Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old September 12th, 2019, 06:02 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 401
checking for malware

Hi, wow, where has the malware removal forum gone?

Recently I was at an airport on wifi, and now my computer has been lagging a ton. would like to rule out that i'm not infected.

Windows 7
Macbook Air mid 2012



Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:01:43 PM, on 9/11/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19003)

FIREFOX: 69.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\BG\AppData\Local\FluxSoftware\Flux\flux.e xe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module Process.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrackpadPlusPlus\Trackpad++ Helper Process.exe
C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\BG\AppData\Roaming\Spotify\spotify.exe
C:\Users\BG\AppData\Roaming\Spotify\spotify.exe
C:\Users\BG\AppData\Roaming\Spotify\spotify.exe
C:\Users\BG\AppData\Roaming\Spotify\spotify.exe
C:\Users\BG\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BG\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [TRACKPADPLUSPLUS] C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [GitHubDesktopMachineInstaller] %ProgramFiles%\GitHub Desktop Installer\GitHubDesktop.exe --checkInstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\BG\AppData\Local\FluxSoftware\Flux\flux. exe" /noshow
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Windows\System32\Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Windows\System32\Magnify.exe (User 'Default user')
O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{B21A554D-1CD9-4913-9F59-BB82456D5C6E}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\BG\AppData\Local\Temp\DX9\SessionLauncher .exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunnelBear Maintenance (TunnelBearMaintenance) - Unknown owner - C:\Program Files\TunnelBear\TunnelBear.Maintenance.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 10162 bytes
Reply With Quote


  #2  
Old September 12th, 2019, 11:58 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,868
Howdy Bremang,

Long time since we last chatted, but still here to help. Not really seeing anything in this log, but Hijackthis is pretty outdated now, so need to take a different look at things.


For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Use extra posts here as needed.
Reply With Quote
  #3  
Old September 18th, 2019, 04:08 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 401
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2019
Ran by BG (administrator) on BG-PC (Apple Inc. MacBookAir5,2) (17-09-2019 20:00:54)
Running from C:\Users\BG\Desktop
Loaded Profiles: BG (Available Profiles: BG)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module Process.exe
() [File not signed] C:\Program Files\TrackpadPlusPlus\Trackpad++ Helper Process.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> ) C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc. -> Apple Inc.) [File not signed] C:\Program Files\Boot Camp\Bootcamp.exe
(Apple Inc. -> Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files\Dropbox\Client\80.4.126\QtWebEngineProcess.e xe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\BG\AppData\Local\FluxSoftware\Flux\flux.e xe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Last.fm) [File not signed] C:\Program Files\Last.fm\Last.fm Scrobbler.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nullsoft Inc. -> Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe
(TunnelBear, Inc. -> ) C:\Program Files\TunnelBear\TunnelBear.Maintenance.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2012-06-13] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [566184 2015-01-15] (Apple Inc. -> Apple Inc.) [File not signed]
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [TRACKPADPLUSPLUS] => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module.exe [12800 2013-07-17] () [File not signed]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [5888320 2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Run: [GitHubDesktopMachineInstaller] => C:\Program Files\GitHub Desktop Installer\GitHubDesktop.exe [84560856 2019-06-12] (GitHub, Inc. -> GitHub, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\Run: [f.lux] => C:\Users\BG\AppData\Local\FluxSoftware\Flux\flux.e xe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Magnify.exe [629760 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2015-04-26]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )
Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-01-27]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A760D4C-8398-4B20-8BA4-377A54F53EFA} - System32\Tasks\{CBAEA4A2-2D6E-4DD4-9D63-CBAE16A9EA08} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\AppData\Local\Temp\mozOpenDownload\Tra ckpad_Plus_Plus_Driver_Control_Module_24a_Setup_05 022013.exe -d C:\Users\BG\AppData\Local\Temp\mozOpenDownload <==== ATTENTION
Task: {1201BFA9-A60F-43AB-9A1E-52CEC2E536E6} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [998080 2014-06-29] (@ByELDI -> @ByELDI) [File not signed]
Task: {1F22E86D-D3AF-462A-BB20-C90514A11AAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FA2D843-8D6A-4B74-B39B-5D30AFAF3A0F} - System32\Tasks\PowerPlanAssistantLibrary\PowerPlan AssistantStart => C:\Program Files\PowerPlanAssistant\PowerPlanAssistant.exe
Task: {21AF69E2-EC57-4B8F-A549-E01E62C04832} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1051864 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E408C16-A5E4-495C-BAAD-4CC8AF83FD16} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3EF00349-290A-431F-AF66-C7AA581EC960} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {46266D26-9EBC-4DE8-8F9B-A6D008990A7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {50FDC73D-A2F7-486C-8FB7-84CD05C8A3FA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {521C3DCF-6B44-447A-BABD-FEF150474BD5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [192704 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F7118F4-BE3B-487B-823C-FD5B9A62411F} - System32\Tasks\Setpoint => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech -> Logitech, Inc.)
Task: {6C01EBA1-2384-4597-9115-6C8EAA51BB25} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {6C01EBA1-2384-4597-9115-6C8EAA51BB25} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {6DB70B98-4E77-44A8-AA6B-021A36E351DB} - System32\Tasks\SamsungMagician => C:\Program Files\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {953FB472-C6A5-4C41-9514-26E5974BD214} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {953FB472-C6A5-4C41-9514-26E5974BD214} - System32\Tasks\Microsoft\Windows\Setup\gwx\refresh gwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {A182974A-9E3B-484F-B614-0740C85A8061} - System32\Tasks\Trackpad => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module.exe [12800 2013-07-17] () [File not signed]
Task: {B1F9A58F-9AFD-410C-A3BF-63A5E4CD699D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {B1F9A58F-9AFD-410C-A3BF-63A5E4CD699D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {B1F9A58F-9AFD-410C-A3BF-63A5E4CD699D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {B7907116-C5D6-4818-902D-B3B5D7C8B65D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {BD235E8C-59CA-4487-A15E-CF84ABAE0886} - System32\Tasks\{805EE249-0772-4854-BACC-BB5FC673CA1E} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\COMMON~1\TISHAR~1\TIC_DR~1\x86\tiehd.e xe -d C:\PROGRA~1\COMMON~1\
Task: {C2AC5952-7610-4758-910E-207963A4A347} - System32\Tasks\TrackpadPlusPlusLibrary\TrackpadPlu sPlusStart => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module Initializer.exe [10752 2013-07-05] () [File not signed]
Task: {CC5E5F78-7596-4520-B45A-BAC5B8F3DF80} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_ 0_0_238_Plugin.exe [1457208 2019-09-02] (Adobe Inc. -> Adobe)
Task: {CC63706B-4493-431C-84FD-6F49D5CFA482} - System32\Tasks\{FAD253CA-5C46-49D4-BC6E-20F96D503DB1} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\Desktop\WindowsSupport\Drivers\Broadco m\BroadcomCardReader32.exe -d C:\Users\BG\Desktop\WindowsSupport\Drivers\Broadco m
Task: {D4119F54-01AB-47D4-B35D-294D44A36F5E} - System32\Tasks\{60A0E35E-C411-40E4-8880-2CACA0D64749} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\AppData\Local\Temp\mozOpenDownload\out _lame.binf_v164.exe -d C:\Users\BG\AppData\Local\Temp\mozOpenDownload <==== ATTENTION
Task: {ED863AC7-EA1A-4E89-809F-57B97550902C} - System32\Tasks\{5E619AA8-6603-4EE5-A610-B5F421FBBF97} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\COMMON~1\TISHAR~1\TIC_DR~1\x86\SILVRD~ 1.EXE -d C:\PROGRA~1\COMMON~1\
Task: {F2117819-1D7D-478C-9BC3-FD73248E2788} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {F2117819-1D7D-478C-9BC3-FD73248E2788} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [283648 [2015-12-08]] (Microsoft Windows -> Microsoft Corporation)
Task: {F3AA7E45-5B78-4B88-9C22-DD1101868B69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FBF1F635-6CB8-46A6-949B-D00D76EF7777} - System32\Tasks\{D6F48386-7576-49F0-8492-564A6F675BF7} => C:\Windows\system32\pcalua.exe -a C:\Users\BG\AppData\Local\Temp\mozOpenDownload\Tra ckpad_Plus_Plus_Driver_Control_Module_24a_Setup_03 132013.exe -d C:\Users\BG\AppData\Local\Temp\mozOpenDownload <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226609107-4164577499-164976268-1000Core1cf4ea2c417b2c8.job => C:\Users\BG\AppData\Local\Google\Update\GoogleUpda te.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{810CBBE9-268E-4433-9FC7-8739E804D8C8}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{B21A554D-1CD9-4913-9F59-BB82456D5C6E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B21A554D-1CD9-4913-9F59-BB82456D5C6E}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{F5961F3B-5A9C-4A4A-8249-D0614BDDB9E0}: [DhcpNameServer] 205.171.3.65 205.171.2.65

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2226609107-4164577499-164976268-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: vdp159bw.default-1478060305972
FF ProfilePath: C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972 [2019-09-17]
FF DownloadDir: C:\Users\BG\Desktop
FF Homepage: Mozilla\Firefox\Profiles\vdp159bw.default-1478060305972 -> about:blank
FF NewTabOverride: Mozilla\Firefox\Profiles\vdp159bw.default-1478060305972 -> Disabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\vdp159bw.default-1478060305972 -> Enabled: treestyletab@piro.sakura.ne.jp
FF Extension: (Disconnect) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\2.0@disconnect.me.xpi [2019-09-10]
FF Extension: (Flash Video Downloader) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\artur.dubovoy@gmail.com.x pi [2019-02-14]
FF Extension: (Cleanest Addon Manager) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\cam@sdrocking.com.xpi [2016-11-02] [Legacy]
FF Extension: (Chrome Store Foxified) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\Chrome-Store-Foxified@jetpack.xpi [2018-11-04]
FF Extension: (OneTab) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\extension@one-tab.com.xpi [2019-09-11]
FF Extension: (Video Downloader professional) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\ffext_basicvideoext@start page24.xpi [2019-05-22]
FF Extension: (Honey) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2019-09-11]
FF Extension: (Email Notifier) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-iqxEAwQsa3GZKc@jetpack.xpi [2019-02-04]
FF Extension: (Youtube's Annotations No More) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-ss6kLNCbNz6u0g@jetpack.xpi [2018-03-24]
FF Extension: (Edit any page) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-wXTpXAFHyklEng@jetpack.xpi [2016-12-07] [Legacy]
FF Extension: (Reddit Enhancement Suite) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-09-11]
FF Extension: (LeechBlock NG) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\leechblockng@proginosko.c om.xpi [2019-05-05]
FF Extension: (Multi Links Plus) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\multilinksplus@hugsmile.e u.xpi [2017-11-04] [Legacy]
FF Extension: (New Tab Override) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\newtaboverride@agenedia.c om.xpi [2019-05-05]
FF Extension: (Tree Style Tab) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\treestyletab@piro.sakura. ne.jp.xpi [2019-09-15]
FF Extension: (uBlock Origin) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\uBlock0@raymondhill.net.x pi [2019-09-11]
FF Extension: (SHINE for reddit (unofficial)) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{143d373a-88f7-4eed-8b80-a6ce4ef56015}.xpi [2019-05-05]
FF Extension: (FlashGot) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-01] [Legacy]
FF Extension: (View Image) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2019-09-11]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2019-03-08]
FF Extension: (New tab toolbar button) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{42975993-6fa0-46f5-a45f-706915f18ebf}.xpi [2016-11-04] [Legacy]
FF Extension: (Download Status Bar) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-11-02] [Legacy]
FF Extension: (NoScript) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-05-05]
FF Extension: (YouTube High Definition) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-05-04]
FF Extension: (Download Star) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{8cc0b007-e40b-46e8-9e50-e3bf021c94ab}.xpi [2018-11-17]
FF Extension: (Old Reddit Redirect) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{9063c2e9-e07c-4c2c-9646-cfe7ca8d0498}.xpi [2019-02-14]
FF Extension: (WX Download Status Bar) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{a1c84bb7-d5fc-4906-90b4-965e520b29bf}.xpi [2019-02-19]
FF Extension: (Tab Suspender (memory saver)) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\vdp159bw.default-1478060305972\Extensions\{e225ac78-5e83-484b-a16b-b6ed0924212f}.xpi [2018-03-25]
FF ProfilePath: C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\j8xscfoz.10-24-14 New [2019-09-10]
FF Extension: (FEBE) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\j8xscfoz.10-24-14 New\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-04-30] [Legacy] [not signed]
FF ProfilePath: C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\4fyzwgf7.default [2019-09-10]
FF Homepage: Mozilla\Firefox\Profiles\4fyzwgf7.default -> about:home
FF Extension: (FEBE) - C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profil es\4fyzwgf7.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-01-27] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-03] [Legacy] [not signed]
FF HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\BG\AppData\Roaming\ACEStream\extensions\a we\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\BG\AppData\Roaming\ACEStream\extensions\a we\firefox\acewebextension_unlisted.xpi [2015-12-18] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_ 238.dll [2019-09-02] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151 .dll [2014-04-14] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1 .dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-11-20] (Nullsoft, Inc.) [File not signed]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\BG\AppData\Roaming\ACEStream\player\npace _plugin.dll [2015-08-06] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\BG\AppData\Roaming\Mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @talk.google.com/O1DPlugin -> C:\Users\BG\AppData\Roaming\Mozilla\plugins\npo1d. dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @tools.google.com/Google Update;version=3 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\n pGoogleUpdate3.dll [2014-04-02] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-2226609107-4164577499-164976268-1000: @tools.google.com/Google Update;version=9 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\n pGoogleUpdate3.dll [2014-04-02] (Google Inc -> Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\BG\AppData\Roaming\mozilla\plugins\npgoog letalk.dll [2016-08-19]
FF Plugin ProgramFiles/Appdata: C:\Users\BG\AppData\Roaming\mozilla\plugins\npo1d. dll [2016-08-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-03]
CHR HKU\S-1-5-21-2226609107-4164577499-164976268-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-07-24] (Adobe Inc. -> Adobe Systems)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194472 2012-06-14] (Apple Inc. -> )
R2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [100264 2012-06-14] (Apple Inc. -> Apple Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation - pGFX -> Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43856 2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI -> @ByELDI) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TunnelBearMaintenance; C:\Program Files\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\BG\AppData\Local\Temp\DX9\SessionLauncher .exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 AppleBtBc; C:\Windows\System32\DRIVERS\AppleBtBc.sys [18944 2012-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [58496 2012-06-14] (Apple Inc. -> Apple Inc.)
R0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [15360 2012-06-14] (Apple Inc. -> Apple Inc.)
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2010-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29696 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [4374592 2012-06-13] (Broadcom Corporation -> Broadcom Corporation)
R3 CirrusFilter; C:\Windows\System32\DRIVERS\CS420x86.sys [14336 2012-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Cirrus Logic)
S3 HpGmb001; C:\Windows\System32\DRIVERS\HpGmb001.SYS [11264 2009-05-27] (Primax Electronics Ltd.) [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-06-13] (Intel Corporation -> Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [347928 2012-06-13] (Intel Corporation -> Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [788248 2012-06-13] (Intel Corporation -> Intel Corporation)
R2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15104 2012-06-14] (Apple Inc. -> Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [27648 2012-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech -> Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech -> Logitech, Inc.)
R2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [21504 2012-06-14] (Apple Inc. -> Apple Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation -> Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (Shenzhen Saikeware Technology Co., Ltd. -> MotioninJoy)
R3 MT_TRACKPAD; C:\Windows\System32\drivers\MT_Trackpad.sys [13312 2011-12-19] (NGO -> n/a) [File not signed]
R3 RTLU3E8023-W7-32; C:\Windows\System32\DRIVERS\rtu30x86w7.sys [69336 2013-10-12] (Realtek Semiconductor Corp -> Realtek )
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2017-09-06] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2017-03-02] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
R3 trackpad_plus_plus_x86; C:\Windows\System32\DRIVERS\trackpad_plus_plus_x86 .sys [8960 2013-07-06] (NGO -> Windows (R) Win 7 DDK provider) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [11520 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 catchme; \??\C:\Users\BG\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 20:00 - 2019-09-17 20:02 - 000038808 _____ C:\Users\BG\Desktop\FRST.txt
2019-09-17 20:00 - 2019-09-17 20:00 - 001449984 _____ (Farbar) C:\Users\BG\Desktop\FRST.exe
2019-09-17 20:00 - 2019-09-17 20:00 - 000000000 ____D C:\FRST
2019-09-14 23:21 - 2019-09-14 23:09 - 3360992757 _____ C:\Users\BG\Desktop\UFC.Fight.Night.158.Cowboy.Vs. Gaethje.720p.2500KBS.WEBRIP.x264-WH.mp4
2019-09-12 20:20 - 2019-09-12 20:20 - 000000000 ____D C:\Users\BG\AppData\Roaming\Daum
2019-09-12 20:19 - 2019-09-12 20:20 - 000000000 ____D C:\Users\BG\AppData\Roaming\PotPlayerMini
2019-09-12 20:19 - 2019-09-12 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2019-09-12 20:19 - 2019-09-12 20:19 - 000000000 ____D C:\Program Files\DAUM
2019-09-12 20:11 - 2019-09-12 20:11 - 027808232 _____ (Kakao) C:\Users\BG\Downloads\PotPlayerSetup.exe
2019-09-11 22:01 - 2019-09-11 22:01 - 000388608 _____ (Trend Micro Inc.) C:\Users\BG\Downloads\HijackThis.exe
2019-09-10 18:27 - 2019-09-10 18:27 - 000067008 _____ C:\Users\BG\Downloads\64256006445-1043642905-ticket.pdf
2019-09-06 20:12 - 2019-09-06 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-09-05 11:48 - 2019-09-11 18:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-05 05:18 - 2019-09-05 05:18 - 000043856 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-09-05 05:18 - 2019-09-05 05:18 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-09-05 05:18 - 2019-09-05 05:18 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-09-05 05:18 - 2019-09-05 05:18 - 000036848 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-09-03 07:49 - 2019-09-03 07:55 - 160290033 _____ C:\Users\BG\Downloads\DesperateAmateurs Vanessa — DaftSex.mp4
2019-09-02 21:31 - 2019-09-15 19:49 - 000000000 ____D C:\Users\BG\AppData\Roaming\vlc
2019-08-26 00:44 - 2019-08-26 00:44 - 001207336 _____ (Adobe Inc) C:\Users\BG\Downloads\flashplayer32au_ha_install(2 ).exe
2019-08-23 02:03 - 2019-08-23 02:04 - 000000000 ____D C:\Users\BG\Desktop\NES Use this folder for modding
2019-08-20 14:42 - 2019-08-20 14:43 - 000000000 ____D C:\Users\BG\Desktop\insta
2019-08-18 19:13 - 2019-08-18 19:13 - 001207336 _____ (Adobe Inc) C:\Users\BG\Downloads\flashplayer32au_ha_install(1 ).exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 20:03 - 2017-11-29 18:15 - 000000000 ____D C:\Users\BG\AppData\Local\JDownloader 2.0
2019-09-17 19:55 - 2014-07-19 11:29 - 000000000 ____D C:\Users\BG\AppData\Roaming\Spotify
2019-09-17 19:40 - 2015-05-29 19:59 - 000000000 ___RD C:\Users\BG\Dropbox
2019-09-17 19:36 - 2015-05-29 19:52 - 000000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-09-17 18:36 - 2015-05-29 19:52 - 000000884 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-09-17 17:34 - 2009-07-13 21:34 - 000020912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-17 17:34 - 2009-07-13 21:34 - 000020912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-17 12:35 - 2014-07-19 11:29 - 000000000 ____D C:\Users\BG\AppData\Local\Spotify
2019-09-16 20:02 - 2013-01-27 08:43 - 000786222 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-16 20:02 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
2019-09-16 17:37 - 2016-11-18 17:32 - 000000000 ____D C:\Users\BG\AppData\LocalLow\Mozilla
2019-09-16 17:37 - 2013-01-27 05:28 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-16 17:33 - 2019-08-07 19:03 - 000000000 ____D C:\Program Files\TunnelBear
2019-09-16 17:32 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-16 00:45 - 2013-08-13 20:06 - 000000000 ____D C:\Users\BG\AppData\Roaming\uTorrent
2019-09-15 16:53 - 2015-11-14 22:38 - 000000000 ____D C:\Users\BG\AppData\Roaming\.ACEStream
2019-09-15 15:48 - 2014-11-07 01:31 - 000000000 ____D C:\Users\BG\AppData\Local\CrashDumps
2019-09-11 18:14 - 2016-01-31 19:18 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-09-06 20:13 - 2015-05-29 19:52 - 000000000 ____D C:\Program Files\Dropbox
2019-09-02 20:48 - 2014-08-21 15:41 - 000000000 ____D C:\Users\BG\AppData\Local\Adobe
2019-09-02 20:47 - 2014-04-25 20:40 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-09-02 20:47 - 2014-04-25 20:40 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-08-26 00:57 - 2016-04-03 19:40 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ================

2014-06-29 00:21 - 2014-06-29 00:13 - 000012005 _____ () C:\Users\BG\AppData\Roaming\alsoft.ini
2014-01-14 14:47 - 2018-08-05 00:51 - 000060928 _____ () C:\Users\BG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 11:16 - 2014-11-05 11:16 - 000000787 _____ () C:\Users\BG\AppData\Local\recently-used.xbel
2014-03-15 21:43 - 2019-04-18 14:04 - 000007642 _____ () C:\Users\BG\AppData\Local\Resmon.ResmonCfg
2013-02-14 23:32 - 2015-04-28 16:21 - 000010540 _____ () C:\Users\BG\AppData\Local\rx_audio.Cache
2013-06-07 11:59 - 2015-04-28 16:21 - 000000288 _____ () C:\Users\BG\AppData\Local\rx_image32.Cache
2016-07-21 00:02 - 2016-07-21 00:02 - 000000000 _____ () C:\Users\BG\AppData\Local\{28EF06A9-E0AE-4968-BB98-C90C76273B44}
2017-06-05 21:52 - 2017-06-05 21:52 - 000000000 _____ () C:\Users\BG\AppData\Local\{BBDD96D7-95C7-40E7-8EB9-3C8B1881429A}
2016-09-09 08:02 - 2016-09-09 08:02 - 000000000 _____ () C:\Users\BG\AppData\Local\{D53A192D-03AD-4CFC-B984-77972664CC8B}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-10 14:59
==================== End of FRST.txt ============================
Reply With Quote
  #4  
Old September 18th, 2019, 04:09 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 401
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-09-2019
Ran by BG (17-09-2019 20:03:41)
Running from C:\Users\BG\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-01-27 15:42:55)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-2226609107-4164577499-164976268-500 - Administrator - Disabled)
BG (S-1-5-21-2226609107-4164577499-164976268-1000 - Administrator - Enabled) => C:\Users\BG
Guest (S-1-5-21-2226609107-4164577499-164976268-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2226609107-4164577499-164976268-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Ace Stream Media 3.1.1 (HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\AceStream) (Version: 3.1.1 - Ace Stream Media) <==== ATTENTION
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Audition 1.0 (HKLM\...\{81E76DE9-BBCB-449C-91BB-6E4E5436D496}) (Version: 1.0 - Adobe Systems)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Blackboard IM 4.1.0-C (HKLM\...\Blackboard IM) (Version: 4.1.0-C - Blackboard)
Boot Camp Services (HKLM\...\{E8F8AF38-7FFA-407A-8E4B-4722AE20FA30}) (Version: 4.0.4326 - Apple Inc.)
Box Sync (HKLM\...\{26296606-18a0-4495-9b84-0d1603ef0097}) (Version: 4.0.7848.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version: - dvd8n)
Citrix Presentation Server Client (HKLM\...\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}) (Version: 10.200.2650 - Citrix Systems, Inc.)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)
CodeTwo CatMan (HKLM\...\{E2779AFD-267F-4CB9-8107-685D8CA19F71}) (Version: 3.2.0 - CodeTwo)
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DDXL Student (HKLM\...\DDXL Student) (Version: - )
Dropbox (HKLM\...\Dropbox) (Version: 80.4.126 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
eReg (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\Flux) (Version: - f.lux Software LLC)
Folder Size 3.4.0.0 (HKLM\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
FVD Downloader Module (HKLM\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
GitHub Desktop (HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\GitHubDesktop) (Version: 2.0.4 - GitHub, Inc.)
GitHub Desktop Machine-Wide Installer (HKLM\...\{01333F63-4ED6-418A-93DA-FCF8D6E412B8}) (Version: 2.0.4 - GitHub, Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
Image Resizer for Windows (HKLM\...\{6285B71F-660A-478B-A876-C7E66A678E6A}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Java 8 Update 221 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
Last.fm Scrobbler 2.1.36 (HKLM\...\LastFM_is1) (Version: - Last.fm)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mathematics Add-In for Word and OneNote (HKLM\...\{90150000-00D8-0409-0000-0000000FF1CE}) (Version: 15.0.4481.1002 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Outlook Personal Folders Backup (HKLM\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 69.0 (x86 en-US) (HKLM\...\Mozilla Firefox 69.0 (x86 en-US)) (Version: 69.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.0.7178 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (HKLM\...\{C961313C-339B-405B-9A8B-87188584ECAD}) (Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PatchCleaner (HKLM\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PDFsam Basic (HKLM\...\{910EA44E-8446-405D-BFE1-82F562F847D0}) (Version: 3.30.0.0 - Andrea Vacondio)
PotPlayer (HKLM\...\PotPlayer) (Version: 1.7.19955 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Room EQ Wizard 5.19 (HKLM\...\4549-9647-2313-4375) (Version: 5.19 - John Mulcahy)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Self-service Plug-in (HKLM\...\{12A08693-9223-4291-B522-D247BF7530FF}) (Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SharpKeys (HKLM\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
SoulseekQt version 2017.2.20 (HKLM\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Spotify (HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\Spotify) (Version: 1.1.14.475.g566c8beb - Spotify AB)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TI Connect™ (HKLM\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Trackpad++ (HKLM\...\Trackpad++) (Version: - )
TunnelBear (HKLM\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear)
TunnelBear (HKLM\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2226609107-4164577499-164976268-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Aero (Tahoma Font) (HKLM\...\Windows Aero (Tahoma Font)_is1) (Version: - Eric G.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10) (HKLM\...\07170A155D5587C8782EABA10E94E4127A86F6E4 ) (Version: 02/01/2008 3.8.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB ) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/28/2011 4.0.3.0) (HKLM\...\1EF1377CD9F4997E7FE402BE6AD4FD98B35B0D7E ) (Version: 11/28/2011 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\9324ED54E32F5399037F87E076CA01C6CEB92830 ) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C ) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\4D00971668041EDAD7097C5827D1739F03B9E5D7 ) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/27/2012 4.0.2.0) (HKLM\...\A777BCC28B24179EF8C1D590313AC95AD6F59A78 ) (Version: 01/27/2012 4.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (01/27/2012 4.0.2.0) (HKLM\...\650D625AF6228471AEBE1CCFF4BB7556CCE5C66B ) (Version: 01/27/2012 4.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) (HKLM\...\113B313435DFF8E8645E8BB49D0692C79491CFFC ) (Version: 09/10/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) (HKLM\...\5B642FDA63EE821408C731DD1DD4668D90E16675 ) (Version: 09/10/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (01/27/2012 4.0.2.0) (HKLM\...\8667C386C17E43245E466D5F6FB3C4805CC55766 ) (Version: 01/27/2012 4.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\2E2B6DCC02509BB8D2629A009DE8B5C3055B6779 ) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (10/07/2011 4.0.1.0) (HKLM\...\AC0B2BFCEC6CF3AB2E8D1849243A85A1051BEB1C ) (Version: 10/07/2011 4.0.1.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE ) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\111E266FDD1556398EFC13BE47678F96E8497682 ) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\20CF1F4786CB13A83CD2EC358929609A9B7A205C ) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (HKLM\...\7E77301EAEB38AFBF074A5EEACED05B618975B6C ) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\31BC243044B2C02B454ECDA8F5B44427F3754DD0 ) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\4A92273B670E1AF46863F93542352C780755E201 ) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60x) Net (02/10/2012 15.2.0.5) (HKLM\...\F2A6DA2E0EAD2F68810A3C6174937D9320C2378E ) (Version: 02/10/2012 15.2.0.5 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D ) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (04/05/2012 5.106.198.19) (HKLM\...\557DBFEBA7FC5BDA0855461ED735CD79BB48295A ) (Version: 04/05/2012 5.106.198.19 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDx) SDHost (02/10/2012 1.0.0.235) (HKLM\...\2F4B05DD90510CEEF6EB1478825AED2EFE099F75 ) (Version: 02/10/2012 1.0.0.235 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/30/2012 6.6001.1.36) (HKLM\...\FF8B5F3FD21FE7703C294F36CF12825927AB70B0 ) (Version: 01/30/2012 6.6001.1.36 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\9646DB3A0BD532DCF0A6750140F84D0089FF608E ) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\D885E9963D372B22E9F3CD04F0AF501F1FCCF220 ) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\BCFD182AEFFCC167E74298C1563F0C84CEE4D92C ) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\8BB769A00E5FB4E3C5C45B4B60C20B4322C430BD ) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\157C5C3D3E97D5439AD0C6268A489EF68FB7AD4F ) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\82BE89CA9B7493FA05D2D4D32B415CF07EA08B47 ) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3) (HKLM\...\1D68F7A8B8397256B162B831457A6775BD17F3F4 ) (Version: 03/23/2007 10.12.7.3 - Marvell)
Windows Driver Package - Vladimir Plenskiy Software (trackpad_plus_plus_x86) Mouse (07/06/2013 2.4.2.0) (HKLM\...\5CA8D995BE61FE70E1A2B389147D92C921F74867 ) (Version: 07/06/2013 2.4.2.0 - Vladimir Plenskiy Software)
Windows Driver Package - Vladimir Plenskiy Software (trackpad_plus_plus_x86) Mouse (10/24/2012 2.3.4.0) (HKLM\...\25E59BA673694E355F54187E82876D86D6544F49 ) (Version: 10/24/2012 2.3.4.0 - Vladimir Plenskiy Software)
Windows Driver Package - Vladimir Plenskiy Software (trackpad_plus_plus_x86) Mouse (12/12/2013 3.0.0.0) (HKLM\...\7D5EB53B2D6B34961020DF126D08D4CD8A093A34 ) (Version: 12/12/2013 3.0.0.0 - Vladimir Plenskiy Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\BG\AppData\Local\Google\Update\GoogleUpda te.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.21.135 \psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\G oogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\G oogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\p suser.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett Packard -> Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\G oogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.21.145 \psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.21.153 \psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{8816027c-d5cf-4c23-89ab-b01f6d5bed4e}\localserver32 -> C:\Program Files\TunnelBear\TunnelBear.UI.exe (TunnelBear, Inc. -> TunnelBear)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.22.3\p suser.dll => No File
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.21.165 \psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\n pGoogleUpdate3.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\n pGoogleUpdate3.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\G oogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.23.9\p suser.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2226609107-4164577499-164976268-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\BG\AppData\Local\Google\Update\1.3.22.5\p suser.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\BG\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\BG\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\BG\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BG\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BG\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BG\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BG\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-19 12:55 - 2017-07-19 12:55 - 000524288 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2017-07-09 14:53 - 2017-07-09 14:53 - 002755246 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2015-11-22 13:02 - 2015-11-22 13:02 - 001444864 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2014-12-29 22:10 - 2013-09-03 10:54 - 000351232 _____ () [File not signed] C:\Program Files\Last.fm\lastfm.dll
2014-12-29 22:10 - 2012-12-13 01:12 - 000111104 _____ () [File not signed] C:\Program Files\Last.fm\libvlc.dll
2014-12-29 22:10 - 2012-12-13 01:13 - 002286592 _____ () [File not signed] C:\Program Files\Last.fm\libvlccore.dll
2014-12-29 22:10 - 2013-09-03 14:01 - 000126976 _____ () [File not signed] C:\Program Files\Last.fm\listener.dll
2014-12-29 22:10 - 2013-09-03 14:01 - 000032768 _____ () [File not signed] C:\Program Files\Last.fm\logger.dll
2014-12-29 22:10 - 2013-01-18 12:39 - 000302592 _____ () [File not signed] C:\Program Files\Last.fm\phonon.dll
2014-12-29 22:10 - 2012-12-13 01:13 - 000049664 _____ () [File not signed] C:\Program Files\Last.fm\plugins\audio_output\libaout_directx _plugin.dll
2014-12-29 22:10 - 2013-01-18 12:49 - 000182784 _____ () [File not signed] C:\Program Files\Last.fm\plugins\phonon_backend\phonon_vlc.dl l
2014-12-29 22:10 - 2013-09-03 14:01 - 000736768 _____ () [File not signed] C:\Program Files\Last.fm\unicorn.dll
2010-10-05 05:03 - 2010-10-05 05:03 - 000046592 _____ () [File not signed] C:\Program Files\TrackpadPlusPlus\interface32.dll
2009-08-17 04:41 - 2009-08-17 04:41 - 000016384 _____ () [File not signed] C:\Program Files\TrackpadPlusPlus\ModifyRegistry.dll
2013-12-27 01:03 - 2013-12-27 01:03 - 000052736 _____ () [File not signed] C:\Program Files\TrackpadPlusPlus\res.dll
2010-05-05 06:36 - 2010-05-05 06:36 - 000049152 _____ () [File not signed] C:\Program Files\TrackpadPlusPlus\tpp32.dll
2018-02-12 20:33 - 2018-02-12 20:33 - 000161792 _____ () [File not signed] C:\Program Files\TunnelBear\TunnelBear.VigilantBear.Wrapper.d ll
2013-11-20 08:59 - 2013-11-20 08:59 - 000333824 _____ () [File not signed] C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freety pe.wac
2010-05-13 15:19 - 2010-05-13 15:19 - 000013312 _____ () [File not signed] C:\Program Files\Winamp\Plugins\gen_yar.dll
2015-02-02 19:43 - 2006-12-16 13:48 - 000100384 _____ () [File not signed] C:\Program Files\Winamp\Plugins\in_shn.dll
2019-09-17 20:04 - 2019-09-17 20:04 - 002593168 _____ () [File not signed] C:\Users\BG\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
2019-09-17 20:03 - 2019-09-17 20:03 - 000043520 _____ () [File not signed] C:\Users\BG\AppData\Local\Temp\proxy_vole302067537 7337745094.dll
2013-02-23 11:46 - 2013-02-23 11:46 - 000141312 _____ (Brice Lambson) [File not signed] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll
2011-01-03 14:53 - 2011-01-03 14:53 - 002393600 _____ (CodeTwo(R)) [File not signed] C:\Program Files\CodeTwo\CodeTwo CatMan\CatMan.dll
2011-01-03 14:52 - 2011-01-03 14:52 - 000263680 _____ (CodeTwo(R)) [File not signed] C:\Program Files\CodeTwo\CodeTwo CatMan\CatMan_ResEN.dll
2010-01-13 01:32 - 2010-01-13 01:32 - 002510848 _____ (Component Factory Pty Ltd) [File not signed] C:\Program Files\TrackpadPlusPlus\ComponentFactory.Krypton.To olkit.dll
2013-11-12 16:15 - 2013-11-12 16:15 - 000193024 _____ (Darren Owen aka DrO) [File not signed] C:\Program Files\Winamp\Plugins\gen_jumpex.dll
2013-11-11 11:52 - 2013-11-11 11:52 - 000009728 _____ (Darren Owen aka DrO) [File not signed] C:\Program Files\Winamp\System\UnicodeTaskbarFix.w5s
2017-02-17 00:14 - 2016-10-04 08:12 - 000049664 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-09-17 20:04 - 2019-09-17 20:04 - 000227897 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\BG\AppData\Local\JDownloader 2.0\tmp\jna\jna3050627999437563011.dll
2014-12-29 22:10 - 2013-01-10 14:19 - 000280576 _____ (Last.fm) [File not signed] C:\Program Files\Winamp\Plugins\ml_wa2_scrobbler.dll
2009-12-21 00:14 - 2009-12-21 00:14 - 000013824 _____ (michaelnoonan) [File not signed] C:\Program Files\TrackpadPlusPlus\InputSimulator.dll
2005-10-10 10:11 - 2005-10-10 10:11 - 000084992 _____ (MUKOLI) [File not signed] C:\Program Files\Winamp\Plugins\out_lame.dll
2014-12-29 22:10 - 2012-09-12 04:29 - 000026624 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\plugins\imageformats\qgif4.dll
2014-12-29 22:10 - 2012-09-12 04:29 - 000201216 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\plugins\imageformats\qjpeg4.dll
2014-12-29 22:10 - 2012-09-12 04:30 - 000222208 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\plugins\imageformats\qmng4.dll
2014-12-29 22:10 - 2012-10-10 18:07 - 002576384 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\QtCore4.dll
2014-12-29 22:10 - 2012-09-12 02:36 - 008571392 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\QtGui4.dll
2014-12-29 22:10 - 2012-09-12 02:20 - 001052160 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\QtNetwork4.dll
2014-12-29 22:10 - 2012-09-12 04:27 - 013110272 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\QtWebKit4.dll
2014-12-29 22:10 - 2012-09-12 02:19 - 000355840 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Last.fm\QtXml4.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000017920 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Components\ssdp.w6c
2013-11-20 08:59 - 2013-11-20 08:59 - 000621568 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\jnetlib.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000260096 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\libsndfile.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000086528 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\nde.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000418816 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\nsutil.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000029184 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\nxlite.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000051712 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\gen_crasher.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 001713664 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\gen_ff.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000030720 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000330240 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\gen_ml.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000026624 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\gen_tray.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000070144 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_avi.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000086528 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_cdda.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000072704 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_dshow.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000049664 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_flac.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000044032 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_flv.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000008192 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_linein.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000112128 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_midi.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000041472 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_mkv.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000164864 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_mod.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000269824 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_mp3.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000054784 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_mp4.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000077824 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_nsv.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000023552 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_swf.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000247808 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_vorbis.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000024064 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_wave.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000313856 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\in_wm.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000028160 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_autotag.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000031744 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000226816 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_devices.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000200192 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_disc.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000057856 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_downloads.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000061440 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_history.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000053760 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_impex.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000327680 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_local.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000023040 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_nowplaying.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000139776 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_online.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000112128 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_playlists.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000085504 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_plg.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000286720 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_pmp.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000038912 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_rg.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000033792 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_transcode.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000126976 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\ml_wire.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000024576 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\out_disk.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000053760 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\out_ds.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000019968 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\out_wave.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000058880 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\pmp_android.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000160768 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\pmp_ipod.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000020992 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\pmp_njb.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000114176 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\pmp_p4s.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000053760 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\pmp_usb.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000078336 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\Plugins\pmp_wifi.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000026112 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\albumart.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000169984 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\auth.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000018944 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\bmp.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000034304 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\devices.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000018432 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\dlmgr.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000015360 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\filereader.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000019968 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\gif.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000017408 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\gracenote.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000624640 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\jnetlib.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000156672 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\jpeg.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000309248 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\ombrowser.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000088576 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\playlist.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000086016 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\png.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000014848 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\primo.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000024064 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\tagz.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000033792 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\timer.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000046592 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\wasabi2.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000089088 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\xml.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000017408 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\System\xspf.w5s
2013-11-20 08:59 - 2013-11-20 08:59 - 000088576 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\tataki.dll
2013-11-20 08:59 - 2013-11-20 08:59 - 000044544 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files\Winamp\zlib.dll
2014-12-29 22:10 - 2013-01-28 18:59 - 001156096 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Last.fm\LIBEAY32.dll
2014-12-29 22:10 - 2013-01-28 18:59 - 000265216 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Last.fm\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\BG\Desktop\~WRL0609.tmp:com.dropbox.attri butes [168]
AlternateDataStreams: C:\Users\BG\Desktop\~WRL3500.tmp:com.dropbox.attri butes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\UnsignedThemes => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)
Reply With Quote
  #5  
Old September 18th, 2019, 04:10 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 401
==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2019-09-16 17:33 - 000000030 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\J ava\javapath;%SystemRoot%\system32;%SystemRoot%;%S ystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0; C:\Program Files\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Windows Live\Shared
HKU\S-1-5-21-2226609107-4164577499-164976268-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: NovaPdfServer => 2
MSCONFIG\Services: RoxWatch10 => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TunnelBearMaintenance => 2
MSCONFIG\startupreg: AceStream => C:\Users\BG\AppData\Roaming\ACEStream\engine\ace_e ngine.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: POWER PLAN ASSISTANT => C:\Program Files\PowerPlanAssistant\PowerPlanAssistantLaunche r.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\BG\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CD18F187-6ADC-46C8-9C90-865ECD42D862}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{791202C8-818D-4C3C-B549-C9815A822E4A}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{3D20AFAC-A252-4BCC-8B02-3E6FEB762CC9}] => (Allow) C:\Users\BG\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google Inc -> Google)
FirewallRules: [{A55FC2A4-4833-4FFB-B0D8-C86F301044CD}] => (Allow) C:\Users\BG\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google Inc -> Google)
FirewallRules: [{D20193D8-7361-4956-93DC-330A02E5512B}] => (Allow) C:\Users\BG\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google Inc -> Google)
FirewallRules: [{8B55D188-2EF3-4780-AD8C-981EDB90A23B}] => (Allow) C:\Users\BG\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google Inc -> Google)
FirewallRules: [TCP Query User{BCC25229-5E39-49CC-9CFB-212340D581F4}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe No File
FirewallRules: [UDP Query User{8F8F0BAF-BF04-442C-9E72-450C4E4AE1FF}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe No File
FirewallRules: [TCP Query User{14527534-FC9F-415B-920B-2DCB2A5C0A01}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe No File
FirewallRules: [UDP Query User{AB4006D2-A900-433D-B458-2BD791C4A3C1}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe No File
FirewallRules: [{2FA80B19-E01E-417F-9461-B89FCDB0F390}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{98BAE377-78F1-44DA-9107-4D6B1CB93C0D}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{013A076C-A1AF-4E83-9598-A5C714EBA47C}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{500B289B-7C3E-4D9F-B5C5-37A134338719}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{852510FB-C828-4375-9B8A-546C770AB4AF}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{537B9267-A09D-4C7F-9B45-A16DD8CDAAFF}] => (Allow) C:\Program Files\Steam\SteamApps\common\FEZ\FEZ.exe (Polytron Corporation) [File not signed]
FirewallRules: [{A3833B45-7D20-4B4D-BF47-23DB3853ABE6}] => (Allow) C:\Program Files\Steam\SteamApps\common\FEZ\FEZ.exe (Polytron Corporation) [File not signed]
FirewallRules: [{868FB457-2687-4B43-8C4C-43C8F7F845CB}] => (Allow) C:\Program Files\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions .exe No File
FirewallRules: [{76C4DCDD-3C3B-4896-9145-53C791CC9F22}] => (Allow) C:\Program Files\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions .exe No File
FirewallRules: [{36CEE0A9-FBA5-4584-86E7-76D8D5A6C9D0}] => (Allow) C:\Users\BG\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{98A142FE-4CDE-44F7-9C1D-DB86B6109FB5}] => (Allow) C:\Users\BG\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{935836AE-8E63-41DD-9EED-57A17CA37F77}] => (Allow) C:\Users\BG\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E9A15B2B-533D-4B99-88B0-D0D191B61A82}] => (Allow) C:\Users\BG\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{BEBE5960-0486-48D6-9C15-9CA56E37AE16}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{6B050347-746A-48E9-8365-81EFB95DAA92}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{33FD77E4-77C1-4C26-82D7-FCD9DA3E4601}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F9BEAC1D-F671-43CE-82D9-0DADF9E98E6C}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{92E73E65-D654-4376-B20E-8B1B0F234648}C:\program files\deluge\deluge.exe] => (Allow) C:\program files\deluge\deluge.exe No File
FirewallRules: [UDP Query User{993AC24A-DCED-4821-8912-DD0EFE1012FE}C:\program files\deluge\deluge.exe] => (Allow) C:\program files\deluge\deluge.exe No File
FirewallRules: [{B71A8F23-FDF7-453C-B5FB-59B6912D1ACD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{05469B74-3F4D-47D0-9CA3-DC3F21B0C532}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{459E3031-C86B-4C70-9C91-AFD3D4971291}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2774CA7E-5E2A-4C33-95B8-3366ADE5FF7E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1B006F07-F86A-496F-A00C-10D67E5B022A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{4417CFB4-AC55-475E-8B80-945471BC0798}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{5DE060BB-B3B3-44F9-BCCD-21503D84964E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{818E957A-C30D-4CCB-9C25-F40A199C8399}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{C8232362-6955-47EC-9E05-73B32FA94EFC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{8D23590B-03AD-45CF-92A2-4A8F9DD2C49B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{73A1592A-3DC0-481F-AAEB-D37A56D58E2B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{05E131F8-5DCB-4F29-8F83-9EA141F440EE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{716A8EDE-2148-4E72-905F-100530AE40E4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{98BAE364-A104-4A16-A05B-5E18E3116E83}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{D21F35E6-5879-4F4A-8D12-5401B6F59FC5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{37857799-88AD-4BF2-8861-BFB306EC45B4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{A82FEE08-E31C-4315-8D37-96C1E9D9631D}] => (Allow) C:\Users\BG\AppData\Roaming\ACEStream\engine\ace_e ngine.exe (Innovative Digital Technologies -> )
FirewallRules: [{F84D151C-A710-430F-A159-C02EFEE7F932}] => (Allow) C:\Users\BG\AppData\Roaming\ACEStream\engine\ace_e ngine.exe (Innovative Digital Technologies -> )
FirewallRules: [{F8601182-F997-4A8B-83F6-7B90011FFAE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E04D7B1-D182-400A-867A-8ED0A012EDCE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C96DC1A8-4491-44F2-8133-779B2086A9E1}C:\users\bg\appdata\roaming\acestream \engine\ace_engine.exe] => (Allow) C:\users\bg\appdata\roaming\acestream\engine\ace_e ngine.exe (Innovative Digital Technologies -> )
FirewallRules: [UDP Query User{E90FFB0B-F274-44BB-A807-8CE0FB3AFE4A}C:\users\bg\appdata\roaming\acestream \engine\ace_engine.exe] => (Allow) C:\users\bg\appdata\roaming\acestream\engine\ace_e ngine.exe (Innovative Digital Technologies -> )
FirewallRules: [{50D5F465-9F32-4398-BD5E-2F676AE05055}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{189F002E-451B-4E57-9297-E07A45CB14E6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{12F3FADD-3C4D-4819-B1EE-6C4F32DD25DA}] => (Allow) C:\Program Files\Steam\SteamApps\common\YDKJ_VOL1XL\YDKJV1.EX E () [File not signed]
FirewallRules: [{34CD4956-C82B-422B-924D-69A517A8656E}] => (Allow) C:\Program Files\Steam\SteamApps\common\YDKJ_VOL1XL\YDKJV1.EX E () [File not signed]
FirewallRules: [{0A9D90AC-CDC7-44CF-8D60-93784F38BA5E}] => (Allow) C:\Program Files\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{FE0A3122-5978-4F36-B45D-7C17A943AC91}] => (Allow) C:\Program Files\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{C97F3F32-894E-4928-958B-2B19E08E09A3}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{02AB89C2-761E-47CA-B67B-F13174F5F63A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{247083E8-5186-4091-B0A0-16C4E626C423}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{A1289FFA-986E-4F34-A5F2-F9B8FD66ED60}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5BDD064B-7B69-47F2-9059-96D8B3C9C924}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{FCE1B4DF-7A18-4146-A3A9-DEF8E0AF85C5}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{705F7D82-8FC4-4E50-A7A0-3AAB353D19F5}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{EC6DAD4C-B820-4999-B56B-3BF8CFC757D9}] => (Allow) LPort=1688
FirewallRules: [{41A0F82F-76CD-47A3-9076-02F86652BF4B}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB9AC740-1EF0-483C-9605-24FDDD9306B6}] => (Allow) LPort=2869
FirewallRules: [{E14512FE-1C09-4D6C-931B-A64383BD3A33}] => (Allow) LPort=1900
FirewallRules: [{79C56C28-66B0-4594-8366-EC680FD05545}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0FD644C7-F266-4C8E-BA0A-E262D58AF99F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2CBFFF0B-7B05-4B9E-B66F-95E9EFE6A56E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{01920070-E82B-4F83-B985-2DB468CECE65}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B5AE700D-D107-4023-A5FC-ECDC47D07C30}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe No File
FirewallRules: [{2FEDA83F-4121-4374-AFE3-529D493C6B05}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe No File
FirewallRules: [{A9E17CED-DAAD-4146-8487-712B38ABD0AF}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{17A4760D-3DB9-4B05-85BF-BCFF8F3E6FA6}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DE2D97C3-1697-47F1-904B-CB677390FD1B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Aztez\Aztez.exe () [File not signed]
FirewallRules: [{BCBB752A-7A5E-42B7-9983-3941EC44AD46}] => (Allow) C:\Program Files\Steam\SteamApps\common\Aztez\Aztez.exe () [File not signed]
FirewallRules: [TCP Query User{CF98172E-549E-4722-B540-80AC4C12F5AB}C:\program files\soulseekqt\soulseekqt.exe] => (Block) C:\program files\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [UDP Query User{E2263090-0C24-473A-9174-9BEE38330C5E}C:\program files\soulseekqt\soulseekqt.exe] => (Block) C:\program files\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [{1FB3194A-EA94-47F7-AC89-37E9D4286DC3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{3AC2AD50-1633-40F2-B799-626C8CBC8000}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{AAA5D709-1008-4FB9-B15E-1C171FD55916}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

04-09-2019 00:00:02 Scheduled Checkpoint
11-09-2019 23:31:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Apple Broadcom Built-in Bluetooth
Description: Apple Broadcom Built-in Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Apple Inc.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2019 05:33:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.3.0.0, time stamp: 0x53b06ef6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00640598
Faulting process id: 0x7d8
Faulting application start time: 0x01d56cef72277ffe
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: b636c572-d8e2-11e9-9ef4-00e04c0022ed

Error: (09/15/2019 02:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ace_engine.exe, version: 0.0.0.0, time stamp: 0x547c2acc
Faulting module name: ntdll.dll, version: 6.1.7601.24117, time stamp: 0x5add1df9
Exception code: 0xc0000005
Fault offset: 0x00031d26
Faulting process id: 0x1e24
Faulting application start time: 0x01d56b8d48b3e95f
Faulting application path: C:\Users\BG\AppData\Roaming\ACEStream\engine\ace_e ngine.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 984fbdcf-d803-11e9-a3ce-00e04c0022ed

Error: (09/11/2019 06:15:33 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "mapi15://{S-1-5-21-2226609107-4164577499-164976268-1000}/">.

Error: (09/11/2019 06:15:29 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x80070015.

Error: (09/11/2019 06:15:27 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x800706ba).

Error: (09/11/2019 06:14:45 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/11/2019 06:14:45 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/11/2019 06:14:45 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/17/2019 04:41:17 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/17/2019 03:34:02 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/17/2019 02:21:02 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/17/2019 02:09:17 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/17/2019 02:00:04 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/17/2019 01:13:34 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/16/2019 11:17:04 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/16/2019 11:02:19 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Windows Defender:
===================================
Date: 2018-08-06 03:39:10.209
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{5003D2E8-138A-4AC8-B938-F7E31A1D9168}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2019-07-17 16:48:45.761
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2018-10-07 19:50:55.737
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2017-02-26 09:38:57.749
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.235.3056.0
Engine version:1.1.9103.0

Date: 2017-02-26 09:38:55.799
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2018-09-08 00:18:27.536
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Apple Inc. ACRSYS - 0 11/27/2012
Motherboard: Apple Inc. Mac-2E6FAB96566FE58C
Processor: Intel(R) Core(TM) i5-3427U CPU @ 1.80GHz
Percentage of memory in use: 94%
Total physical RAM: 2220.69 MB
Available physical RAM: 117.64 MB
Total Virtual: 6370.81 MB
Available Virtual: 508.77 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:87.98 GB) (Free:4.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:24.21 GB) (Free:0.25 GB) HFS
Drive e: (Samsung 500GB SSD ) (Fixed) (Total:465.76 GB) (Free:324.9 GB) NTFS
Drive g: (WD 3TB External) (Fixed) (Total:2794.49 GB) (Free:1732.2 GB) NTFS


==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 113 GB) (Disk ID: 59DBA80F)

Partition: GPT.
Partition 2: (Not Active) - (Size=24.2 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=88 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: CA956D7D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

==================== End of Addition.txt ============================
Reply With Quote
  #6  
Old September 19th, 2019, 10:49 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,868
Bremang, we have kinda walked down this path before. The log shows KMSPico installed. According to their website, "KMSPico is used to validate the pirated version of Microsoft Windows". However, as I added to this guideline thread, we will nowadays still assist. But the logs show no malware, and just connecting to airport wifi really shouldn't cause any harm to your computer. Is your computer set to automatically connect to your home wifi? If so, I suggest you log out of wifi, reboot, then reconnect to your wifi, as see if that helps.

By the way, instead of resorting to software to hack Windows, I just checked Ebay, and a legit product key sells for as little as $5 USD, so really no longer any need for any hacks.
Reply With Quote
  #7  
Old September 19th, 2019, 06:54 PM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 401
When I go to control panel, system, scroll to the bottom, there is no option to change my product key. I googled that there was a way to do it via cmd.exe but I'm not sure that would work if the option isn't even available in the control panel. Do you know a way that would definitely work, or would I need to install a entire new copy on my machine?
Reply With Quote
  #8  
Old September 20th, 2019, 10:55 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,868
Follow the steps here.

Click the Start button , right-click Computer, and then click Properties.

Scroll down to the bottom of the window that appears, and then, under Windows activation, click Change product key.

If you’re prompted for permission to continue the process, click Continue.

Follow the instructions to change your product key and activate your copy of Windows 7.
Reply With Quote
  #9  
Old September 23rd, 2019, 03:29 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 401
Thanks, but check out my previous post where I addressed your instructions. There is no option to change product key.

Reply With Quote
  #10  
Old September 23rd, 2019, 10:45 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,868
Showing activated - likely that hack. On that same page I linked to, follow the Command Line Method.
Reply With Quote
  #11  
Old September 25th, 2019, 05:06 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 401




DONE!
Reply With Quote
  #12  
Old September 25th, 2019, 11:39 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,868
Excellent choice. Still have issues we need to deal with?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:52 AM.