallRules: [UDP Query User{92B757EA-A835-4BDF-8351-F829DB1115D6}C:\program files (x86)\smartcam\smartcam.exe] => (Allow) C:\program files (x86)\smartcam\smartcam.exe
FirewallRules: [{0AF6F651-EAA3-4005-8DFA-D4582CE5BE08}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

23-06-2016 13:14:15 Installed Qlik ODBC Connector Package.
26-06-2016 19:00:27 Windows Backup
28-06-2016 16:48:12 Revo Uninstaller's restore point - Qlik Sense Desktop
07-07-2016 10:57:43 Scheduled Checkpoint
10-07-2016 19:00:35 Windows Backup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2016 09:39:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MURRAY)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/11/2016 09:39:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6868.4073, time stamp: 0x572152d8
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571af331
Exception code: 0x00000004
Fault offset: 0x0000000000071f28
Faulting process id: 0x2300
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report Id: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5

Error: (07/11/2016 09:36:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MURRAY)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/11/2016 09:36:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6868.4073, time stamp: 0x572152d8
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571af331
Exception code: 0x00000004
Fault offset: 0x0000000000071f28
Faulting process id: 0x1d58
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report Id: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5

Error: (07/11/2016 12:18:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MURRAY)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/11/2016 12:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6868.4073, time stamp: 0x572152d8
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571af331
Exception code: 0x00000004
Fault offset: 0x0000000000071f28
Faulting process id: 0x12ac
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report Id: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5

Error: (07/10/2016 11:34:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MURRAY)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/10/2016 11:34:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6868.4073, time stamp: 0x572152d8
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571af331
Exception code: 0x00000004
Fault offset: 0x0000000000071f28
Faulting process id: 0x1e6c
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report Id: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5

Error: (07/10/2016 10:49:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571af331
Exception code: 0x00000004
Fault offset: 0x0000000000071f28
Faulting process id: 0x7a4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (07/10/2016 10:45:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

System errors:
=============
Error: (07/11/2016 09:45:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf6: Mail and Calendar.

Error: (07/11/2016 09:44:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf6: Store.

Error: (07/11/2016 09:43:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf6: Get Started.

Error: (07/11/2016 09:42:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf6: Windows Camera.

Error: (07/11/2016 09:37:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (07/11/2016 12:23:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_e615f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/11/2016 12:23:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_e615f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/11/2016 12:23:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_e615f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/11/2016 12:23:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_e615f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/11/2016 12:23:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
Date: 2016-07-10 19:53:16.769
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-10 19:53:16.745
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-10 19:53:16.722
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-10 19:53:08.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-10 19:53:08.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-02 19:47:57.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-02 19:47:57.322
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-02 19:47:57.301
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-02 19:47:50.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-02 19:47:50.423
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 8095.11 MB
Available physical RAM: 4806.89 MB
Total Virtual: 9375.11 MB
Available Virtual: 5879.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:317.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:542.8 GB) (Free:472.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 52C58659)

Partition: GPT.

==================== End of Addition.txt ============================

#4
Jr0x

Posted 12 July 2016 - 06:25 PM

Malware removal team

Malware Removal
1,830 posts

Hi MurrayWiseman,

Your log seem pretty clean, just a couple of leftover to take care of.

Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste.
Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
2016-07-10 20:44 - 2016-07-10 20:44 - 00001138 _____ C:\Users\Mur\Desktop\BestOffer EveryDay.lnk
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {07895ED7-3EC8-4EE1-905B-FF3B54EE3B0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {09F5E11E-3F9B-40BD-9699-6B0B619F6EBC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {371C11F6-EC67-4B33-B492-5B86922EA84F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {46FA4A2E-BE46-4CA5-8F0A-A59AAC489CD1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {53BC244B-CD9A-4F27-BE79-3CA9A784150D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5D2C9E01-9092-4BD8-AE2D-06B73AEB9F10} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7D6C5223-074C-4962-8CED-AEF0590CB129} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B3C664B0-02A4-46EA-A8BA-37883477CF7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BE63A598-5B52-4965-9F76-DE504BE158F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E2241826-59C4-472C-A243-84BB3719CE8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E8B7138D-E55F-4572-8FA9-F2164539CFAE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Emptytemp:
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.

Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
Do not click the Cleaning button.
Click the Logfile button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

In your next reply, please include the following:

FRST fixlog
AdwCleaner scan log

#5
MurrayWiseman

Posted 13 July 2016 - 07:20 AM

New Member

Topic Starter
Member
7 posts

I ran the Fix with FRST. (Fixlog.txt below.) I ran AdwCleaner (log below).

The the BestOffer EveryDay icon was removed from my desktop. However the Opera folder with these files is still there

Directory of C:\Program Files (x86)\Opera

2016-07-10 08:44 PM    <DIR>          .
2016-07-10 08:44 PM    <DIR>          ..
2016-03-22 02:41 AM               192 BestOffer.url
2016-04-01 11:37 AM               192 Offer.url
2016-05-12 08:42 AM               192 Offer2.url
2016-07-10 08:44 PM    <DIR>          pic

Here is the Fixlog.txt log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01
Ran by Mur (2016-07-13 08:26:57) Run:1
Running from C:\Users\Mur\Desktop
Loaded Profiles: Mur & (Available Profiles: Mur & murra)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
SearchScopes: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
2016-07-10 20:44 - 2016-07-10 20:44 - 00001138 _____ C:\Users\Mur\Desktop\BestOffer EveryDay.lnk
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mur\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {07895ED7-3EC8-4EE1-905B-FF3B54EE3B0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {09F5E11E-3F9B-40BD-9699-6B0B619F6EBC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {371C11F6-EC67-4B33-B492-5B86922EA84F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {46FA4A2E-BE46-4CA5-8F0A-A59AAC489CD1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {53BC244B-CD9A-4F27-BE79-3CA9A784150D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5D2C9E01-9092-4BD8-AE2D-06B73AEB9F10} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7D6C5223-074C-4962-8CED-AEF0590CB129} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B3C664B0-02A4-46EA-A8BA-37883477CF7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BE63A598-5B52-4965-9F76-DE504BE158F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E2241826-59C4-472C-A243-84BB3719CE8E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E8B7138D-E55F-4572-8FA9-F2164539CFAE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1587703405-337945311-2996229846-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9}" => key removed successfully
HKCR\CLSID\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} => key not found.
"HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9}" => key removed successfully
HKCR\CLSID\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} => key not found.
C:\Users\Mur\Desktop\BestOffer EveryDay.lnk => moved successfully
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found.
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found.
HKU\S-1-5-21-1587703405-337945311-2996229846-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found.
"HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-1587703405-337945311-2996229846-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07895ED7-3EC8-4EE1-905B-FF3B54EE3B0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07895ED7-3EC8-4EE1-905B-FF3B54EE3B0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09F5E11E-3F9B-40BD-9699-6B0B619F6EBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F5E11E-3F9B-40BD-9699-6B0B619F6EBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{371C11F6-EC67-4B33-B492-5B86922EA84F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{371C11F6-EC67-4B33-B492-5B86922EA84F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46FA4A2E-BE46-4CA5-8F0A-A59AAC489CD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46FA4A2E-BE46-4CA5-8F0A-A59AAC489CD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53BC244B-CD9A-4F27-BE79-3CA9A784150D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53BC244B-CD9A-4F27-BE79-3CA9A784150D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D2C9E01-9092-4BD8-AE2D-06B73AEB9F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D2C9E01-9092-4BD8-AE2D-06B73AEB9F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D6C5223-074C-4962-8CED-AEF0590CB129}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6C5223-074C-4962-8CED-AEF0590CB129}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3C664B0-02A4-46EA-A8BA-37883477CF7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3C664B0-02A4-46EA-A8BA-37883477CF7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE63A598-5B52-4965-9F76-DE504BE158F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE63A598-5B52-4965-9F76-DE504BE158F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2241826-59C4-472C-A243-84BB3719CE8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2241826-59C4-472C-A243-84BB3719CE8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8B7138D-E55F-4572-8FA9-F2164539CFAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8B7138D-E55F-4572-8FA9-F2164539CFAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80468007 B
Java, Flash, Steam htmlcache => 979 B
Windows/system/drivers => 109757921 B
Edge => 56108011 B
Chrome => 56162888 B
Firefox => 380160797 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 24228 B
NetworkService => 14272 B
Mur => 3527453586 B
murra => 9503324 B

RecycleBin => 3946321489 B
EmptyTemp: => 7.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 08:35:12 ====

Here is the AdwCleaner[S4].txt log:

# AdwCleaner v5.201 - Logfile created 13/07/2016 at 08:56:19
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-13.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Mur - MURRAY
# Running from : C:\Users\Mur\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2188 bytes] - [10/07/2016 20:17:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1911 bytes] - [10/07/2016 20:10:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1984 bytes] - [10/07/2016 20:17:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [983 bytes] - [13/07/2016 08:48:49]
C:\AdwCleaner\AdwCleaner[S4].txt - [905 bytes] - [13/07/2016 08:56:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [977 bytes] ##########

#6
Jr0x

Posted 14 July 2016 - 09:08 AM

Malware removal team

Malware Removal
1,830 posts

Hi MurrayWiseman,

Thanks for the listing. We will get it removed as well.

Did you previously installed, and then removed Opera?

Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste.
Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

C:\Program Files (x86)\Opera\BestOffer.url
C:\Program Files (x86)\Opera\Offer.url
C:\Program Files (x86)\Opera\Offer2.url
C:\Program Files (x86)\Opera\pic

Emptytemp:
End

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

Re-scan with Malwarebytes Anti-Malware

Launch Malwarebytes from your Desktop
In Database version section, click Update Now
Once the update is done, click Settings>Detection and Protection
Make sure that all three boxes under Detection Options are checked
Go back to Dashboard and click the big, green Scan Now button.
Wait for Malwarebytes Anti-Malware to finish the scan
If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
Click Export, then click Copy to Clipboard.
Paste (CTRL+V) the log into your next reply.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

Make sure that Enable detection of potentially unwanted applications is checked.
In the Advanced Settings dropdown menu:
- Make sure that Remove found threats is unchecked.
- Scan archives is checked.
- Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Use custom proxy settings is unchecked.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

In your next reply, please include the following:

FRST fixlog
JRT log
MalwareBytes log
ESET log

#7
MurrayWiseman

Posted 15 July 2016 - 04:25 AM

New Member

Topic Starter
Member
7 posts

No. I had never installed Opera.

I tried to run ESET 2 times. Once in Internet Explorer, the other in Firefox. But both times it stopped after several hours with the message "Something went wrong". While running it did detect 1 threat. However there was no log.

The Opera folder is now empty.

Here are the other three logs.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by Mur (Administrator) on 2016-07-14 at 19:28:13.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkidpnnapnfgjhfhkpmjpbckkbaodldb (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-07-14 at 19:30:22.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-07-14
Scan Time: 7:42 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.14.11
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Mur

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 428688
Time Elapsed: 31 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#8
Jr0x

Posted 15 July 2016 - 07:49 AM

Malware removal team

Malware Removal
1,830 posts

Hi MurrayWiseman,

You have posted the wrong log. You should have posted FRST fixlog that produce after the fix I told you to run on Post #6.
But you mentioned that the files are now gone, so it should look like the fix went well.

Instead of running ESET, let's try with BitDefender.

Scan with BitDefender Online Scanner

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please run a free on line scan with BitDefender Online Scanner.

Click the green Start Scanner button
Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
Accept the plugin installation
Restart your browser in Administation mode if requested
Click the green Scan Now button again
Accept the eula agreement if asked
The scan should start. It will be relatively quick.
Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
Notepad will open with a log
Save to your desktop
Copy and paste the report back here

Lastly, let me know how is your system running now? Any other issue you like to highlight?

#9
MurrayWiseman

Posted 16 July 2016 - 07:43 AM

New Member

Topic Starter
Member
7 posts

Sorry for sending the wrong log. Here is the BitDefender log

System is running fine as far as I can tell. There are no obvious issues or anomalies to report.

QuickScan 32-bitv0.9.9.147
--------------------------
Scan date: Sat Jul 16 09:28:59 2016
Machine ID: 62724570

No infection found.
-------------------

Processes
---------
(verified) ACMON                                    5316    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(verified) Dropbox                                  9264    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(verified) Firefox                                  7472    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(verified) Firefox                                 10420    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(verified) Google Drive                             9164    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(verified) Google Drive                             9584    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(verified) Java Platform SE Auto Updater           10028    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft OneNote                       10016    C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(verified) Skype                                    9816    C:\Program Files (x86)\Skype\Phone\Skype.exe
(verified) TurboTop                                 1268    C:\Program Files (x86)\TurboTop\TurboTop.exe

Network activity
----------------
Process firefox.exe (7472) connected on port 443 (HTTP over SSL) --> 54.191.239.151
Process firefox.exe (7472) connected on port 80 (HTTP) --> 72.21.91.29
Process firefox.exe (7472) connected on port 443 (HTTP over SSL) --> 31.13.71.7
Process firefox.exe (7472) connected on port 443 (HTTP over SSL) --> 184.150.183.109
Process firefox.exe (7472) connected on port 80 (HTTP) --> 184.150.182.114
Process firefox.exe (7472) connected on port 443 (HTTP over SSL) --> 52.88.118.150
Process firefox.exe (7472) connected on port 443 (HTTP over SSL) --> 52.85.142.66
Process firefox.exe (7472) connected on port 443 (HTTP over SSL) --> 54.148.29.236
Process firefox.exe (7472) connected on port 443 (HTTP over SSL) --> 52.10.180.42
Process Dropbox.exe (9264) connected on port 443 (HTTP over SSL) --> 162.125.17.131
Process googledrivesync.exe (9584) connected on port 5222 (XMPP/Jabber) --> 74.125.201.125
Process Skype.exe (9816) connected on port 443 (HTTP over SSL) --> 65.54.225.167
Process Skype.exe (9816) connected on port 40031 --> 65.55.223.26
Process Skype.exe (9816) connected on port 443 (HTTP over SSL) --> 65.52.108.74
Process Skype.exe (9816) connected on port 12350 --> 91.190.218.51
Process Skype.exe (9816) connected on port 443 (HTTP over SSL) --> 52.169.31.205

Process Dropbox.exe (9264) listens on ports: 17500
Process Skype.exe (9816) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 12655

Autoruns and critical files
---------------------------
(verified) ASUSWSLoader.exe                         C:\Program Files (x86)\ASUS\WebStorage\2.2.4.537\ASUSWSLoader.exe
(verified) cdloader2                                C:\Users\Mur\AppData\Roaming\mjusbsp\cdloader2.exe
(verified) Dropbox                                  C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(verified) Google Drive                             C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(verified) Google Update                            C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) GoToMeeting                              C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
(verified) GoToMeeting                              C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe
(verified) Java Platform SE Auto Updater            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(unsigned) Keyboard Indicator                       C:\KeyboardIndicator_1.6.0.1\KeyboardIndicator_1.6.0.1\KeyboardIndicator.exe
(verified) Microsoft OneDrive                       C:\Users\Mur\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(verified) Microsoft OneNote                        C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(verified) Microsoft® Windows® Operating System     c:\Windows\System32\userinit.exe
(verified) Sandboxie                                C:\Program Files\Sandboxie\SbieCtrl.exe
(verified) Skype                                    C:\Program Files (x86)\Skype\Phone\Skype.exe
(verified) TurboTop                                 C:\Program Files (x86)\TurboTop\TurboTop.exe

Browser plugins
---------------
(verified) Adobe Acrobat                            C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
(verified) Adobe Content Decryption Module for Fir C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\gmp-eme-adobe\17\eme-adobe.dll
(verified) Bitdefender QuickScan                    C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Citrix Online Web Deployment Plugin 1.0 C:\Users\Mur\AppData\Local\Citrix\Plugins\104\npappdetector.dll
(verified) Evernote®                                c:\program files (x86)\Evernote\Evernote\evernoteie.dll
(verified) Foxit PhantomPDF Plugin for Mozilla      C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
(verified) gmpopenh264.dll                          C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
(verified) Google Talk Plugin                       C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Renderer        C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npo1d.dll
(verified) Google Update                            C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
(verified) Google Update                            C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll
(verified) ietabhelper.exe                          C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\9.6.7.1_0\ietabhelper.exe
(verified) Intel® Identity Protection Technology    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
(verified) Intel® Identity Protection Technology    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
(verified) Internet Explorer                        C:\Windows\SysWOW64\ieframe.dll
(verified) Java Deployment Toolkit 8.0.910.14       C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll
(verified) Java™ Platform SE 8 U91               c:\program files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
(verified) Java™ Platform SE 8 U91               C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
(verified) Java™ Platform SE 8 U91               c:\program files (x86)\Java\jre1.8.0_91\bin\ssv.dll
(verified) Microsoft Office 2016                    C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll
(verified) NPSWF32_22_0_0_209.dll                   C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
(verified) Silverlight Plug-In                      C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
(verified) Skype Click to Call                      c:\program files (x86)\Skype\Toolbars\internet explorer\skypeieplugin.dll
(verified) VLC Web Plugin                           C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
(verified) WebEx Download Module                    C:\Windows\Downloaded Program Files\ieatgpc.dll
(verified) Widevine Content Decryption Module       C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\gmp-widevinecdm\1.4.8.866\widevinecdm.dll

Scan
----
MD5: deaf423d197a4ea5f33d962706d38a5b C:\KeyboardIndicator_1.6.0.1\KeyboardIndicator_1.6.0.1\KeyboardIndicator.exe
MD5: ceef2b70937c374295af8047525b137d C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
MD5: 36d09b8f7abfa3c6be5a9101f8b6a6e5 C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
MD5: 564cb886d1a968b9798c1ab03f4eb54f C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
MD5: c435191fad19b43e5c3082e4275dce75 C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
MD5: 4c016fd76ed5c05e84ca8cab77993961 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
MD5: dbc598e47e7a382e60e2a4745d41fef9 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
MD5: 0e72c3173d24bc1acabfa3fbaf0874d8 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MD5: ed81d83083187fe0c75e2cd5a0a1378c C:\Program Files (x86)\ASUS\Splendid\Alb_ASUSLib.dll
MD5: 272843f05cf33725d2eb4c38bcb4eae2 C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
MD5: 5dc67be28ab0ed86f22e5e779899bba2 C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
MD5: d3dc05e0239c3157773d5a4dc9a69f97 C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
MD5: 84536ec4907c069b1a2948fe5306d6f0 C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
MD5: 3ffb36108fc138ffb33d322354998d53 C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
MD5: e7456f48adc0f3ece9d87730e31a712e C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
MD5: f5d5ff92322175da0dee254d2b84b77b C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
MD5: bc83108b18756547013ed443b8cdb31b C:\Program Files (x86)\ASUS\Splendid\msvcp100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Program Files (x86)\ASUS\Splendid\msvcr100.dll
MD5: 2fa79914dda6286167c797a64842ae58 C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe
MD5: 9e329ef2c8a145a68d243e31d3e4deb2 C:\Program Files (x86)\ASUS\WebStorage\2.2.4.537\ASUSWSLoader.exe
MD5: 68e7dea59fdef410baf29fdb5b7a6eef C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 6513807fee68e6c32e67437ee3ffb6c8 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 13c9366b6120a0302006f48120af8e64 C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
MD5: 40f8b73c0a1d179be90de0c9999eedb8 C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
MD5: b80a2b1275b25ee97c78165edaed49b3 C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
MD5: 1dfab50eccb9a54662e3477f0003cc42 C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
MD5: 8038bfb473436f19ae2765400d1c3957 C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
MD5: 700ff5da2ade2ea68cf43bf42f93bc0e C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
MD5: c0545b2dcbab09a53d9c5f7d3d38e7f5 C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
MD5: 520e6c799a6c7434e5b2d8943ff137cf C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
MD5: 9cc5fa68dc06e0598a38618e02e9af08 C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
MD5: abdef5f24d965beb17acc7948b4bebfd C:\Program Files (x86)\Dropbox\Client\concrt140.dll
MD5: 99339ddf8bb76977cb6145fe9e4d9319 C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
MD5: d4c03c484f325f1a6c62376e34586a18 C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
MD5: 6ece81f10dd3bfc92cf29a6c912ece81 C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
MD5: dd1629c98665a0a226109ceea4ee1975 C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
MD5: 57635d7d9f08db05eb4fb9bc620a9eea C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
MD5: 31bc73fd3c9258ff9e8531a3573fb3ad C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
MD5: 8e15a7e9df1593b094473413a4392d4e C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll
MD5: da422de24d617f9754f982bfe895eaf4 C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
MD5: c73b2902d2f81d42c33c6d1351c5310f C:\Program Files (x86)\Dropbox\Client\enterprisedataadapter.dll
MD5: 3e71756a65de67959d98f31603a5aadb C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
MD5: 0de80228486f4e98dfcb8e636e6ce873 C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
MD5: 4228a1f281b6b8b0ec048ba380f634af C:\Program Files (x86)\Dropbox\Client\icudt55.dll
MD5: 7f3e21eeb9282249c733bea64770e9db C:\Program Files (x86)\Dropbox\Client\icuin55.dll
MD5: cf715bd2c64d276cbf03e35ee3c81596 C:\Program Files (x86)\Dropbox\Client\icuuc55.dll
MD5: f962bce135aad9f8792ed1eb5523e4d6 C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
MD5: a9a8a3ab904d767046621defb1b3b8a8 C:\Program Files (x86)\Dropbox\Client\librsync.dll
MD5: f418a0945933a71949b1d30336fba86a C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
MD5: 8352464b084d3ce5d3be6bcd88687893 C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
MD5: fd5cabbe52272bd76007b68186ebaf00 C:\Program Files (x86)\Dropbox\Client\msvcp120.dll
MD5: 1d8c79f293ca86e8857149fb4efe4452 C:\Program Files (x86)\Dropbox\Client\msvcp140.dll
MD5: 034ccadc1c073e4216e9466b720f9849 C:\Program Files (x86)\Dropbox\Client\msvcr120.dll
MD5: 59082385ef6fa6e3dc3b2805271776c6 C:\Program Files (x86)\Dropbox\Client\plugins\imageformats\qgif.dll
MD5: e57bfba98c7921b41930f40e7fc47649 C:\Program Files (x86)\Dropbox\Client\plugins\imageformats\qjpeg.dll
MD5: 10a2a5001c31cb75c9ab49f36df9e306 C:\Program Files (x86)\Dropbox\Client\plugins\platforms\qwindows.dll
MD5: 037d14ac54b84893b421fc02f1d91669 C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
MD5: 74b52e18fd66f76c46a6fc8c92483268 C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
MD5: 87ce336c358384639b0b333abab4b439 C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
MD5: d4dc6864545f493202a767e8ffbd2720 C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
MD5: 326eaba852013b4b4fbeed4aacbac206 C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
MD5: da2f83a8e8bed453415a0591b44f01b2 C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
MD5: 0d9ff7b2b2f4d6f51f7f4c3b45d5dd6e C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
MD5: 2e7bb791ca1df2dd264da61cb7b7ab5a C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
MD5: 4ee8bf1ea7a63919a4622800562f508b C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
MD5: 5cad8af592da64c87026d53e2d5fc48d C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
MD5: 8109dcdd3e55dfa54cb1cd711fa491b5 C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
MD5: 694ffbdf5ea75f5531a659a952b487b3 C:\Program Files (x86)\Dropbox\Client\python27.dll
MD5: 29f2941da79fbee383555545bff1bcdf C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
MD5: eb34ef3ee230dd1243d75eb316ed57ef C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
MD5: e3ba5f548b2747335012abad6a9458a6 C:\Program Files (x86)\Dropbox\Client\Qt5Core.dll
MD5: 57aefe853e8ea852cff97dc2719f8b3c C:\Program Files (x86)\Dropbox\Client\Qt5Gui.dll
MD5: 1e96a7407543c31f14f081ed994e7768 C:\Program Files (x86)\Dropbox\Client\Qt5Network.dll
MD5: bd5467c7710b0c8a20e357d39b40e284 C:\Program Files (x86)\Dropbox\Client\Qt5PrintSupport.dll
MD5: 2150be83337371dd585cb56bfa7379ec C:\Program Files (x86)\Dropbox\Client\Qt5QML.dll
MD5: e3e59105f4607b871eb12e6278a6060a C:\Program Files (x86)\Dropbox\Client\Qt5Quick.dll
MD5: b132c8cbb2cbaa8f5393d4b8854e3122 C:\Program Files (x86)\Dropbox\Client\Qt5Webkit.dll
MD5: efd6e56927b16e13b51affb136cedf18 C:\Program Files (x86)\Dropbox\Client\Qt5WebkitWidgets.dll
MD5: 7e6501284533a6d3e2cd6bd18dab2acd C:\Program Files (x86)\Dropbox\Client\Qt5Widgets.dll
MD5: 61c132999d832be3743fbd3b593c7098 C:\Program Files (x86)\Dropbox\Client\select.pyd
MD5: c3a46cb0bfa41e23a617b42d0fdca124 C:\Program Files (x86)\Dropbox\Client\sip.pyd
MD5: 40b2208c4015cc58100d810644e4265e C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
MD5: 100a47f140660c407bf75171700e2bb0 C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
MD5: 8cda4db633bd9ccb9a4f41d435bdfa0a C:\Program Files (x86)\Dropbox\Client\vccorlib140.dll
MD5: b77eeaeaf5f8493189b89852f3a7a712 C:\Program Files (x86)\Dropbox\Client\vcruntime140.dll
MD5: d74dfae8688b4f77dc9bec09a27713ca C:\Program Files (x86)\Dropbox\Client\win32api.pyd
MD5: 8cf58657e3b74b72642a2fb7747ac7cc C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
MD5: 95b6e0a6b2e7625d8848897387eed23d C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
MD5: 57adcb79c03b966f63e952d2858ba21c C:\Program Files (x86)\Dropbox\Client\win32event.pyd
MD5: 322433c732898e995b0e05282c2cc960 C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
MD5: 5d0fd7e398053be225aa7718053d608c C:\Program Files (x86)\Dropbox\Client\win32file.pyd
MD5: caf2c99e8ae1e0cefa1b1f4979bf161f C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
MD5: 0d99ae5350eacd24065db944b4e9db53 C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
MD5: f733f4b1a44a22fd1ae97e723097cfca C:\Program Files (x86)\Dropbox\Client\win32print.pyd
MD5: 003160dd729dd42a2b2fe3ee7c6518c0 C:\Program Files (x86)\Dropbox\Client\win32process.pyd
MD5: 7baa7ddf4b8a382871d7050ea29e5c03 C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
MD5: d129c348528f77e00720db1c276772de C:\Program Files (x86)\Dropbox\Client\win32security.pyd
MD5: a2af1188ec36c71f7900ebe08ba1620e C:\Program Files (x86)\Dropbox\Client\win32service.pyd
MD5: 202f6fe54c3d43342d223417be6c3877 C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
MD5: 54ac8087e2954319a4bca3b6efe7b66b C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
MD5: a16d876ad6d4a48fc9bebfdf72cc4920 C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
MD5: 8d1cb326870aab9f4023eee6b5f7635a C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
MD5: 91e2921183e5c909b3fd49e187d2b2ec C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
MD5: 85f162cbc60a700433bf1d4365b15f31 C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
MD5: 321b19cd60cb94680355e3fd580d6eef C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
MD5: 1a8e71add5dcf1e0e7250bff792e2b22 C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
MD5: a6d98a686e3c052d916852bb50265c37 C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
MD5: a1f58fff448e4099297d6ee0641d4d0e C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
MD5: a727838fbfb7bb82594167270258e5fa c:\program files (x86)\Evernote\Evernote\evernoteie.dll
MD5: 694033ecb8cafde745587e85a1fa5851 C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
MD5: 8dc87980d24dca6d9e9cbcd6a8ff21e6 C:\Program Files (x86)\Google\Drive\googledrivesync.exe
MD5: c426f7e678d6e539041847556059d5e8 C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
MD5: 053eeee1abae53f044f1e386e22ae525 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
MD5: 83ff82fe209e7997067b375dad6cf23d C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
MD5: 1c3ef75b521db60e951711440648b0d5 C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
MD5: 9328f1a1e158da90bcf72ce299def3d0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
MD5: 25c3e6669946cb890ece2e73dd44b6f2 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
MD5: 631abc3e8ff50f9b70b9a52568b1f5f6 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: beaf98a3ffc5d4044cf196438ef3ae96 C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll
MD5: f78ca16c5550c0283403dd3147422044 c:\program files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
MD5: 02c26c61fb7527dfafabd4e7bd72f475 C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
MD5: 0adcd7eb3f8f5ab914dc6092ecdd9318 c:\program files (x86)\Java\jre1.8.0_91\bin\ssv.dll
MD5: 9611577752e293259c7dce19e9026362 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
MD5: f1a89a34388b5626f1548d393b23ecb1 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
MD5: f9cf9ded2678ad84a584563626a898d5 C:\Program Files (x86)\Microsoft Office\root\Office16\1033\ONINTL.DLL
MD5: f969d1de6c04553acfdc307d157c0c9c C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
MD5: 725f9a28ef41a636668f9dae76203cf3 C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
MD5: a3257c59695bd691b433dff4b3e36c86 C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
MD5: 3b82a15800af9e78528e7ec492e1d2ff C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
MD5: 825fb6de39fe63b3f59b78d760f0619c C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: adbae3f3cf8bab69a2bb0ed04bf83c7c C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 601035690f76355b1da826f5d5a6598c C:\Program Files (x86)\Mozilla Firefox\icudt56.dll
MD5: 2d5fb2ac1828c2257c29d5429e4cbb6d C:\Program Files (x86)\Mozilla Firefox\icuin56.dll
MD5: d16a4194d859f9ef5b58444cc93b2147 C:\Program Files (x86)\Mozilla Firefox\icuuc56.dll
MD5: 54cbf1c29f1df48d5767c7a8a6229622 C:\Program Files (x86)\Mozilla Firefox\lgpllibs.dll
MD5: f9bb28229588d6ae808ee8fed8f575a5 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: fd5cabbe52272bd76007b68186ebaf00 C:\Program Files (x86)\Mozilla Firefox\msvcp120.dll
MD5: 034ccadc1c073e4216e9466b720f9849 C:\Program Files (x86)\Mozilla Firefox\msvcr120.dll
MD5: ca95a33b9d87bca9c98449dd4c94776a C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 7d0505353e6a948958433bfb7e491442 C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: b09e7e7bb799c31c6f894f5b3ca80b5b C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: b6f06766529b7a15f7c419630397a25a C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 766117de86ccfeb0923eb0206a81f069 C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
MD5: 915de876077a82998345c00eb1e5b0d3 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 62299779aa028adf8b0b4c0006237dee C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: d6f67a73e6557578b755f7b534e00f47 C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: b7d3a639e23f80c4eefdeed370d955fd C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll
MD5: 188d5756fd547c6e91272b1d6112f05c C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll
MD5: 2e497adcbda3d4cdaa4c24af2b568ec4 C:\Program Files (x86)\Skype\Phone\RtmPal.dll
MD5: f04d04783df23bdac5167f58561a7127 C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll
MD5: 6fc3e28ef8bbf3110173d2d16ed0ca58 C:\Program Files (x86)\Skype\Phone\SkypeResources.dll
MD5: 27b990b20bcf63060a135b99ddfd38c1 C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
MD5: c8d931d734fc0097478ce2583a75c4df C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
MD5: bb945ed6bd3e77db44f4c1ad354cdc0c c:\program files (x86)\Skype\Toolbars\internet explorer\skypeieplugin.dll
MD5: 8e1cc0517de17df83cf80bfce9f0c000 C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
MD5: a58b05e6b949d86144907f0a4d807032 C:\Program Files (x86)\Skype\Updater\Updater.dll
MD5: 9a66a87bbc0ec4463042959b7c0d4ac1 C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: 2aa61246a5b813c1b12bccfaa6f23dd8 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
MD5: 90d48dae5d1a3c2272a5e726883a1275 C:\Program Files (x86)\TurboTop\TurboTop.exe
MD5: 08c3c6b144eb5ebde93263237c53db14 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
MD5: a568887ac1e2233fcff56f6f5b4a98b9 C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll
MD5: 303a9c3fb709a6cd6308cd34b06f17ae C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll
MD5: 6a00d06d11aa1ed9e436f65d293ce9ae C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll
MD5: 9185bbaf60d6bcac7576f1711a16879a C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
MD5: 5e7f2ce9e9bf48521298d1c6729145c5 C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
MD5: f46725834d4b1148c4f4f0354c570190 C:\Program Files\Intel\Media SDK\mfx_mft_h264ve_32.dll
MD5: e97e971fb9fe4c0a72cb89b8063a4468 C:\Program Files\Sandboxie\SbieCtrl.exe
MD5: ecadb026023bf6e200a552e4ea700f47 C:\Program Files\Sandboxie\SbieDrv.sys
MD5: 6e78d6ca33ece9c7f0a7b0775198ba4d C:\Program Files\Sandboxie\SbieSvc.exe
MD5: 4c5f50a9b3ca9b37692a047d0919983a C:\Program Files\Windows Defender\MsMpEng.exe
MD5: f3a57f42d94b3b7cd1f6d82600d14c98 C:\Program Files\Windows Defender\NisSrv.exe
MD5: 09d8ebc01776c2d117918993eddc19b2 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: e414c600154cff41e169b2495eb6f860 C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
MD5: e414c600154cff41e169b2495eb6f860 C:\Users\Mur\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe
MD5: e3b4ea121f7bdeb0f6366e2ba9608cb5 C:\Users\Mur\AppData\Local\Citrix\Plugins\104\npappdetector.dll
MD5: b4fd8f569839be992586753f1673ebf5 C:\Users\Mur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\9.6.7.1_0\ietabhelper.exe
MD5: c426f7e678d6e539041847556059d5e8 C:\Users\Mur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll
MD5: 053eeee1abae53f044f1e386e22ae525 C:\Users\Mur\AppData\Local\Google\Update\GoogleUpdate.exe
MD5: f9387d080bf8566354cdb0445ab8f87b C:\Users\Mur\AppData\Local\Microsoft\OneDrive\OneDrive.exe
MD5: 92c0415a50ba75908857d195c44b31f4 C:\Users\Mur\AppData\Local\Temp\_MEI91642\_ctypes.pyd
MD5: ba16e4c8003698e1c2d32b394f6ab405 C:\Users\Mur\AppData\Local\Temp\_MEI91642\_elementtree.pyd
MD5: 13711c2c25c3249779f658d2743389d4 C:\Users\Mur\AppData\Local\Temp\_MEI91642\_hashlib.pyd
MD5: 3297fb07310b562de8ecbe82bb8572dc C:\Users\Mur\AppData\Local\Temp\_MEI91642\_multiprocessing.pyd
MD5: 09600d21c1ce2268f8bc7c303ade7af9 C:\Users\Mur\AppData\Local\Temp\_MEI91642\_psutil_windows.pyd
MD5: 3f965c9b20bbb554f01c994646b738fd C:\Users\Mur\AppData\Local\Temp\_MEI91642\_socket.pyd
MD5: 267adc849fa8273a3c1006e08305d428 C:\Users\Mur\AppData\Local\Temp\_MEI91642\_ssl.pyd
MD5: 7a6d77c66f768e305215b380584a5208 C:\Users\Mur\AppData\Local\Temp\_MEI91642\_yappi.pyd
MD5: 121cb732d7e3aae9787edb9868cf9064 C:\Users\Mur\AppData\Local\Temp\_MEI91642\common.time34.pyd
MD5: afc0b1a3947d54415104f34e2f3e7aae C:\Users\Mur\AppData\Local\Temp\_MEI91642\hashobjs_ext.pyd
MD5: 875d273c9bd19c16867ca70cc79ab489 C:\Users\Mur\AppData\Local\Temp\_MEI91642\pyexpat.pyd
MD5: 2c884a85e80ecf2b4e78627f53eb7f05 C:\Users\Mur\AppData\Local\Temp\_MEI91642\pysqlite2._sqlite.pyd
MD5: ce52e68760b3a47cddae01459b78d596 C:\Users\Mur\AppData\Local\Temp\_MEI91642\python27.dll
MD5: 72d8c1a1d90a3803ca16c8e49b3811a0 C:\Users\Mur\AppData\Local\Temp\_MEI91642\pythoncom27.dll
MD5: f0469abb4f2914c78ce875a430425958 C:\Users\Mur\AppData\Local\Temp\_MEI91642\PyWinTypes27.dll
MD5: 25c5f610d00b6c3b2fec27948e03e243 C:\Users\Mur\AppData\Local\Temp\_MEI91642\select.pyd
MD5: f77555696d481930525b3c007e95794f C:\Users\Mur\AppData\Local\Temp\_MEI91642\thumbnails_ext.pyd
MD5: d23c27a9e5af003e02aa566f69d5cf47 C:\Users\Mur\AppData\Local\Temp\_MEI91642\unicodedata.pyd
MD5: d9348f066ca169061364e9365bf3b1bb C:\Users\Mur\AppData\Local\Temp\_MEI91642\usb_ext.pyd
MD5: cd646e722c515cd13540b4b3d0e46e4b C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32api.pyd
MD5: 45824a83060375f619c280d4519635ae C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32com.shell.shell.pyd
MD5: 67657d13a483a6555f7b7838a9c1c634 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32crypt.pyd
MD5: bda609a840ce71f839fb68ce146469e4 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32event.pyd
MD5: 7519d78535ec10fdc687da7d90ea9cd7 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32file.pyd
MD5: d0f1dcb9d3c02d8c9175eb1d8d8855a7 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32gui.pyd
MD5: f5d3c444c0c88996435784d2aa788ea1 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32inet.pyd
MD5: 0c70d89ff28838ac2cbf5479ba585b86 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32pdh.pyd
MD5: e1f9fc63175a0e6799cbb58a094a80fa C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32pipe.pyd
MD5: dfa9c2b1d1d0d33a4bc9f140ccd68857 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32process.pyd
MD5: f5d3acc67980a80430acd068898f0f97 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32profile.pyd
MD5: a066a0070d7264f4e33e2b66bea51ab9 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32security.pyd
MD5: 71fe5eb3283e1cfe8dcc7075dc68f0e6 C:\Users\Mur\AppData\Local\Temp\_MEI91642\win32ts.pyd
MD5: 6b028c0491df106d8a49a16472be8f5f C:\Users\Mur\AppData\Local\Temp\_MEI91642\windows._lib_cacheinvalidation.pyd
MD5: e628d07ca0d901f876cfb2fdf570a39c C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._animate.pyd
MD5: 97b9ec0db1f379d1e54fff193f4a6689 C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._controls_.pyd
MD5: 3b8f614c5bb4ceb353cdf409e0ccea7b C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._core_.pyd
MD5: e23e0dc0d359ed975bfab97b3ec4b96e C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._gdi_.pyd
MD5: 77dbed621f5d7a00abcc3f010a8664c2 C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._html2.pyd
MD5: d8edbf8a14b446d0ac7e1b6c8f0dad1c C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._misc_.pyd
MD5: 4d1c6cbb811f940e2405a0b14bc26fdc C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._windows_.pyd
MD5: 163e70c9fa0b451fa4eb39d9462a9002 C:\Users\Mur\AppData\Local\Temp\_MEI91642\wx._wizard.pyd
MD5: 8abeb0f85934df4329c145116ea1c7ac C:\Users\Mur\AppData\Local\Temp\_MEI91642\wxbase30u_net_vc90.dll
MD5: e21cb912288e0ab5c8ece3abc2788149 C:\Users\Mur\AppData\Local\Temp\_MEI91642\wxbase30u_vc90.dll
MD5: 4bcd21ce5ec80e1666002f588439cafc C:\Users\Mur\AppData\Local\Temp\_MEI91642\wxmsw30u_adv_vc90.dll
MD5: f67b8b3f8fda00f501573e7c267aed26 C:\Users\Mur\AppData\Local\Temp\_MEI91642\wxmsw30u_core_vc90.dll
MD5: 54501be59fdb1a6b4f37eb2d9a7504d4 C:\Users\Mur\AppData\Local\Temp\_MEI91642\wxmsw30u_html_vc90.dll
MD5: f8a0a2bfa38d2ac9fc082be67ac2e6e4 C:\Users\Mur\AppData\Local\Temp\_MEI91642\wxmsw30u_webview_vc90.dll
MD5: 7c0aa66e6352337ef923ba8b3aeb099d C:\Users\Mur\AppData\Roaming\mjusbsp\cdloader2.exe
MD5: 67d64c11c1dd750526c54f0604338370 C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: b1c853e7285e224a69695be88ed31a2c C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\gmp-eme-adobe\17\eme-adobe.dll
MD5: ea3d36516f6119e7480912bc6aba432f C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
MD5: 75bb7fd4799a6801b4e2c0ca160f09b3 C:\Users\Mur\AppData\Roaming\Mozilla\Firefox\Profiles\d6ex0fnt.default\gmp-widevinecdm\1.4.8.866\widevinecdm.dll
MD5: 20ff20fbc1f20adec0ad6af98abe9545 C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
MD5: 57d28190c994ad5e9b1007fb2259393a C:\Users\Mur\AppData\Roaming\Mozilla\plugins\npo1d.dll
MD5: 21da2c511f4e2132a57167672e093900 C:\Windows\Downloaded Program Files\ieatgpc.dll
MD5: e396258cfd8f84e8f2c24930e6d88c67 C:\Windows\explorer.exe
MD5: e79dac43a5e191fc4ddb04197a704bfa C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 9e9beb22644ce1da521a1d7821bf891f C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
MD5: e50dd57f496ced8873fa3e7d38bccd42 C:\Windows\servicing\TrustedInstaller.exe
MD5: 7db6a5ceeac1cb15cf78552794b3db31 C:\Windows\System32\cmd.exe
MD5: 460cdd92c5283dcb9e35af2b8db7f200 C:\Windows\System32\coremessaging.dll
MD5: cef14db231b344bbdbf7c04a12d8336b C:\Windows\System32\dhcpcore.dll
MD5: b27e38ad86c7456d60d8f09e4b20c39e C:\Windows\System32\dllhost.exe
MD5: 14f9883588398a1bde49c75098c75de6 C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
MD5: 468ef07e739f81fbbd367fa1714f8460 C:\Windows\System32\es.dll
MD5: b6113983ed77d6fe99bdee461e7be004 C:\Windows\System32\explorer.exe
MD5: cb8fdf512167635c405462929b869173 C:\Windows\System32\hidserv.dll
MD5: 24e9ec1df7b5a2daa5320cc4a46e8c07 C:\Windows\System32\keyiso.dll
MD5: 5db9e3823196dd092c74bb50fc28f9a8 C:\Windows\System32\lfsvc.dll
MD5: 3298ebaa3ae46370fc3dfe475cb5ccfa C:\Windows\System32\mprdim.dll
MD5: e75ac715811a89b9ea07e0f7f1ef947a C:\Windows\System32\msiexec.exe
MD5: 1f5b5642253fc9760eeacd81900c38dc C:\Windows\System32\mswsock.dll
MD5: bcb1bf49f2966fb37d0adae538c6fd73 C:\Windows\System32\NapiNSP.dll
MD5: 3249ea75874ee3dd3fcba141656df210 C:\Windows\System32\netlogon.dll
MD5: b5081d56f1cd87f6bf0bf1aa4e9c6bab C:\Windows\System32\nlaapi.dll
MD5: e3ca6f4ade51c84515e54914e65e4273 C:\Windows\System32\pla.dll
MD5: f56de562faa1901587f63dd289e71129 C:\Windows\System32\pnrpnsp.dll
MD5: 5c3b0aa4f5cb66261cb9c02f3086e870 C:\Windows\System32\provsvc.dll
MD5: 0cbe5aa15baaeb6ff579868854744f22 C:\Windows\System32\qwave.dll
MD5: f370a686221023ec003d96bb1fba57a0 C:\Windows\System32\SearchIndexer.exe
MD5: 4ee3f02aeeb6c68f05afa012ad570d14 C:\Windows\System32\SessEnv.dll
MD5: c8f696223a6cbeae88226f99608e9f2e C:\Windows\System32\shsvcs.dll
MD5: a5efbace0336f264a64b5e38f4fdcbc2 C:\Windows\System32\smphost.dll
MD5: 6a1212077c0559029cdfb9c39580c835 C:\Windows\System32\svchost.exe
MD5: f9f665083e8658c49b9b28f11be8c91d C:\Windows\System32\tapisrv.dll
MD5: 4b9de8eaa2e16c34e018749f325baeff C:\Windows\System32\Unistore.dll
MD5: 39106986eb2ad2774da8542c08304ff2 C:\Windows\System32\upnphost.dll
MD5: a878cf325c93723b5017642e6fdb80e8 c:\Windows\System32\userinit.exe
MD5: a29b811bcf499fdae9200061351eaae8 C:\Windows\System32\WcsPlugInService.dll
MD5: ed90c144d3d69efaa855fbd96eb9e1f4 C:\Windows\System32\wdi.dll
MD5: 5e716e09e2886bdb7a8f7a3ffde1daf2 C:\Windows\System32\WebClnt.dll
MD5: 5dc9ed2c89d94c47892df237d604bdc8 C:\Windows\System32\Windows.Internal.Management.dll
MD5: cf034e3697c5ca79777f94116d57c6a6 C:\Windows\System32\windows.staterepository.dll
MD5: 1e497317417c1c68b5453dd04721b16d C:\Windows\System32\winhttp.dll
MD5: 310b40b6e8224393eaae116335918a6a C:\Windows\System32\winrnr.dll
MD5: b4c037fe2596070442f6433188a48987 C:\Windows\System32\WsmSvc.dll
MD5: 98da8d97e83c73e7ad7a142a801e1898 C:\Windows\SysWOW64\actxprxy.dll
MD5: 30c2700a2cdef6042585c9296abc9054 C:\Windows\SysWOW64\advapi32.dll
MD5: 7049ec64f85d1e0ab63b831bb22ad8f6 C:\Windows\SysWOW64\apphelp.dll
MD5: 86128937b83e51bf543cbcb854ae4ffc C:\Windows\SysWOW64\AudioSes.dll
MD5: d8e6ee490b7f583c86470112ad19e49a C:\Windows\SysWOW64\avrt.dll
MD5: d68f4a2b936285eb622cb7788d6cdbda C:\Windows\SysWOW64\bcrypt.dll
MD5: 2fdf5001427d457ac43942fadc742404 C:\Windows\SysWOW64\bcryptprimitives.dll
MD5: a88e33303390a040f06fec446b94d765 C:\Windows\SysWOW64\biwinrt.dll
MD5: a5a99234cbb96c1cfe05d81b49732538 C:\Windows\SysWOW64\cfgmgr32.dll
MD5: 308932e847d7e298aca68e44cc64cac6 C:\Windows\SysWOW64\clbcatq.dll
MD5: cbe2dfb96c188dc8913b0ccbfa50c2ff C:\Windows\SysWOW64\combase.dll
MD5: 03bf64e3fd79a5c4fd0b51659b164edc C:\Windows\SysWOW64\comdlg32.dll
MD5: e247eaa09fe6397200205fa90bf87c1d C:\Windows\SysWOW64\crypt32.dll
MD5: eef55fae4722e6e396883c3f56c598ce C:\Windows\SysWOW64\cryptbase.dll
MD5: 0afc30b73039402b246eed530f9ce732 C:\Windows\SysWOW64\cryptnet.dll
MD5: 3d1ca9cc6fb4507e66b35f57b1c72763 C:\Windows\SysWOW64\cryptsp.dll
MD5: a30231d1c051b277b6e0f9a06ec9d19d C:\Windows\SysWOW64\cryptui.dll
MD5: ba51593377094c185eac4de2b2bd08e8 C:\Windows\SysWOW64\cscapi.dll
MD5: 00c8b201be1c9705906a484dbe5d6332 C:\Windows\SysWOW64\d2d1.dll
MD5: 92a252e7daf67d36bc81758a0f8596eb C:\Windows\SysWOW64\d3d10warp.dll
MD5: 4963662b1cbb0035fd5d6832824dc7b6 C:\Windows\SysWOW64\d3d11.dll
MD5: 4102898869c3f72fbd50e7a7d003f530 C:\Windows\SysWOW64\d3d9.dll
MD5: 58ff312134f6a7b069dbbaeaa33c2fad C:\Windows\SysWOW64\DataExchange.dll
MD5: 9c1366f1678317a7dae9bb4e5b4fe810 C:\Windows\SysWOW64\davhlpr.dll
MD5: 3eafe5a172ac92fe311c0cc55f0fc8d9 C:\Windows\SysWOW64\dbgcore.dll
MD5: bce2721ce55ed38d3ec41014c46a1f69 C:\Windows\SysWOW64\dbghelp.dll
MD5: 83cf09d8fe73dc8fa7374c98b32243df C:\Windows\SysWOW64\dcomp.dll
MD5: d091acb2f3e2a7a283ced92202bcb6d7 C:\Windows\SysWOW64\DDORes.dll
MD5: 7b23d09fdc181fcae35c474d9aebcdfc C:\Windows\SysWOW64\DefaultDeviceManager.dll
MD5: cd5cfb07a92b9fcd7eed8e293b26277e C:\Windows\SysWOW64\DevDispItemProvider.dll
MD5: 52d49f69aa65e999d9f0a19d496d4b88 C:\Windows\SysWOW64\devenum.dll
MD5: 856ad15fd2d187ea8435564a135c85c0 C:\Windows\SysWOW64\deviceaccess.dll
MD5: 0feb32ad349471a6e975e917d3608648 C:\Windows\SysWOW64\deviceassociation.dll
MD5: 4db6bc57f446a32215f0f9603ac25f85 C:\Windows\SysWOW64\devobj.dll
MD5: 88a3958213b43eed8402d4496149924a C:\Windows\SysWOW64\dhcpcsvc.dll
MD5: 4f34ccc76e60cce8ba12663a747ec05b C:\Windows\SysWOW64\dhcpcsvc6.dll
MD5: 6a7acabae92c837f5c1330188eae36ae C:\Windows\SysWOW64\dnsapi.dll
MD5: f8aa20dcbbc8c93156a706779eec979d C:\Windows\SysWOW64\dpapi.dll
MD5: a2f2e7c3b6c0b30c1b55011b7af18495 C:\Windows\SysWOW64\dwmapi.dll
MD5: de4c532c704002ed07b523208327629c C:\Windows\SysWOW64\DWrite.dll
MD5: 7cda291cf22b91ddbb88b5089ebe25ce C:\Windows\SysWOW64\dxgi.dll
MD5: 22810cd2bafab6303e34ad38f97e4789 C:\Windows\SysWOW64\dxva2.dll
MD5: ea11a61e656d6cc6f5001f8366b2ba08 C:\Windows\SysWOW64\edputil.dll
MD5: 051fde1463e8468facfc38c63b4d8fe3 C:\Windows\SysWOW64\efswrt.dll
MD5: 127c81f616e8cb699cfc16b0a2af412c C:\Windows\SysWOW64\esif_uf.exe
MD5: b44bc5cc78cf476028d1939a7712bd93 C:\Windows\SysWOW64\evr.dll
MD5: 23d61b1cfa38f287d8c31a4816315454 C:\Windows\SysWOW64\ExplorerFrame.dll
MD5: 160cc95d34d62b6a72f9e4e3ee52ebcc C:\Windows\SysWOW64\FirewallAPI.dll
MD5: 443ecb597f25a10c7f50c6d7f4c639d7 C:\Windows\SysWOW64\fltLib.dll
MD5: b315eb17077ef082a79922d4ea47dbf4 C:\Windows\SysWOW64\fwbase.dll
MD5: 9deb4c56faab147839bf68b6c28a38fc C:\Windows\SysWOW64\fwpolicyiomgr.dll
MD5: 9a9cdab4049bdb383c5ca8746f44e4cb C:\Windows\SysWOW64\FWPUCLNT.DLL
MD5: f58b6b20bb45e99c99d0f2b73b9ee373 C:\Windows\SysWOW64\gdi32.dll
MD5: 823f2ed0d6cf4e2e0d395a6ee8597e92 C:\Windows\SysWOW64\gpapi.dll
MD5: 350ed2186e2c0e80abce270c9a52647e C:\Windows\SysWOW64\ieframe.dll
MD5: 608f7830161d98dbdd6324f74e9165c4 C:\Windows\SysWOW64\iertutil.dll
MD5: 62b123936f051148870d4b4ad037b410 C:\Windows\SysWOW64\igd10iumd32.dll
MD5: cdbb67a32055adf8d083e643784c1edf C:\Windows\SysWOW64\igdumdim32.dll
MD5: 46c0cd3c54a9d4dd5b0025676537e326 C:\Windows\SysWOW64\igdusc32.dll
MD5: d67550f0a95b432548784dc00fad0948 C:\Windows\SysWOW64\imagehlp.dll
MD5: bc14df8fe84a3a0ebce87b857ac765e1 C:\Windows\SysWOW64\imm32.dll
MD5: a6b9fd89353d6005dd74485f591f2a83 C:\Windows\SysWOW64\IntelCpHeciSvc.exe
MD5: 29ed40feb4075b44524c630a66692672 C:\Windows\SysWOW64\IPHLPAPI.DLL
MD5: 79c50c86572af5891d1196569c9d2eb1 C:\Windows\SysWOW64\jscript9.dll
MD5: d67bf52412d3cb91833054d2bfe48a2f C:\Windows\SysWOW64\kernel.appcore.dll
MD5: 44aac4307be433e5c730124eb9043543 C:\Windows\SysWOW64\kernel32.dll
MD5: f45e83301a6c99d342c600b5b29bcd71 C:\Windows\SysWOW64\KernelBase.dll
MD5: 29ef8ec898fe21680db5fb15db513ec8 C:\Windows\SysWOW64\ksproxy.ax
MD5: 133c85e9d734825c3eb406112bc5b15b C:\Windows\SysWOW64\ksuser.dll
MD5: f2ff3c3d0904cfe2b5edd9fbb619e7a9 C:\Windows\SysWOW64\Kswdmcap.ax
MD5: ae88a1242b4ed4c2a0b0f1bcd10f12ee C:\Windows\SysWOW64\linkinfo.dll
MD5: bc238425cdd9828e119d18dc152f73e0 C:\Windows\SysWOW64\logoncli.dll
MD5: 32b31b696cb8e8f380831dfeb80a67e4 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 62d98b286c805e193568037b70d936d2 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
MD5: c2f1adbdde0e73e8419dcefc905bb299 C:\Windows\SysWOW64\mapi32.dll
MD5: f3b12c931650835388f43db2df606657 C:\Windows\SysWOW64\mf.dll
MD5: 4dd4ce124ad7bc9e46fba1769c03b8a7 C:\Windows\SysWOW64\mfc42.dll
MD5: b572c03916ec3a8be05cb2199d4a3263 C:\Windows\SysWOW64\MFCaptureEngine.dll
MD5: b65549a1cdb2c827ad022a3f35994fcf C:\Windows\SysWOW64\mfcore.dll
MD5: ecad0b75b91387c93637ff9d5354111c C:\Windows\SysWOW64\mfperfhelper.dll
MD5: a489cecf560ea0421c04277904210395 C:\Windows\SysWOW64\mfplat.dll
MD5: c85501fe7efd33e06a877b8786f396b6 C:\Windows\SysWOW64\mfreadwrite.dll
MD5: cf2bbf05f6c4d91fad1fc7bb0fdc05af C:\Windows\SysWOW64\mlang.dll
MD5: 0fa12d8a749a220b4b87e8d59d379291 C:\Windows\SysWOW64\MMDevAPI.dll
MD5: 1bbe261d60b58376c0632b943c835388 C:\Windows\SysWOW64\mpr.dll
MD5: 2818d79b40336d2451df9f298206b40e C:\Windows\SysWOW64\msacm32.dll
MD5: f62df6cb57e660f869c9331e608890c7 C:\Windows\SysWOW64\msasn1.dll
MD5: dab59c3c8469b348c159bd9db5e671ee C:\Windows\SysWOW64\MSAudDecMFT.dll
MD5: 0c7c31b2ce92455dcfd6776ca8bb073f C:\Windows\SysWOW64\mscms.dll
MD5: a680339559fbc02bc0854d73dde85c7b C:\Windows\SysWOW64\msctf.dll
MD5: 89a50808f3daba56dddee7dd7985d010 C:\Windows\SysWOW64\msdmo.dll
MD5: 01eca12a5bf2d571fce11c05419c3e50 C:\Windows\SysWOW64\mshtml.dll
MD5: 594d1c58958a1f980336964b643784f3 C:\Windows\SysWOW64\msi.dll
MD5: 74225a0f38f877733661640ebe7e4f85 C:\Windows\SysWOW64\msimg32.dll
MD5: 77f751d71f743ddb0a197f1725a077b1 C:\Windows\SysWOW64\msimtf.dll
MD5: 68f235f052cf622f9dc88dfdba424437 C:\Windows\SysWOW64\mskeyprotect.dll
MD5: 609414ba4f5ddfa0a00b6b6612e96ecf C:\Windows\SysWOW64\msmpeg2vdec.dll
MD5: 40a8e170569fcfeecca7bb397d418538 C:\Windows\SysWOW64\msvcp110_win.dll
MD5: fd5cabbe52272bd76007b68186ebaf00 C:\Windows\SysWOW64\msvcp120.dll
MD5: 4356ddf04a34722d3f217bb6da8b10c9 C:\Windows\SysWOW64\msvcp_win.dll
MD5: 034ccadc1c073e4216e9466b720f9849 C:\Windows\SysWOW64\msvcr120.dll
MD5: 28e17ed88e49348d817c03ab61a331cc C:\Windows\SysWOW64\msvcrt.dll
MD5: 242476400ac9b59f3e881a38607069c4 C:\Windows\SysWOW64\MSWB7.dll
MD5: 1f5b5642253fc9760eeacd81900c38dc C:\Windows\SysWOW64\mswsock.dll
MD5: 6e7bf3fb027d46b7defcffbef8c4511d C:\Windows\SysWOW64\msxml6.dll
MD5: bcb1bf49f2966fb37d0adae538c6fd73 C:\Windows\SysWOW64\NapiNSP.dll
MD5: b7f16888f9dbeae3353799f8e311ee0e C:\Windows\SysWOW64\ncrypt.dll
MD5: 110ee87b0f4e38609ad73e9075ef82a4 C:\Windows\SysWOW64\ncryptsslp.dll
MD5: 6c2b2ca75f486449921ed10a39db9799 C:\Windows\SysWOW64\netapi32.dll
MD5: 66c110dd37ada5ac5900c389c0f7655f C:\Windows\SysWOW64\netprofm.dll
MD5: f84f25c47feb5a193f5ae71dd32f27ee C:\Windows\SysWOW64\netutils.dll
MD5: b5081d56f1cd87f6bf0bf1aa4e9c6bab C:\Windows\SysWOW64\nlaapi.dll
MD5: ce9c0d0b2d60944fe1c6286f12dd9411 C:\Windows\SysWOW64\npmproxy.dll
MD5: e6b09c7a8b87dd00cd81233f345ddc63 C:\Windows\SysWOW64\nsi.dll
MD5: f3057c812668f7ec3cfc058dbf15a467 C:\Windows\SysWOW64\ntasn1.dll
MD5: 85ed26db17b3270944c344e0e5b7c34a C:\Windows\SysWOW64\ntdll.dll
MD5: 8c59ad41042220f1865042b21fb29e7b C:\Windows\SysWOW64\ntdsapi.dll
MD5: a0e65279653ec08504f8f38dce108f57 C:\Windows\SysWOW64\ntmarta.dll
MD5: 34b1dd62b3f090a0466241f84f1e9ae0 C:\Windows\SysWOW64\ntshrui.dll
MD5: 1ecd08c7578546dd98c9040325ce1e48 C:\Windows\SysWOW64\odbc32.dll
MD5: f0781a46dfe3a6c48fca23fcdda69b4b C:\Windows\SysWOW64\ole32.dll
MD5: 1a341701906986f1865766c6849269fc C:\Windows\SysWOW64\oleacc.dll
MD5: 84ad32378e0aa8afb7ceb98b9d452565 C:\Windows\SysWOW64\oleaut32.dll
MD5: fc03376f464f07369bc07a6d9be8ca8d C:\Windows\SysWOW64\olepro32.dll
MD5: bf769a5bea8e50f12264746d30d57c6f C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
MD5: 36fa903efd539b7d00239c9cedc97c15 C:\Windows\SysWOW64\pdh.dll
MD5: 0daf7b7d85f7af38e29161460899c63f C:\Windows\SysWOW64\perfhost.exe
MD5: fb87852f6e7b04dd9857f337fe839f03 C:\Windows\SysWOW64\PhotoMetadataHandler.dll
MD5: f56de562faa1901587f63dd289e71129 C:\Windows\SysWOW64\pnrpnsp.dll
MD5: 64229c17cfe9262689eae3e852d3975f C:\Windows\SysWOW64\policymanager.dll
MD5: 6e5504bc7658989ba5e8c8f2c5cbac13 C:\Windows\SysWOW64\powrprof.dll
MD5: 309d7e61c049287a1c08e672f804ce8c C:\Windows\SysWOW64\profapi.dll
MD5: af3369020e352540743e7664f7caa189 C:\Windows\SysWOW64\propsys.dll
MD5: 0cbd6f29b0d6eb100f26e88711ddcb0b C:\Windows\SysWOW64\psapi.dll
MD5: 27c3814755f5078a06b3b95cc6bad111 C:\Windows\SysWOW64\rasadhlp.dll
MD5: 9797bb52f1943b78cd245b41ae833e1f C:\Windows\SysWOW64\rasapi32.dll
MD5: 1a45703949eec6ca0e63454a4aedd4b8 C:\Windows\SysWOW64\rasman.dll
MD5: 525fc35182f9660e2a7dcc75607535dc C:\Windows\SysWOW64\rpcrt4.dll
MD5: 25b0baa64d6d62873faa7719db64015c C:\Windows\SysWOW64\rsaenh.dll
MD5: 6c86c034dd9600d5911f62ae044152b4 C:\Windows\SysWOW64\RTWorkQ.dll
MD5: ea1d5d03d850090168dff124d853be12 C:\Windows\SysWOW64\samcli.dll
MD5: 318e2a6ec26c9703a5b273b015672660 C:\Windows\SysWOW64\schannel.dll
MD5: 44f003640071cef97529386ddfaa7e75 C:\Windows\SysWOW64\sechost.dll
MD5: 332abbf873cf137e9432ca1a84d7da70 C:\Windows\SysWOW64\secur32.dll
MD5: c79db579784d205845f1e2002d7e9d75 C:\Windows\SysWOW64\security.dll
MD5: 7d51637a2e604113f1a4e96ff3f2727c C:\Windows\SysWOW64\SensorsNativeApi.dll
MD5: 8162bc2ec9e529aa90f196a12d887308 C:\Windows\SysWOW64\setupapi.dll
MD5: 4c1ec77f67f0c557ad0349a90f85be7e C:\Windows\SysWOW64\sfc.dll
MD5: 5740c44b01bd7460eb57e566d69840e5 C:\Windows\SysWOW64\sfc_os.dll
MD5: b726b6583c0e880b59be3c4463c27bab C:\Windows\SysWOW64\SHCore.dll
MD5: 3eeac377d273abb2b6fb02dbfe8e307e C:\Windows\SysWOW64\shell32.dll
MD5: 9dda53c3cc1ce833d2d1ba1adae5bc2d C:\Windows\SysWOW64\shfolder.dll
MD5: b2e379fd64ba683f7746d597fbdec729 C:\Windows\SysWOW64\shlwapi.dll
MD5: 9cfb45e24a53d21711b258a8eda8c402 C:\Windows\SysWOW64\Speech\Common\sapi.dll
MD5: aa0b2c1cd3493fd4b3284da6eac7dbd5 C:\Windows\SysWOW64\srpapi.dll
MD5: c122d52ed9662f09ec2650b010544468 C:\Windows\SysWOW64\srvcli.dll
MD5: bfdf9ca7133d41a8612952af1920e098 C:\Windows\SysWOW64\sspicli.dll
MD5: a142f1d0ff07c172fa90075b7848ccd0 C:\Windows\SysWOW64\StructuredQuery.dll
MD5: 4f05dba4de883528aefa9dd60c26ef0c C:\Windows\SysWOW64\sxs.dll
MD5: a5b6dddf137c8118b93d00404510741d C:\Windows\SysWOW64\twinapi.appcore.dll
MD5: 643bba6fb3da30dc0294f14d72eefaab C:\Windows\SysWOW64\twinapi.dll
MD5: 99ae22579c868e707bdd3d1b7f8bea87 C:\Windows\SysWOW64\ucrtbase.dll
MD5: 7d5e17fc31fa563a94a8251af8addee4 C:\Windows\SysWOW64\urlmon.dll
MD5: e7bd4d15cdc5a1e162256cfadca92344 C:\Windows\SysWOW64\user32.dll
MD5: f9d528cfee1736b7736f3a744dc6f644 C:\Windows\SysWOW64\userenv.dll
MD5: 39b3d4f9d2b3f2ace75b7a52a4ddf6fe C:\Windows\SysWOW64\usp10.dll
MD5: e439e962849c880195d810e16cda323c C:\Windows\SysWOW64\uxtheme.dll
MD5: 21d2b62613f33859b41636c3c5c9f753 C:\Windows\SysWOW64\vcruntime140.dll
MD5: 85bd82333fc4ae6cff706f140a67b1b0 C:\Windows\SysWOW64\version.dll
MD5: 9a5b52b6afabda25054c23add3286087 C:\Windows\SysWOW64\vidcap.ax
MD5: 6554e12df676f2a28c725fbde1be6eb5 C:\Windows\SysWOW64\wbem\fastprox.dll
MD5: 7014e1ffd44325c59027bab70efb1a4d C:\Windows\SysWOW64\wbem\wbemdisp.dll
MD5: f7819af6315b8865ae1149a9ed13dfcb C:\Windows\SysWOW64\wbem\wbemprox.dll
MD5: a0e9c9171fac9bf5550f0510878ec7ec C:\Windows\SysWOW64\wbem\wbemsvc.dll
MD5: 1cfebcb6e223d893cfca4254d2b5a8c9 C:\Windows\SysWOW64\wbem\wmiutils.dll
MD5: e527990110872fd6e2e82e2cca98cff8 C:\Windows\SysWOW64\wbemcomn.dll
MD5: 5e9f84426762ae56963e380efb254efa C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
MD5: 50d31916e1bf930a3e9a80d587798471 C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
MD5: 394b995cb6adfeed1a37dd15fade5068 C:\Windows\SysWOW64\windows.storage.dll
MD5: 236b3202bbb1fcd6c3319a994056e108 C:\Windows\SysWOW64\WindowsCodecs.dll
MD5: 1e497317417c1c68b5453dd04721b16d C:\Windows\SysWOW64\winhttp.dll
MD5: 21be44272cac55d1b6c88c1e0ba78f8e C:\Windows\SysWOW64\wininet.dll
MD5: 4875a62de7dbb832e232f37858b3e0f4 C:\Windows\SysWOW64\winmm.dll
MD5: b713c1666223be863a2b896edcabffc2 C:\Windows\SysWOW64\winmmbase.dll
MD5: 3a7ec305b092343fee6fd0c131fcf865 C:\Windows\SysWOW64\winnsi.dll
MD5: 310b40b6e8224393eaae116335918a6a C:\Windows\SysWOW64\winrnr.dll
MD5: fb4b280a36eb806def334b8daf7091a9 C:\Windows\SysWOW64\WinSATAPI.dll
MD5: 550ecff3c3808065169bfea6c2b7837c C:\Windows\SysWOW64\winspool.drv
MD5: 2547196a21f1c585ee464dffcd165984 C:\Windows\SysWOW64\winsta.dll
MD5: d259a2064dc5e1fa8449cec7e86bea2e C:\Windows\SysWOW64\wintrust.dll
MD5: 6eb3a9117d1849ae452110a2c66cc411 C:\Windows\SysWOW64\WinTypes.dll
MD5: b65d241b81a010b6a78cceea900ccfc0 C:\Windows\SysWOW64\wkscli.dll
MD5: 30f680d95b0ccabe46c775672c912c0a C:\Windows\SysWOW64\wlanapi.dll
MD5: f7d0f1e3e3bfd6cc9cec85358ba839d0 C:\Windows\SysWOW64\Wldap32.dll
MD5: fc42e59329315a30f397490033055d28 C:\Windows\SysWOW64\Wpc.dll
MD5: fbbe8b9147474379f54f8a1bacbf9748 C:\Windows\SysWOW64\ws2_32.dll
MD5: 6f4c84e69a57c57eeb3a4150cf41e1f5 C:\Windows\SysWOW64\wsock32.dll
MD5: c285b73613a6e827bd5b02d569970648 C:\Windows\SysWOW64\wtsapi32.dll
MD5: 7d74cd2f14e5e4ac1a318611dfba9522 C:\Windows\SysWOW64\xmllite.dll
MD5: dd90031fa3e7533626ca4b1f5c6f0114 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9177_none_5093cc7abcb795e9\msvcp90.dll
MD5: b57aa4b9c02ab9cf14d59f56ae5c7557 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9177_none_5093cc7abcb795e9\msvcr90.dll
MD5: 2e97cce063e7fd0524813a35324f35cc C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\comctl32.dll
MD5: 9aa69285f70ee584cf5fe47e30216886 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b\comctl32.dll
MD5: 4f79496b51e1a67b496ff6a407d22d30 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.494_none_1b70da0b144cd419\GdiPlus.dll

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 1.45 KB recvd
Scanned 480 files and modules - 78 seconds

==============================================================================

#10
Jr0x

Posted 17 July 2016 - 03:22 AM

Malware removal team

Malware Removal
1,830 posts

OK! Well done. :thumbsup:

Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.

Right click the and click Run as Administrator.
Ensure ALL boxes are checked.
Click the Run button.
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

Delete the following Files and Folders (If Present):

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates

Please go to Start Menu -> Control Panel
Under View by: select Large Icons, then tap or click Windows Update.
Click on Change Settings

[/b]
Select "Install updates automatically (recommended)" from the Important updates drop-down.
Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
Ensure that all of the other check boxes are checked.
Click OK.

Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

Then click Finish

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:

Click CryptoPrevent
Under the Free Edition column, enter your name and email and click on Request Download Link button to request for a download link
Once received a link in your email (may need to check your Junk mail), download the tool to your Desktop
Open the program by clicking Run when prompted from your browser or by going to the Desktop where the file was saved and right-click and select Run as Administrator
Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
Click the Apply button to set Default protection.
You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me.

#11
MurrayWiseman

Posted 18 July 2016 - 11:48 AM

New Member

Topic Starter
Member
7 posts

Thanks, jr0x. The log file DelFix.txt is below.

I couldn't find Windows Update when I hit View by Large Icons. But I did find it in Settings, Update & security, Windows Update, Advanced options. (Automatic (recommended) was selected.), Choose how updates are delivered. (Updates from more than one place was turned off), (Get updates from Microsoft, and get updates and send updates to --- PCs on my local network was checked. However the specific check boxes from your image are not there.)

Malwarebytes seems to always update itself. Possibly because I have the premium.version. I installed FileHippo and accepted that it run everyday. I disabled Java in Firefox. However, I did not disable it on the PC because I use products such as Freeplane and Project Libre. I installed CryptoPrevent.

Thanks. For all your help. Let me know where I can contribute to GeeksToGo.

# DelFix v1.013 - Logfile created 18/07/2016 at 09:03:10
# Updated 17/04/2016 by Xplode
# Username : Mur - MURRAY
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mur\Desktop\FRST-OlderVersion
Deleted : C:\Users\Mur\Desktop\Addition.txt
Deleted : C:\Users\Mur\Desktop\AdwCleaner.exe
Deleted : C:\Users\Mur\Desktop\Fixlog.txt
Deleted : C:\Users\Mur\Desktop\FRST.txt
Deleted : C:\Users\Mur\Desktop\FRST64.exe
Deleted : C:\Users\Mur\Desktop\JRT.exe
Deleted : C:\Users\Mur\Desktop\JRT.txt
Deleted : C:\Users\Mur\Downloads\adwcleaner_5.201.exe
Deleted : C:\Users\Mur\Downloads\JRT.exe
Deleted : C:\Users\Mur\Downloads\HijackThis.exe
Deleted : C:\Users\Mur\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #49 [Scheduled Checkpoint | 07/14/2016 22:40:36]
Deleted : RP #50 [JRT Pre-Junkware Removal | 07/14/2016 23:28:21]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########