View Single Post
  #3  
Old September 18th, 2019, 04:08 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 406
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2019
Ran by BG (administrator) on BG-PC (Apple Inc. MacBookAir5,2) (17-09-2019 20:00:54)
Running from C:\Users\BG\Desktop
Loaded Profiles: BG (Available Profiles: BG)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module Process.exe
() [File not signed] C:\Program Files\TrackpadPlusPlus\Trackpad++ Helper Process.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> ) C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc. -> Apple Inc.) [File not signed] C:\Program Files\Boot Camp\Bootcamp.exe
(Apple Inc. -> Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\BG\AppData\Local\FluxSoftware\Flux\flux.e xe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Last.fm) [File not signed] C:\Program Files\Last.fm\Last.fm Scrobbler.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nullsoft Inc. -> Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(TunnelBear, Inc. -> ) C:\Program Files\TunnelBear\TunnelBear.Maintenance.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2012-06-13] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [566184 2015-01-15] (Apple Inc. -> Apple Inc.) [File not signed]
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [TRACKPADPLUSPLUS] => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module.exe [12800 2013-07-17] () [File not signed]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [5888320 2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Run: [GitHubDesktopMachineInstaller] => C:\Program Files\GitHub Desktop Installer\GitHubDesktop.exe [84560856 2019-06-12] (GitHub, Inc. -> GitHub, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\Run: [f.lux] => C:\Users\BG\AppData\Local\FluxSoftware\Flux\flux.e xe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Magnify.exe [629760 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2015-04-26]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )
Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-01-27]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A760D4C-8398-4B20-8BA4-377A54F53EFA} - System32\Tasks\{CBAEA4A2-2D6E-4DD4-9D63-CBAE16A9EA08} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\AppData\Local\Temp\mozOpenDownload\Tra ckpad_Plus_Plus_Driver_Control_Module_24a_Setup_05 022013.exe -d C:\Users\BG\AppData\Local\Temp\mozOpenDownload <==== ATTENTION
Task: {1201BFA9-A60F-43AB-9A1E-52CEC2E536E6} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [998080 2014-06-29] (@ByELDI -> @ByELDI) [File not signed]
Task: {1F22E86D-D3AF-462A-BB20-C90514A11AAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FA2D843-8D6A-4B74-B39B-5D30AFAF3A0F} - System32\Tasks\PowerPlanAssistantLibrary\PowerPlan AssistantStart => C:\Program Files\PowerPlanAssistant\PowerPlanAssistant.exe
Task: {21AF69E2-EC57-4B8F-A549-E01E62C04832} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1051864 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E408C16-A5E4-495C-BAAD-4CC8AF83FD16} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3EF00349-290A-431F-AF66-C7AA581EC960} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {46266D26-9EBC-4DE8-8F9B-A6D008990A7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {50FDC73D-A2F7-486C-8FB7-84CD05C8A3FA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {521C3DCF-6B44-447A-BABD-FEF150474BD5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [192704 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F7118F4-BE3B-487B-823C-FD5B9A62411F} - System32\Tasks\Setpoint => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech -> Logitech, Inc.)
Task: {6C01EBA1-2384-4597-9115-6C8EAA51BB25} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {6C01EBA1-2384-4597-9115-6C8EAA51BB25} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {6DB70B98-4E77-44A8-AA6B-021A36E351DB} - System32\Tasks\SamsungMagician => C:\Program Files\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {953FB472-C6A5-4C41-9514-26E5974BD214} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {953FB472-C6A5-4C41-9514-26E5974BD214} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {A182974A-9E3B-484F-B614-0740C85A8061} - System32\Tasks\Trackpad => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module.exe [12800 2013-07-17] () [File not signed]
Task: {B1F9A58F-9AFD-410C-A3BF-63A5E4CD699D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {B1F9A58F-9AFD-410C-A3BF-63A5E4CD699D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {B1F9A58F-9AFD-410C-A3BF-63A5E4CD699D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {B7907116-C5D6-4818-902D-B3B5D7C8B65D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {BD235E8C-59CA-4487-A15E-CF84ABAE0886} - System32\Tasks\{805EE249-0772-4854-BACC-BB5FC673CA1E} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\COMMON~1\TISHAR~1\TIC_DR~1\x86\tiehd.e xe -d C:\PROGRA~1\COMMON~1\
Task: {C2AC5952-7610-4758-910E-207963A4A347} - System32\Tasks\TrackpadPlusPlusLibrary\TrackpadPlu sPlusStart => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module Initializer.exe [10752 2013-07-05] () [File not signed]
Task: {CC5E5F78-7596-4520-B45A-BAC5B8F3DF80} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_ 0_0_238_Plugin.exe [1457208 2019-09-02] (Adobe Inc. -> Adobe)
Task: {CC63706B-4493-431C-84FD-6F49D5CFA482} - System32\Tasks\{FAD253CA-5C46-49D4-BC6E-20F96D503DB1} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\Desktop\WindowsSupport\Drivers\Broadco m\BroadcomCardReader32.exe -d C:\Users\BG\Desktop\WindowsSupport\Drivers\Broadco m
Task: {D4119F54-01AB-47D4-B35D-294D44A36F5E} - System32\Tasks\{60A0E35E-C411-40E4-8880-2CACA0D64749} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\AppData\Local\Temp\mozOpenDownload\out _lame.binf_v164.exe -d C:\Users\BG\AppData\Local\Temp\mozOpenDownload <==== ATTENTION
Task: {ED863AC7-EA1A-4E89-809F-57B97550902C} - System32\Tasks\{5E619AA8-6603-4EE5-A610-B5F421FBBF97} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\COMMON~1\TISHAR~1\TIC_DR~1\x86\SILVRD~ 1.EXE -d C:\PROGRA~1\COMMON~1\
Task: {F2117819-1D7D-478C-9BC3-FD73248E2788} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {F2117819-1D7D-478C-9BC3-FD73248E2788} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {F3AA7E45-5B78-4B88-9C22-DD1101868B69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FBF1F635-6CB8-46A6-949B-D00D76EF7777} - System32\Tasks\{D6F48386-7576-49F0-8492-564A6F675BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\AppData\Local\Temp\mozOpenDownload\Tra ckpad_Plus_Plus_Driver_Control_Module_24a_Setup_03 132013.exe -d C:\Users\BG\AppData\Local\Temp\mozOpenDownload <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226609107-4164577499-164976268-1000Core1cf4ea2c417b2c8.job => C:\Users\BG\AppData\Local\Google\Update\GoogleUpda te.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{810CBBE9-268E-4433-9FC7-8739E804D8C8}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{B21A554D-1CD9-4913-9F59-BB82456D5C6E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B21A554D-1CD9-4913-9F59-BB82456D5C6E}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{F5961F3B-5A9C-4A4A-8249-D0614BDDB9E0}: [DhcpNameServer] 205.171.3.65 205.171.2.65

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2226609107-4164577499-164976268-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: vdp159bw.default-1478060305972
FF ProfilePath: C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972 [2019-09-17]
FF DownloadDir: C:\Users\BG\Desktop
FF Homepage: Mozilla\Firefox\Profiles\vdp159bw.default-1478060305972 -> about:blank
FF NewTabOverride: Mozilla\Firefox\Profiles\vdp159bw.default-1478060305972 -> Disabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\vdp159bw.default-1478060305972 -> Enabled: treestyletab@piro.sakura.ne.jp
FF Extension: (Disconnect) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\2.0@disconnect.me.xpi [2019-09-10]
FF Extension: (Flash Video Downloader) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\artur.dubovoy@gmail.com.x pi [2019-02-14]
FF Extension: (Cleanest Addon Manager) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\cam@sdrocking.com.xpi [2016-11-02] [Legacy]
FF Extension: (Chrome Store Foxified) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\Chrome-Store-Foxified@jetpack.xpi [2018-11-04]
FF Extension: (OneTab) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\extension@one-tab.com.xpi [2019-09-11]
FF Extension: (Video Downloader professional) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\ffext_basicvideoext@start page24.xpi [2019-05-22]
FF Extension: (Honey) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2019-09-11]
FF Extension: (Email Notifier) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-iqxEAwQsa3GZKc@jetpack.xpi [2019-02-04]
FF Extension: (Youtube's Annotations No More) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-ss6kLNCbNz6u0g@jetpack.xpi [2018-03-24]
FF Extension: (Edit any page) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-wXTpXAFHyklEng@jetpack.xpi [2016-12-07] [Legacy]
FF Extension: (Reddit Enhancement Suite) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-09-11]
FF Extension: (LeechBlock NG) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\leechblockng@proginosko.c om.xpi [2019-05-05]
FF Extension: (Multi Links Plus) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\multilinksplus@hugsmile.e u.xpi [2017-11-04] [Legacy]
FF Extension: (New Tab Override) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\newtaboverride@agenedia.c om.xpi [2019-05-05]
FF Extension: (Tree Style Tab) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\treestyletab@piro.sakura. ne.jp.xpi [2019-09-15]
FF Extension: (uBlock Origin) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\uBlock0@raymondhill.net.x pi [2019-09-11]
FF Extension: (SHINE for reddit (unofficial)) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{143d373a-88f7-4eed-8b80-a6ce4ef56015}.xpi [2019-05-05]
FF Extension: (FlashGot) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-01] [Legacy]
FF Extension: (View Image) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2019-09-11]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2019-03-08]
FF Extension: (New tab toolbar button) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{42975993-6fa0-46f5-a45f-706915f18ebf}.xpi [2016-11-04] [Legacy]
FF Extension: (Download Status Bar) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-11-02] [Legacy]
FF Extension: (NoScript) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-05-05]
FF Extension: (YouTube High Definition) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-05-04]
FF Extension: (Download Star) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{8cc0b007-e40b-46e8-9e50-e3bf021c94ab}.xpi [2018-11-17]
FF Extension: (Old Reddit Redirect) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{9063c2e9-e07c-4c2c-9646-cfe7ca8d0498}.xpi [2019-02-14]
FF Extension: (WX Download Status Bar) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{a1c84bb7-d5fc-4906-90b4-965e520b29bf}.xpi [2019-02-19]
FF Extension: (Tab Suspender (memory saver)) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{e225ac78-5e83-484b-a16b-b6ed0924212f}.xpi [2018-03-25]
FF ProfilePath: C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\j8xscfoz.10-24-14 New [2019-09-10]
FF Extension: (FEBE) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\j8xscfoz.10-24-14 New\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-04-30] [Legacy] [not signed]
FF ProfilePath: C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\4fyzwgf7.default [2019-09-10]
FF Homepage: Mozilla\Firefox\Profiles\4fyzwgf7.default -> about:home
FF Extension: (FEBE) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\4fyzwgf7.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-01-27] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-03] [Legacy] [not signed]
FF HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\BG\AppData\Roaming\ACEStream\extensions\a we\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\BG\AppData\Roaming\ACEStream\extensions\a we\firefox\acewebextension_unlisted.xpi [2015-12-18] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_ 238.dll [2019-09-02] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151 .dll [2014-04-14] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1 .dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-11-20] (Nullsoft, Inc.) [File not signed]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\BG\AppData\Roaming\ACEStream\player\npace _plugin.dll [2015-08-06] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\BG\AppData\Roaming\Mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @talk.google.com/O1DPlugin -> C:\Users\BG\AppData\Roaming\Mozilla\plugins\npo1d. dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @tools.google.com/Google Update;version=3 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\n pGoogleUpdate3.dll [2014-04-02] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @tools.google.com/Google Update;version=9 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\n pGoogleUpdate3.dll [2014-04-02] (Google Inc -> Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\BG\AppData\Roaming\mozilla\plugins\npgoog letalk.dll [2016-08-19]
FF Plugin ProgramFiles/Appdata: C:\Users\BG\AppData\Roaming\mozilla\plugins\npo1d. dll [2016-08-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-03]
CHR HKU\S-1-5-21-2226609107-4164577499-164976268-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-07-24] (Adobe Inc. -> Adobe Systems)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194472 2012-06-14] (Apple Inc. -> )
R2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [100264 2012-06-14] (Apple Inc. -> Apple Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation - pGFX -> Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43856 2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI -> @ByELDI) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TunnelBearMaintenance; C:\Program Files\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\BG\AppData\Local\Temp\DX9\SessionLauncher .exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 AppleBtBc; C:\Windows\System32\DRIVERS\AppleBtBc.sys [18944 2012-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [58496 2012-06-14] (Apple Inc. -> Apple Inc.)
R0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [15360 2012-06-14] (Apple Inc. -> Apple Inc.)
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2010-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29696 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [4374592 2012-06-13] (Broadcom Corporation -> Broadcom Corporation)
R3 CirrusFilter; C:\Windows\System32\DRIVERS\CS420x86.sys [14336 2012-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Cirrus Logic)
S3 HpGmb001; C:\Windows\System32\DRIVERS\HpGmb001.SYS [11264 2009-05-27] (Primax Electronics Ltd.) [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-06-13] (Intel Corporation -> Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [347928 2012-06-13] (Intel Corporation -> Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [788248 2012-06-13] (Intel Corporation -> Intel Corporation)
R2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15104 2012-06-14] (Apple Inc. -> Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [27648 2012-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech -> Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech -> Logitech, Inc.)
R2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [21504 2012-06-14] (Apple Inc. -> Apple Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation -> Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (Shenzhen Saikeware Technology Co., Ltd. -> MotioninJoy)
R3 MT_TRACKPAD; C:\Windows\System32\drivers\MT_Trackpad.sys [13312 2011-12-19] (NGO -> n/a) [File not signed]
R3 RTLU3E8023-W7-32; C:\Windows\System32\DRIVERS\rtu30x86w7.sys [69336 2013-10-12] (Realtek Semiconductor Corp -> Realtek )
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2017-09-06] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2017-03-02] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
R3 trackpad_plus_plus_x86; C:\Windows\System32\DRIVERS\trackpad_plus_plus_x86 .sys [8960 2013-07-06] (NGO -> Windows (R) Win 7 DDK provider) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [11520 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 catchme; \??\C:\Users\BG\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 20:00 - 2019-09-17 20:02 - 000038808 _____ C:\Users\BG\Desktop\FRST.txt
2019-09-17 20:00 - 2019-09-17 20:00 - 001449984 _____ (Farbar) C:\Users\BG\Desktop\FRST.exe
2019-09-17 20:00 - 2019-09-17 20:00 - 000000000 ____D C:\FRST
2019-09-14 23:21 - 2019-09-14 23:09 - 3360992757 _____ C:\Users\BG\Desktop\UFC.Fight.Night.158.Cowboy.Vs. Gaethje.720p.2500KBS.WEBRIP.x264-WH.mp4
2019-09-12 20:20 - 2019-09-12 20:20 - 000000000 ____D C:\Users\BG\AppData\Roaming\Daum
2019-09-12 20:19 - 2019-09-12 20:20 - 000000000 ____D C:\Users\BG\AppData\Roaming\PotPlayerMini
2019-09-12 20:19 - 2019-09-12 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2019-09-12 20:19 - 2019-09-12 20:19 - 000000000 ____D C:\Program Files\DAUM
2019-09-12 20:11 - 2019-09-12 20:11 - 027808232 _____ (Kakao) C:\Users\BG\Downloads\PotPlayerSetup.exe
2019-09-11 22:01 - 2019-09-11 22:01 - 000388608 _____ (Trend Micro Inc.) C:\Users\BG\Downloads\HijackThis.exe
2019-09-10 18:27 - 2019-09-10 18:27 - 000067008 _____ C:\Users\BG\Downloads\64256006445-1043642905-ticket.pdf
2019-09-06 20:12 - 2019-09-06 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-09-05 11:48 - 2019-09-11 18:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-05 05:18 - 2019-09-05 05:18 - 000043856 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-09-05 05:18 - 2019-09-05 05:18 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-09-05 05:18 - 2019-09-05 05:18 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-09-05 05:18 - 2019-09-05 05:18 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-09-03 07:49 - 2019-09-03 07:55 - 160290033 _____ C:\Users\BG\Downloads\DesperateAmateurs Vanessa — DaftSex.mp4
2019-09-02 21:31 - 2019-09-15 19:49 - 000000000 ____D C:\Users\BG\AppData\Roaming\vlc
2019-08-26 00:44 - 2019-08-26 00:44 - 001207336 _____ (Adobe Inc) C:\Users\BG\Downloads\flashplayer32au_ha_install(2 ).exe
2019-08-23 02:03 - 2019-08-23 02:04 - 000000000 ____D C:\Users\BG\Desktop\NES Use this folder for modding
2019-08-20 14:42 - 2019-08-20 14:43 - 000000000 ____D C:\Users\BG\Desktop\insta
2019-08-18 19:13 - 2019-08-18 19:13 - 001207336 _____ (Adobe Inc) C:\Users\BG\Downloads\flashplayer32au_ha_install(1 ).exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 20:03 - 2017-11-29 18:15 - 000000000 ____D C:\Users\BG\AppData\Local\JDownloader 2.0
2019-09-17 19:55 - 2014-07-19 11:29 - 000000000 ____D C:\Users\BG\AppData\Roaming\Spotify
2019-09-17 19:40 - 2015-05-29 19:59 - 000000000 ___RD C:\Users\BG\Dropbox
2019-09-17 19:36 - 2015-05-29 19:52 - 000000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-09-17 18:36 - 2015-05-29 19:52 - 000000884 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-09-17 17:34 - 2009-07-13 21:34 - 000020912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-17 17:34 - 2009-07-13 21:34 - 000020912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-17 12:35 - 2014-07-19 11:29 - 000000000 ____D C:\Users\BG\AppData\Local\Spotify
2019-09-16 20:02 - 2013-01-27 08:43 - 000786222 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-16 20:02 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
2019-09-16 17:37 - 2016-11-18 17:32 - 000000000 ____D C:\Users\BG\AppData\LocalLow\Mozilla
2019-09-16 17:37 - 2013-01-27 05:28 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-16 17:33 - 2019-08-07 19:03 - 000000000 ____D C:\Program Files\TunnelBear
2019-09-16 17:32 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-16 00:45 - 2013-08-13 20:06 - 000000000 ____D C:\Users\BG\AppData\Roaming\uTorrent
2019-09-15 16:53 - 2015-11-14 22:38 - 000000000 ____D C:\Users\BG\AppData\Roaming\.ACEStream
2019-09-15 15:48 - 2014-11-07 01:31 - 000000000 ____D C:\Users\BG\AppData\Local\CrashDumps
2019-09-11 18:14 - 2016-01-31 19:18 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-09-06 20:13 - 2015-05-29 19:52 - 000000000 ____D C:\Program Files\Dropbox
2019-09-02 20:48 - 2014-08-21 15:41 - 000000000 ____D C:\Users\BG\AppData\Local\Adobe
2019-09-02 20:47 - 2014-04-25 20:40 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-09-02 20:47 - 2014-04-25 20:40 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-08-26 00:57 - 2016-04-03 19:40 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ================

2014-06-29 00:21 - 2014-06-29 00:13 - 000012005 _____ () C:\Users\BG\AppData\Roaming\alsoft.ini
2014-01-14 14:47 - 2018-08-05 00:51 - 000060928 _____ () C:\Users\BG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 11:16 - 2014-11-05 11:16 - 000000787 _____ () C:\Users\BG\AppData\Local\recently-used.xbel
2014-03-15 21:43 - 2019-04-18 14:04 - 000007642 _____ () C:\Users\BG\AppData\Local\Resmon.ResmonCfg
2013-02-14 23:32 - 2015-04-28 16:21 - 000010540 _____ () C:\Users\BG\AppData\Local\rx_audio.Cache
2013-06-07 11:59 - 2015-04-28 16:21 - 000000288 _____ () C:\Users\BG\AppData\Local\rx_image32.Cache
2016-07-21 00:02 - 2016-07-21 00:02 - 000000000 _____ () C:\Users\BG\AppData\Local\{28EF06A9-E0AE-4968-BB98-C90C76273B44}
2017-06-05 21:52 - 2017-06-05 21:52 - 000000000 _____ () C:\Users\BG\AppData\Local\{BBDD96D7-95C7-40E7-8EB9-3C8B1881429A}
2016-09-09 08:02 - 2016-09-09 08:02 - 000000000 _____ () C:\Users\BG\AppData\Local\{D53A192D-03AD-4CFC-B984-77972664CC8B}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-10 14:59
==================== End of FRST.txt ============================
Reply With Quote