Featured Post

Avira Antivirus Pro - Review 2020 - PCMag India

Image
Avira Antivirus Pro - Review 2020 - PCMag IndiaAvira Antivirus Pro - Review 2020 - PCMag IndiaPosted: 11 Jun 2020 12:00 AM PDTEvery computer needs antivirus protection, and one way companies can support that aim is to provide free antivirus to the masses. But these companies can't survive unless some users shell out their hard-earned cash for paid antivirus utilities. Piling on pro-only tools and components is one way companies encourage upgrading to a paid antivirus. Avira Antivirus Pro adds several components not available to users of Avira Free Security, but they don't really add much value. The biggest reason to pay for it is if you want to use Avira in a commercial setting, which isn't allowed with the free version.Avira's pricing is undeniably on the high side, with a list price of $59.88 per year for one license, $71.88 for three, and $95.88 for five. Admittedly, it seems to be perpetually on sale; just now, the one-license price is discounted to $44.99. That…

2 copies of explorer.exe - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Win7 SP1 x64

------------------------

I have 2 copies of explorer.exe, and it's been going on for a long time. The fellow I've been working with at 7Forums suspects malware

--Closing one doesn't seem to affect the system

--sfc /scannow and chkdsk produce nothing negative

--MBAM and my A-V have found nothing

--System doesn't have any other strange behaviors associated with malware

--AdWcleaner shows all clean.

There's no hurry to do this. Nothing is acting weird and I have 2 other machines..

Attached are logs of Farbar Recovery Scan Tool, separated by a double row of red asterisks

My own notes are at the bottom in blue

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by Prize-02 (19-03-2020 17:12:47)
Running from D:\AAADown7
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-18 16:33:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
2nd Admin Test User (S-1-5-21-3514852469-3404283315-88258209-1010 - Administrator - Enabled)
Administrator (S-1-5-21-3514852469-3404283315-88258209-500 - Administrator - Enabled)
Guest (S-1-5-21-3514852469-3404283315-88258209-501 - Limited - Disabled)
Prize-02 (S-1-5-21-3514852469-3404283315-88258209-1000 - Administrator - Enabled) => C:\Users\Prize-02
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
123 Free Solitaire v11.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version:  - TreeCardGames)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.321 - Adobe)
ANT Drivers Installer x64 (HKLM\...\{6AE0802A-390F-4A82-B58B-A7F37F1FD82E}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AppLogLibSetup (HKLM-x32\...\{7C40ADB8-AD6E-4CDF-94A1-06ACDC99F90F}) (Version: 1.0.2.0 - Brother Industries Ltd.) Hidden
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 7.0.24.0 - Auslogics Labs Pty Ltd)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
BrLauncher (HKLM-x32\...\{9483AB22-92AA-4161-9E79-DE77B71949DA}) (Version: 1.1.6.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{E9A086F3-E0CB-4E91-AABE-586D99788BC3}) (Version: 1.0.1.1 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
BurnAware Free 12.8 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7041 - CDBurnerXP)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
ClipMate 7 (HKLM-x32\...\{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1) (Version: 7 - Thornsoft Development, Inc.)
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
DeskPins (HKLM-x32\...\DeskPins) (Version: 1.32 - Elias Fotinis)
Desktop Restore version 1.7.0 (HKLM\...\{DBD4F07A-7607-4A4F-A46C-6AA399E06E38}_is1) (Version: 1.7.0 - Jamie O'Connell)
DeviceDetect (HKLM-x32\...\{0B226409-96A6-47F0-84D8-89223B6F9479}) (Version: 1.0.3.4 - Brother Industries Ltd.) Hidden
DS Clock (HKLM-x32\...\DS Clock_is1) (Version: 2.6.3 - Duality Software)
EaseUS Partition Master 13.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Elevated Installer (HKLM-x32\...\{486DCE02-1FB0-4962-9CB3-4265F2D49126}) (Version: 6.13.1.0 - Garmin Ltd or its subsidiaries) Hidden
EndItAll 2.0 (HKLM-x32\...\EndItAll_is1) (Version: 2.0 - Ziff Davis Media, Inc.)
FontExpert 2019 Font Manager (HKLM\...\FontExpert 2019) (Version: 16.0.0.4 - Proxima Software)
FoxArc Screen Capture V1.4 (HKLM-x32\...\FoxArc Screen Capture) (Version:  - )
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Glary Utilities 5.135 (HKLM-x32\...\Glary Utilities 5) (Version: 5.135.0.161 - Glarysoft Ltd)
GlassWire 2.1 (remove only) (HKLM-x32\...\GlassWire 2.1) (Version: 2.1.167 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{4DF3098D-2A9A-46DF-8B8C-9DD31D319739}) (Version: 20.2.9.6 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 8.10 Update Patch (HKLM-x32\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version:  - )
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.4.2.0 - KarenWare.com)
Karen's Replicator (HKLM-x32\...\Karen's Replicator) (Version: 3.7.4.0 - KarenWare.com)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Macrium Reflect Free Edition (HKLM\...\{D59877C2-0B8F-4ACC-AD29-C710FA69DBD0}) (Version: 7.2.4325 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microangelo 5.0 (HKLM-x32\...\Microangelo 5.0) (Version:  - )
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM-x32\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 52.9.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x64 en-US)) (Version: 52.9.0 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Neverball 1.5.4 (HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Neverball) (Version: 1.5.4 - )
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 58.0.3135.132 (HKLM-x32\...\Opera 58.0.3135.132) (Version: 58.0.3135.132 - Opera Software)
PC-FAXReceive (HKLM-x32\...\{8DB92891-74BB-464E-BCF8-6D6A9C2132AC}) (Version: 1.3.8.0 - Brother Insutries Ltd.) Hidden
Pixie (HKLM-x32\...\Pixie) (Version:  - )
Postimage version 1.0.1 (HKLM-x32\...\{B8BAF53F-4680-44A4-AF64-9934F924676B}_is1) (Version: 1.0.1 - Postimage)
PowerPoint Viewer 2.0 (HKLM-x32\...\PowerPoint Viewer 2.0) (Version:  - )
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registry Workshop (HKLM\...\Registry Workshop) (Version:  - )
RemoteSetup (HKLM-x32\...\{B6CE4633-EA3F-4856-9BCC-9B8702E076FE}) (Version: 3.8.0.0 - Brother Industries Ltd.) Hidden
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Screenpic 0.15.2 (HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Screenpic) (Version: 0.15.2 - screenpic.net)
Skype version 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
SoundingBox (HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\SoundingBox) (Version: 1.0.43 - SoundingBox)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Sticky Password 8.2.3.24 (HKLM-x32\...\Sticky Password_is1) (Version: 8.2 - Lamantine Software)
Super DX-Ball v1.00 (HKLM-x32\...\Super DX-Ball_is1) (Version: 1.0 - BlitWise Productions, LLC)
Super Finder XT 1.6.3.2 (HKLM-x32\...\Super Finder XT_is1) (Version:  - FSL - FreeSoftLand)
The Print Shop (HKLM-x32\...\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}) (Version:  - Broderbund LLC)
TreeComp 4.0 b57 (x64) (HKLM\...\{482B2DF4-C161-45A2-947C-834FB5BEB432}_is1) (Version:  - Lennert Ploeger)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.9 - CrystalIDEA Software)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Userfeel 1.4.22 (HKLM-x32\...\{2bfdce5e-c78c-59b9-91ca-79fa2c7b233c}) (Version: 1.4.22 - Userfeel)
UserTesting (HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\UserTestingPlugin) (Version:  - UserTesting.com)
Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Waterfox Classic 56.3 (x64 en-US) (HKLM\...\Waterfox Classic 56.3 (x64 en-US)) (Version: 56.3 - Waterfox Ltd)
Win Driver Backup 8.8.1 (HKLM-x32\...\Win Driver Backup_is1) (Version:  - WinDriverBackup Co., Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WizTree v3.15 (HKLM\...\WizTree_is1) (Version:  - Antibody Software)
WordWeb (HKLM-x32\...\WordWeb) (Version: 8 - WordWeb Software)
Youtube Downloader HD v. 2.9.9.41 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.8.023.18219 - Check Point)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Prize-02\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Prize-02\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3514852469-3404283315-88258209-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-08-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-08-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3-x32: [MicroangeloMenu] -> {616c1f06-bad8-11d2-b355-00104b642749} => C:\Windows\SysWOW64\muangsys.dll [2000-09-11] () [File not signed]
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [DeskMenu] -> {7E74422F-2393-11D4-98E0-444553540000} => C:\Program Files\Desktop Restore\dkticnsr.dll [2016-11-04] (Jamie O'Connell) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => C:\Program Files\Windows Sidebar\sbdrop.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Intel Corporation) [File not signed]
ContextMenuHandlers6-x32: [IconLayout] -> {19F500E0-9964-11cf-B63D-08002B317C03} => Layout.dll -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [398360 2009-10-07] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2009-10-07] (Logitech Inc -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Prize-02\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3fbb4eed9afddb3b\UserLook Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=neimnkpjllmhbfkghkmmajadlicnpjej
ShortcutWithArgument: C:\Users\Prize-02\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\147e4e90521dcb32\Google Chrome.lnk -> C:\Users\Prize-02\AppData\Local\Google\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2019-10-19 01:03 - 2019-09-02 13:51 - 001398272 _____ () [File not signed] C:\Program Files (x86)\Sticky Password\DLLs\_hashlib.pyd
2019-07-14 22:36 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zipx64\7-zip.dll
2011-01-27 09:23 - 2011-01-27 09:23 - 000109056 _____ (Intel Corporation) [File not signed] C:\Windows\system32\hccutils.DLL
2011-01-27 09:24 - 2011-01-27 09:24 - 000335872 _____ (Intel Corporation) [File not signed] C:\Windows\system32\igfxpph.dll
2011-01-27 09:22 - 2011-01-27 09:22 - 000285696 _____ (Intel Corporation) [File not signed] C:\Windows\system32\igfxrENU.lrc
2017-08-13 08:49 - 2017-08-13 08:49 - 000760632 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer32.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2017-02-20 23:44 - 2016-11-04 20:06 - 000521728 _____ (Jamie O'Connell) [File not signed] C:\Program Files\Desktop Restore\dkticnsr.dll
2009-07-13 19:55 - 2009-07-13 21:40 - 000053248 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Windows\System32\AltTab.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\TEMP:B0D4D817 [85]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice => regfile
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2019-01-04 04:57 - 000002303 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1    216.146.219.225
127.0.0.1    www.thornsoft.com
127.0.0.1   thornsoft.com
127.0.0.1         76.75.211.2
127.0.0.1   216.146.195.24
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: DSClockSyncTime => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Freemake Improver => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MacriumService => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: WSearch => 3
MSCONFIG\startupfolder: C:^Users^Prize-02^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dashlane  4.6.8.lnk => C:\Windows\pss\Dashlane  4.6.8.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Prize-02^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DS Clock.lnk => C:\Windows\pss\DS Clock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Prize-02^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^dsclock.exe - Shortcut.lnk => C:\Windows\pss\dsclock.exe - Shortcut.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Prize-02^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DuckCapture.lnk => C:\Windows\pss\DuckCapture.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Prize-02^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PTReplicator.exe - Shortcut.lnk => C:\Windows\pss\PTReplicator.exe - Shortcut.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Prize-02^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sticky Password.lnk => C:\Windows\pss\Sticky Password.lnk.Startup
MSCONFIG\startupreg: BrHelp =>  /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Flvto Youtube Downloader => "C:\program files\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
MSCONFIG\startupreg: GarminExpress => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized
MSCONFIG\startupreg: Google Update => C:\Users\Prize-02\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MP3 Skype recorder => C:\Users\Prize-02\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
MSCONFIG\startupreg: Reflect UI => C:\Program Files\Macrium\Common\ReflectUI.exe
MSCONFIG\startupreg: Screenpic => C:\Users\Prize-02\AppData\Local\Screenpic\screenpic.exe
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AB90B65B-A506-4786-82FD-AE9833C56725}] => (Allow) C:\Program Files\Opera\46.0.2597.39\opera.exe No File
FirewallRules: [{093DF395-B22A-46EA-83AE-4C186FC5C8DE}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) [File not signed]
FirewallRules: [{7BA806F8-A9F3-4155-8112-65BB26837E75}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) [File not signed]
FirewallRules: [TCP Query User{04195A8B-DDD5-4DDE-97F6-3204C3FD7960}C:\program files (x86)\logitech\vid hd\vid.exe] => (Block) C:\program files (x86)\logitech\vid hd\vid.exe (Logitech Inc.) [File not signed]
FirewallRules: [UDP Query User{45044EAF-5C9B-4E30-BCF1-72D9A2C096A7}C:\program files (x86)\logitech\vid hd\vid.exe] => (Block) C:\program files (x86)\logitech\vid hd\vid.exe (Logitech Inc.) [File not signed]
FirewallRules: [TCP Query User{080ED42F-4AD2-461B-8403-DFDA1AE5E8CF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File
FirewallRules: [UDP Query User{F7CE58FD-922F-4798-8AB1-09025264E88A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File
FirewallRules: [{9830D275-C496-4DBC-A119-A209E445F56A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{118DCC68-9BB5-4F08-8C8B-E4F81518002C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2DFA463E-959D-42E3-9836-ED22FEAA865B}] => (Allow) C:\Program Files\Opera\58.0.3135.127\opera.exe No File
FirewallRules: [{B6FC53CF-A747-4D00-884F-49BBF7EBD3ED}] => (Allow) C:\Program Files\Opera\58.0.3135.132\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{935E9603-7A40-4D3E-8C06-0B2F229AF740}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe No File
FirewallRules: [{A5990DAF-4B39-4277-A14F-31293FC1CAF9}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe No File
FirewallRules: [TCP Query User{7C57BC3B-4CF2-48C8-88F7-355A8B3AB4CA}C:\program files\alive\messaging\java\jre7\bin\java.exe] => (Allow) C:\program files\alive\messaging\java\jre7\bin\java.exe No File
FirewallRules: [UDP Query User{E21AD07B-0D6C-49CC-90BF-F6DB44347B7E}C:\program files\alive\messaging\java\jre7\bin\java.exe] => (Allow) C:\program files\alive\messaging\java\jre7\bin\java.exe No File
FirewallRules: [TCP Query User{2B6CD48F-EB1D-4C25-93C7-F4064767632A}C:\program files\alive\bin\alive\alive.exe] => (Allow) C:\program files\alive\bin\alive\alive.exe No File
FirewallRules: [UDP Query User{C4CCE142-8D6B-4764-8CDD-4A8E2577B911}C:\program files\alive\bin\alive\alive.exe] => (Allow) C:\program files\alive\bin\alive\alive.exe No File
FirewallRules: [{F3A2F3C3-FEDF-486D-AFCB-FF049F40A991}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Mozilla Corporation)
FirewallRules: [{E109C321-1DB7-4734-8191-FB3302D62359}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Mozilla Corporation)
FirewallRules: [TCP Query User{DBCE8178-BB12-42DC-BE11-3C4C8B8AEB1F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4A0C859B-B0A9-41D8-9333-83E836BE2D11}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{4A7B67D9-2C64-410C-9B50-0AED05F62852}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s. -> Lamantine Software a.s.)
FirewallRules: [{0E302442-818E-4A8C-B75E-FB5AB7D0A00B}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s. -> Lamantine Software a.s.)
FirewallRules: [{A8E509C0-1B49-4AB0-90EE-27AFA79DA91D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1AA7D377-A724-49FF-AB8B-A453AFB88D81}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2A6D41D4-2EC8-4D38-9EAC-DA24D3BE46AD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{8CC1FB75-ED14-4AE3-87B2-B25EDB0DBC59}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
 
==================== Restore Points =========================
 
18-02-2020 03:29:13 Scheduled Checkpoint
19-02-2020 00:01:10 Revo Uninstaller's restore point - Google Chrome
26-02-2020 03:53:59 Scheduled Checkpoint
01-03-2020 13:39:29 Revo Uninstaller's restore point - Revo Uninstaller 2.1.0
03-03-2020 12:42:54 Removed service pack backup files
12-03-2020 03:33:33 Scheduled Checkpoint
14-03-2020 15:01:22 Restore Operation
14-03-2020 21:17:51 Windows Update
15-03-2020 14:47:33 Restore Operation
15-03-2020 15:17:38 Revo Uninstaller's restore point - Bitdefender Agent
15-03-2020 15:19:27 Revo Uninstaller's restore point - Bitdefender Antivirus Free
15-03-2020 15:23:06 Revo Uninstaller's restore point - Bitdefender Agent
15-03-2020 15:35:09 Restore Operation
15-03-2020 15:54:51 Revo Uninstaller's restore point - High-Logic MainType 9
15-03-2020 23:09:15 Windows Update
15-03-2020 23:26:36 Intel® Driver & Support Assistant
15-03-2020 23:28:06 Intel® Driver & Support Assistant
15-03-2020 23:28:58 Intel® Driver & Support Assistant
16-03-2020 03:01:24 Windows Update
17-03-2020 03:00:13 Windows Update
17-03-2020 03:37:43 Removed service pack backup files
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/19/2020 05:11:29 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.
 
Error: (03/19/2020 05:11:29 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (03/19/2020 05:09:29 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.
 
Error: (03/19/2020 05:09:29 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (03/19/2020 05:09:03 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.
 
Error: (03/19/2020 05:09:03 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (03/19/2020 05:08:54 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.
 
Error: (03/19/2020 05:08:54 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
 
System errors:
=============
Error: (03/19/2020 05:11:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 164 time(s).
 
Error: (03/19/2020 05:11:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.
 
Error: (03/19/2020 05:09:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 163 time(s).
 
Error: (03/19/2020 05:09:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.
 
Error: (03/19/2020 05:09:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 162 time(s).
 
Error: (03/19/2020 05:09:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.
 
Error: (03/19/2020 05:08:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 161 time(s).
 
Error: (03/19/2020 05:08:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.
 
 
Windows Defender:
===================================
Date: 2020-02-10 18:58:42.714
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070003
Error description:The system cannot find the path specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
 
Date: 2018-12-12 12:53:35.302
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070003
Error description:The system cannot find the path specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
 
Date: 2017-11-14 04:24:13.684
Description:
Windows Defender scan has encountered an error and terminated.
Scan ID:{970A6A1D-EB5B-4ECC-831C-301650E747B8}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
 
Date: 2017-11-12 02:12:41.755
Description:
Windows Defender scan has encountered an error and terminated.
Scan ID:{7315331A-5751-4CE2-AB86-6696C826E020}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
 
Date: 2017-11-01 02:25:00.253
Description:
Windows Defender scan has encountered an error and terminated.
Scan ID:{A81D721F-C94D-422D-983D-D86037D3F733}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
 
CodeIntegrity:
===================================
 
Date: 2020-03-14 21:00:09.210
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-03-14 21:00:08.602
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info ===========================
 
BIOS: AMI 7.16 10/05/2011
Motherboard: PEGATRON CORPORATION 2AC2
Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 93%
Total physical RAM: 6050.53 MB
Available physical RAM: 406.89 MB
Total Virtual: 12099.2 MB
Available Virtual: 6700.79 MB
 
==================== Drives ================================
 
Drive c: (HP_SYSPROG) (Fixed) (Total:159.47 GB) (Free:76.46 GB) NTFS
Drive d: (HP_DATA) (Fixed) (Total:73.25 GB) (Free:52.37 GB) NTFS
Drive j: (CANONCAMERA) (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT
Drive s: (GOLDFISH) (Removable) (Total:3.74 GB) (Free:2.28 GB) FAT32
 
\\?\Volume{6343aacb-9589-11e6-a6d3-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 89798979)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=159.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73.2 GB) - (Type=0F Extended)
 
==========================================================
Disk: 1 (Protective MBR) (Size: 1.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 3.7 GB) (Disk ID: 002894EA)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)
 
==================== End of Addition.txt =======================

*************************************************************************************************

*************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by Prize-02 (administrator) on HP (Hewlett-Packard p6-2020t) (19-03-2020 17:09:32)
Running from D:\AAADown7
Loaded Profiles: Prize-02 (Available Profiles: Prize-02)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\Virtual Magnifying Glass\magnifier.exe
(Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Duality Software -> Duality Software) C:\Program Files (x86)\DS Clock\dsclock.exe
(Elias Fotinis) [File not signed] C:\Program Files (x86)\DeskPins\deskpins.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(KarenWare.com -> KarenWare.com) C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spUIAManager.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Petr Stepanets -> ) [File not signed] C:\Program Files (x86)\Postimage\postimage.exe
(Thornsoft Development, Inc. -> Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
(Waterfox Limited -> Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
(Waterfox Limited -> Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
(WordWeb Software -> WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [237416 2020-03-03] (IDSA Production signing key -> Intel)
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (U)
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (U)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [66288 2019-10-09] (Lamantine Software a.s. -> Lamantine Software a.s.)
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [DS Clock] => C:\Program Files (x86)\DS Clock\DSClock.exe [584208 2012-12-17] (Duality Software -> Duality Software)
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [ClipMate7] => C:\Program Files (x86)\ClipMate7\ClipMate.exe [3760424 2009-01-31] (Thornsoft Development, Inc. -> Thornsoft Development, Inc.)
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [81120 2016-02-12] (WordWeb Software -> WordWeb Software)
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [Postimage] => C:\Program Files (x86)\Postimage\postimage.exe [16306936 2013-07-21] (Petr Stepanets -> ) [File not signed]
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2020-01-05] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [7864296 2019-10-02] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\system: [DisableChangePassword] 1
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\system: [DisableLockWorkstation] 1
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\Explorer: [NoShutdown] 1
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\Explorer: [NoLogoff] 1
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\HUMANO~1.SCR [4156488 2019-02-13] (Axialis Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Windows\system32\advpack.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Windows\SysWOW64\advpack.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2019-04-02]
ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed]
Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Postimage.lnk [2019-10-26]
ShortcutTarget: Postimage.lnk -> C:\Program Files (x86)\Postimage\postimage.exe (Petr Stepanets -> ) [File not signed]
Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PTReplicator.lnk [2019-08-31]
ShortcutTarget: PTReplicator.lnk -> C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (KarenWare.com -> KarenWare.com)
Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TB  PROG.lnk [2019-08-31]
ShortcutTarget: TB  PROG.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Magnifying Glass.lnk [2019-03-19]
ShortcutTarget: Virtual Magnifying Glass.lnk -> C:\Program Files (x86)\Virtual Magnifying Glass\magnifier.exe () [File not signed]
BootExecute: autocheck autochk /p \??\C:autocheck autochk *  
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B9B1BB6-B9CB-4946-9177-20BA6B80583F} - System32\Tasks\{52F4E76F-240F-4C2C-B86F-AD259CD9981E} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {211EDBD6-B7B9-45DC-981B-DE92DA052C53} - System32\Tasks\{7B4D4634-DD59-46C1-BE97-FF902FDE90A9} => C:\Windows\system32\pcalua.exe -a R:\sp47471.exe -d R:\
Task: {252CF549-AB54-482C-92D6-E62182992FC9} - System32\Tasks\{0CE99B97-6B2F-46CC-8346-C4DCBF136F18} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {2EB029A0-8FFF-40B7-BED0-8001205600C3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-03-07] (Adobe Inc. -> Adobe)
Task: {3025A5C3-DD97-4F91-AC6C-67C460DB9239} - \Avira SystrayStartTrigger -> No File <==== ATTENTION
Task: {32B2C975-999C-4CB2-97D3-7B5115902125} - System32\Tasks\UninstallTool_SkipUAC_Prize-02 => C:\Program Files\Uninstall Tool\UninstallTool.exe [4886600 2019-09-17] (CrystalBit Solutions -> CrystalIDEA Software)
Task: {37414884-C2BC-4762-8F2F-3264800FA425} - System32\Tasks\{D5A7F2CD-7F06-41C3-A2DE-69E61D5B9B8C} => D:\AAADown\IQWebPlayerSetup.exe
Task: {47E8503B-6B3A-4D9B-B07F-5D30AAE4FD4C} - System32\Tasks\{A9FDA765-441F-4F59-85CB-57629BE45BE7} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {49ED5B6A-86E2-448E-B5DC-852D4AD3D800} - System32\Tasks\{AF34CBCB-F6C7-4FD2-B2E3-DD14E548E172} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {4CE7ED54-6122-48A0-B40F-D29F13B13B25} - System32\Tasks\{6CE0F2A6-627A-413D-8FD7-39B853FBA5EC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\MS Installer Cleanup\msicuu2.exe" -d "C:\Program Files\MS Installer Cleanup"
Task: {50F2DBF7-7FDE-4FE0-80C3-46BC57D2FC9B} - System32\Tasks\{7BDE9FEF-2706-4897-8116-48C5A5395D61} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup(1).exe
Task: {59AE4F54-8CC8-48AE-97AB-E74A2D10F94E} - System32\Tasks\{7BBF96EB-8C40-44B6-AB8B-D3C1CA2A128C} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {61633760-FCC1-4D55-BFA0-97C86CFA6C6D} - System32\Tasks\{B2051E66-DFD5-41AF-A080-8918B253FAC0} => D:\AAADown7\IQWebPlayerSetup.exe
Task: {61794E05-C1E1-4FB6-BA77-B65049373AB0} - System32\Tasks\{7683D11D-A8C0-4843-8C00-557713C99344} => D:\AAADown7\IQWebPlayerSetup.exe
Task: {627F3024-3DE1-447B-A6DC-1F641C705CA2} - System32\Tasks\{8BF4B743-0295-439F-96FD-E2954FE55DF6} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {64C9B236-195B-4F35-92F4-A8C03EBEEBA3} - System32\Tasks\{73A02160-3022-4730-98D8-EC4F62C1B1FC} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
Task: {6C864234-9FB1-4631-A341-DDAFF349A651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-20] (Google Inc -> Google Inc.)
Task: {6D154475-4074-4F88-9658-E72878A702EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-20] (Google Inc -> Google Inc.)
Task: {6FC8163D-3161-443F-9781-F0906B47A971} - System32\Tasks\Print a Dot => C:\Windows\system32\notepad.exe [193536 2015-07-09] (Microsoft Windows -> Microsoft Corporation)
Task: {747E8FEF-39D8-4301-B4D0-82F229AAFDA3} - System32\Tasks\{2038AF07-3684-4CBA-9DE4-22C7CEB4FB07} => D:\Backup --Cursors+Scr Sav\scr--Living SnowGlobe files\Living_SnowGlobes_installer.exe
Task: {769ED811-B483-49F2-BF21-45420B1265D6} - System32\Tasks\{6772F8D0-C3D2-4899-85B9-953384EC8C47} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup(1).exe
Task: {78F3F4C5-8C52-4AB1-BDC4-C83EC8FC2590} - System32\Tasks\{BEB81A6D-C64C-45A2-B76A-C60938AE67A6} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
Task: {79F9021B-20F5-4538-922D-CCEF31F744D5} - System32\Tasks\{9D6DC38C-20A7-4441-93B3-F6C51D5192A4} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
Task: {7CABF514-041F-4F86-BAA6-CE03A63C19D7} - System32\Tasks\{78808907-FA88-473C-B195-2C15CE9EF267} => C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Task: {7DCE1B86-1BE6-4944-A851-20360A504E9D} - System32\Tasks\{6B78D469-891C-40E8-99F8-871DC6C049E9} => msiexec.exe /package "D:\AAADown\LibreOffice_5.3.0_Win_x86.msi"
Task: {7E68EE19-FE84-4933-AAF0-49451CC4377A} - System32\Tasks\{5D9591D3-3683-41EC-85B6-6C99F0A83491} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {834B7CC5-D448-4253-9F8E-1CDD8B54A604} - System32\Tasks\{7E66ED6D-B90F-44A7-AF6F-8B57CD2F8AEA} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\Inquisit_50110.exe -d D:\AAADown7
Task: {88D38555-B718-4C0F-8B70-7F2187812D22} - System32\Tasks\{3A192F7D-1407-4E62-AE65-5162B5A910C4} => D:\AAADown7\IQWebPlayerSetup.exe
Task: {8C9C1AC5-C70E-4E76-B3DC-CE01AECEF822} - System32\Tasks\{0D6FEA8A-3421-4B6A-ACD7-DFFBF62E0584} => C:\Windows\system32\pcalua.exe -a "D:\AAADown7\sp56479-orog-graph-driver for HP.exe" -d D:\AAADown7
Task: {928029B2-06F6-4628-92AD-385BA74198AC} - System32\Tasks\{0B0C88E2-5D3F-46CD-A6CE-9F2F81FF491A} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {96413DB8-6AC6-498C-8F26-FF54F806264B} - System32\Tasks\clean printer => RUNDLL32 PRINTUI.DLL,PrintUIEntry /n"&lt;Brother MFC-J485DW Printer>" /k
Task: {9B78857F-A8F0-4B3D-AE59-C1C30CE8DBBA} - System32\Tasks\{36C3B0E8-87EE-490E-8ECF-4D55E15FFE16} => D:\MyDDoc\Cracks+ keys\solsuite_patch.exe
Task: {9BD28EBE-EE11-499F-8378-0F4A23E95782} - System32\Tasks\{307511CB-CA72-4383-81BF-C73E14A376E4} => D:\MyDDoc\ZZZ Down\4--MULTIMEDIA\IQWebPlayerSetup5 this one works.exe
Task: {9D6A9B5C-CD1F-4FAE-8B95-81BB9C5F0107} - System32\Tasks\{D40D849B-29F8-49D7-AF66-87B90757FFA1} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\microangelo.exe -d D:\AAADown7
Task: {A10C99AD-ED9A-4810-B319-9B2B653D9AB5} - System32\Tasks\{8AA359D4-1D8D-402B-989E-06B354D24069} => C:\Windows\system32\pcalua.exe -a K:\start.exe -d K:\
Task: {A714E5C1-C0FA-4741-AF6C-5404DD46EA66} - System32\Tasks\{211DE126-A119-4086-B969-FDB809EF7FED} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\miniscsetup.exe -d D:\AAADown7
Task: {B77FF34B-1C7A-42ED-831D-C96D8B7221CE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-02-10] (Adobe Inc. -> Adobe)
Task: {BBDAB9CA-6FED-464A-9A0E-A9C854534242} - System32\Tasks\{925A291F-A3CF-4E99-A992-F7C680A2C04A} => msiexec.exe /package "C:\Users\Prize-02\Desktop\AMTScenesSetup.msi"
Task: {BF1DAD98-364C-4C2D-9574-3739DF7C9B95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
Task: {C3BCBE18-8FC5-465B-A169-DF63961C99E2} - System32\Tasks\{C84A4A27-4711-41F8-96F6-144F9A1EF4D2} => D:\AAADown\Karen--Print Direc-setup.exe
Task: {C60CAE9D-C383-4770-8340-0CDA29C0BA86} - System32\Tasks\Opera scheduled Autoupdate 1491006997 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {C70E53FB-6743-4B7F-B28A-85D0907FF010} - System32\Tasks\{9D598B4E-0B6B-4163-9C93-D7237B70D509} => C:\Windows\system32\pcalua.exe -a "D:\MyDDoc\ZZZ Downloaded Prog\XP ONLY\Living SnowGlobes.exe" -d "D:\MyDDoc\ZZZ Downloaded Prog\XP ONLY"
Task: {D469036E-6084-4F2C-B9EF-0CA71A5BB17D} - System32\Tasks\{C2D6DBB9-266F-49EC-A60D-F30852B83667} => C:\Windows\system32\pcalua.exe -a "D:\MyDDoc\ZZZ Down\1--WIN7 64x\FoxArc 12en.exe" -d "D:\MyDDoc\ZZZ Down\1--WIN7 64x"
Task: {D55CE86B-0F4A-4ABF-A922-4232A6A1A2B9} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
Task: {D63B677D-0EE1-45F4-A9A9-BBB172263A8C} - System32\Tasks\{06803532-70E1-4367-BE9D-2ABA90E1CC50} => D:\MyDDoc\ZZZ Down\4--MULTIMEDIA\IQWebPlayerSetup5 this one works.exe
Task: {D7B3B105-962F-40FD-9864-ED663D9077FC} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Task: {D7E6612C-FD4C-4D7D-9127-3467FDE79D5C} - System32\Tasks\AdwCleaner_onReboot => D:\AAADown7\adwcleaner_8.0.3.exe
Task: {D972384E-287A-497D-B202-B96CB78221A5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFADFFE4-21A6-4B34-94E0-6CDFDE6931F7} - System32\Tasks\{4BE7A0D7-A746-4C45-A97F-8B8466BE4EEE} => D:\AAADown\Installer_DeskPins.exe
Task: {EA42509A-AAB4-4820-BAAB-9748F10341A0} - System32\Tasks\Opera scheduled assistant Autoupdate 1553624233 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {ED65A9AB-8F56-4D14-8EF9-115584A7E573} - \TechUtilities -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4867FF03-E0E3-4847-B644-1DB822791D54}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C3DC848E-79AF-434E-B586-52929BE7558E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
DownloadDir: D:\AAADown7
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3514852469-3404283315-88258209-1000 -> DefaultScope {234EA665-FC9F-4E0F-A8A9-3F8D41F55DA3} URL = hxxps://https://ift.tt/3bbIxgT
SearchScopes: HKU\S-1-5-21-3514852469-3404283315-88258209-1000 -> {234EA665-FC9F-4E0F-A8A9-3F8D41F55DA3} URL = hxxps://https://ift.tt/3bbIxgT
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: stpbhzf0.New
FF DefaultProfile: 31g04a7w.OLD PROFILECOPY10-25-2-018
FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default [2019-10-29]
FF Extension: (Avast SafePrice) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default\Extensions\sp@avast.com.xpi [2018-12-12] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default\Extensions\wrc@avast.com.xpi [2018-12-12]
FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New [2020-03-19]
FF DownloadDir: D:\AAADown7
FF Homepage: Waterfox\Profiles\stpbhzf0.New -> hxxps://www.aldaily.com
FF NewTab: Waterfox\Profiles\stpbhzf0.New -> about:newtab
FF NetworkProxy: Waterfox\Profiles\stpbhzf0.New -> autoconfig_url", "abine://auto-conf.js"
FF Notifications: Waterfox\Profiles\stpbhzf0.New -> hxxp://turkernation.com; hxxps://protonmail.com
FF NewTabOverride: Waterfox\Profiles\stpbhzf0.New -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
FF NewTabOverride: Waterfox\Profiles\stpbhzf0.New -> Enabled: uBlock0@raymondhill.net
FF Extension: (Paywall Pass) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\@paywall-pass.xpi [2019-07-02] [Legacy]
FF Extension: (Privacy Tracking Protection) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\@privacytrackingprotection201611.xpi [2019-02-10] [Legacy]
FF Extension: (About sessionstore) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\aboutsessionstore@dt.xpi [2019-12-02] [Legacy]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ALone-live@ya.ru.xpi [2017-11-07] [Legacy]
FF Extension: (Back/Forward History Tweaks) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\backforwardhistorytweaks@vano.xpi [2017-12-30] [Legacy]
FF Extension: (Bookmark Favicon Changer) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2017-02-18] [Legacy]
FF Extension: (Classic Add-ons Archive) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ca-archive@Off.JustOff.xpi [2019-03-06] [Legacy] [not signed]
FF Extension: (Classic Theme Restorer) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-07-18] [Legacy]
FF Extension: (Clear Flash Cookies) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\clear-flash-cookies@cpeterso.com.xpi [2019-05-26]
FF Extension: (Classic Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2018-07-06] [Legacy]
FF Extension: (Custom Buttons&#179;) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\CustomButtons3@sonco.synthasite.com [2019-06-30] [Legacy] [not signed]
FF Extension: (Expire History By Days) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\expire-history-by-days@bonardo.net.xpi [2019-05-15]
FF Extension: (Extension List Dumper 2) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\extension_list_dumper_2@iceberg.it.xpi [2018-11-14] [Legacy]
FF Extension: (FavIconReloader) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\FavIconReloader@mozilla.org [2019-12-25] [Legacy]
FF Extension: (Print Friendly & PDF) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ff-addon@printfriendly.com.xpi [2019-11-22] [UpdateUrl:hxxps://cdn.printfriendly.com/browser-extensions/firefox/updates.json]
FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2020-01-02] [Legacy]
FF Extension: (Text Formatting Toolbar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\format.bar@codefisher.org.xpi [2016-04-27] [Legacy]
FF Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\https-everywhere-eff@eff.org.xpi [2020-03-16] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (Self-Destructing Cookies) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2019-09-20] [Legacy]
FF Extension: (Behind The Overlay) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid1-Y3WfE7td45aWDw@jetpack.xpi [2018-02-11]
FF Extension: (SSL Version Control) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27] [Legacy]
FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\lwtheme [2019-06-26] [not signed]
FF Extension: (Show Parent Folder) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\showParentFolder@alice.xpi [2016-09-13] [Legacy]
FF Extension: (Status-4-Evar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\status4evar@caligonstudios.com.xpi [2017-08-24] [Legacy]
FF Extension: (Status Bar: Dynamic & Compact) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\statusbar@publicvlasov.xpi [2020-02-29] [Legacy] [not signed]
FF Extension: (tb-clear-cache.tooltip) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\tb-clear-cache-single@codefisher.org.xpi [2019-12-25]
FF Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\uBlock0@raymondhill.net.xpi [2020-03-10]
FF Extension: (UserZoom Surveys) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\userzoom_survey_tool@jetpack.xpi [2020-03-07] [UpdateUrl:hxxps://extension-dev.userzoom.com/updates_ff.json]
FF Extension: (Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2019-12-29] [Legacy] [not signed]
FF Extension: (ColorfulTabs) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2019-10-04] [Legacy]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2019-12-08]
FF Extension: (MicroFox) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}.xpi [2017-08-16] [Legacy]
FF Extension: (Password Toggler - view typed passwords) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{49872271-297b-4a1d-ac08-858590bffdf3}.xpi [2017-11-01]
FF Extension: (SingleFile) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{531906d3-e22f-4a6c-a102-8057b88a1a63}.xpi [2020-03-18]
FF Extension: (New Tab Homepage) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-24] [Legacy]
FF Extension: (Custom UserAgent String) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{861a3982-bb3b-49c6-bc17-4f50de104da1}.xpi [2019-07-27]
FF Extension: (SavvyConnect Express) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{cf3b90e8-a269-405e-a838-8ceae1a115a6}.xpi [2019-06-30]
FF Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{ecb80162-dfbd-4d91-a8da-17b35ba4707a}.xpi [2019-11-28]
FF Extension: (Text Formatting Toolbar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\format.bar@codefisher.org.xpi [2016-04-27] [Legacy]
FF Extension: (Show Parent Folder) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\showParentFolder@alice.xpi [2016-09-13] [Legacy]
FF Extension: (Bookmark Favicon Changer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\bookmarkfaviconchanger@sonthakit.xpi [2017-02-18] [Legacy]
FF Extension: (Status-4-Evar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\status4evar@caligonstudios.com.xpi [2017-08-24] [Legacy]
FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [not found]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\ALone-live@ya.ru.xpi [2017-11-07] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-07-18] [Legacy]
FF Extension: (Custom Buttons&#179;) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\custombuttons3@srazzano.com [2018-10-25] [Legacy] [not signed]
FF Extension: (Extension List Dumper 2) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\extension_list_dumper_2@iceberg.it.xpi [2018-11-14] [Legacy]
FF Extension: (ColorfulTabs) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2019-04-15] [Legacy]
FF Extension: (FavIconReloader) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\FavIconReloader@mozilla.org [2019-11-28] [Legacy]
FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\duckduckgo-1.xml [2013-03-17]
FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\duckduckgo.xml [2013-03-17]
FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\ixquick-https.xml [2014-12-12]
FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default [2019-12-04]
FF Extension: (Avast SafePrice) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default\Extensions\sp@avast.com.xpi [2018-12-12] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default\Extensions\wrc@avast.com.xpi [2018-12-12]
FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 [2020-03-15]
FF Homepage: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> hxxps://www.aldaily.com
FF NewTab: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> autoconfig_url", "abine://auto-conf.js"
FF Notifications: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> hxxp://turkernation.com; hxxps://protonmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
FF NewTabOverride: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> Enabled: uBlock0@raymondhill.net
FF Extension: (Paywall Pass) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\@paywall-pass.xpi [2019-07-02] [Legacy]
FF Extension: (Privacy Tracking Protection) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\@privacytrackingprotection201611.xpi [2019-02-10] [Legacy]
FF Extension: (About sessionstore) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\aboutsessionstore@dt.xpi [2019-12-02] [Legacy]
FF Extension: (Back/Forward History Tweaks) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\backforwardhistorytweaks@vano.xpi [2017-12-30] [Legacy]
FF Extension: (Classic Add-ons Archive) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\ca-archive@Off.JustOff.xpi [2019-03-06] [Legacy] [not signed]
FF Extension: (Clear Flash Cookies) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\clear-flash-cookies@cpeterso.com.xpi [2019-05-26]
FF Extension: (Classic Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2018-07-06] [Legacy]
FF Extension: (Expire History By Days) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\expire-history-by-days@bonardo.net.xpi [2019-05-14]
FF Extension: (Favicon Restorer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\faviconrestorer@masserog.it [2020-01-02] [Legacy]
FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2020-01-02] [Legacy]
FF Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\https-everywhere-eff@eff.org.xpi [2019-11-11] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (Self-Destructing Cookies) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2019-09-20] [Legacy]
FF Extension: (YouTube ALL HTML5) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
FF Extension: (Behind The Overlay) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-Y3WfE7td45aWDw@jetpack.xpi [2018-02-11]
FF Extension: (SSL Version Control) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27] [Legacy]
FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\lwtheme [2018-10-25] [not signed]
FF Extension: (Open With) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\openwith@darktrojan.net.xpi [2019-12-25] [Legacy]
FF Extension: (Clear the browsers cache Button) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\tb-clear-cache-single@codefisher.org.xpi [2017-10-24]
FF Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\uBlock0@raymondhill.net.xpi [2018-12-02]
FF Extension: (userzoom) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\userzoom_survey_tool@jetpack.xpi [2020-01-09] [Legacy]
FF Extension: (Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-27] [Legacy]
FF Extension: (MicroFox) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}.xpi [2017-08-16] [Legacy]
FF Extension: (Password Toggler - view typed passwords) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{49872271-297b-4a1d-ac08-858590bffdf3}.xpi [2017-11-01]
FF Extension: (SingleFile) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{531906d3-e22f-4a6c-a102-8057b88a1a63}.xpi [2020-03-11]
FF Extension: (New Tab Homepage) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-24] [Legacy]
FF Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{ecb80162-dfbd-4d91-a8da-17b35ba4707a}.xpi [2019-11-28]
FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\duckduckgo-1.xml [2013-03-17]
FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\duckduckgo.xml [2013-03-17]
FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\ixquick-https.xml [2014-12-12]
FF HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Thunderbird\Extensions: [{2fde55eb-0b64-49fc-8e12-690b07010401}] - C:\Users\Prize-02\AppData\Roaming\Lamantine\Sticky Password\spAutofillTb
FF Extension: (Sticky Password extension) - C:\Users\Prize-02\AppData\Roaming\Lamantine\Sticky Password\spAutofillTb [2019-10-19] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-03-07] (Adobe Inc. -> )
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-03-07] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-3514852469-3404283315-88258209-1000: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll [2019-10-09] (Lamantine Software a.s. -> Lamantine Software a.s.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2020-02-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2020-02-19] <==== ATTENTION
 
Chrome:
=======
CHR Profile: C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default [2020-03-19]
CHR DownloadDir: D:\AAADown7
CHR Notifications: Default -> hxxps://paidviewpoint.com; hxxps://turkerview.com; hxxps://worker.mturk.com; hxxps://www.youtube.com; hxxps://www.zdnet.com
CHR HomePage: Default -> hxxps://worker.mturk.com/projects?filters%5Bmasters%5D=false&filters%5Bmin_reward%5D=.75&filters%5Bqualified%5D=true&filters%5Bsearch_term%5D=&page_size=100&sort=updated_desc
CHR StartupUrls: Default -> "hxxps://www.amazon.com/ap/signin?_encoding=UTF8&clientContext=4620ca23425d9b78a5bdd54a34f1e6&marketplaceId=A384XSLT9ODACQ&openid.assoc_handle=amzn_mturk_worker_faster_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=43200&openid.return_to=https%3A%2F%2Fworker.mturk.com%2F%3Fend_signin%3D1","chrome-extension://iglbakfobmoijpbigmlfklckogbefnlf/hit_catcher/hit_catcher.html","chrome-extension://iglbakfobmoijpbigmlfklckogbefnlf/hit-finder/hit-finder.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Vivacious Purple) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\abclcohgmmeilcdckaebkmlbapabjppk [2018-06-19]
CHR Extension: (Google Drive) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-19]
CHR Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2019-10-08]
CHR Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-02-07]
CHR Extension: (Tampermonkey) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-02]
CHR Extension: (GoFree Remove Ads) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeplmiccjbddfmopdmbnfheakekooafd [2019-12-28]
CHR Extension: (EditThisCookie) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-01-10]
CHR Extension: (MTurk Suite) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglbakfobmoijpbigmlfklckogbefnlf [2020-02-21]
CHR Extension: (UserZoom Surveys v2) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgccgnbbhnlhgkhkdpmciognioebcoa [2020-03-15]
CHR Extension: (Custom UserAgent String) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejiafennghcpgmbpiodgofeklkpahoe [2019-09-24]
CHR Extension: (UserLook Recorder) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\neimnkpjllmhbfkghkmmajadlicnpjej [2019-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
CHR Extension: (Auto Refresh Plus) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfjpkccecpdfkpmfocndhepolhljfhg [2020-02-29]
CHR Extension: (UserTesting Browser Recorder) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlhphabpmijgblopkcjmphbbmeliagn [2020-03-03]
CHR Extension: (Gmail) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-15]
 
Opera:
=======
OPR DownloadDir: D:\AAADown7
OPR StartupUrls:
OPR Extension: (YouTube™ All HTML5 Player) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\bhnpdodajbcppoliofibniblhfbjdebn [2017-05-26]
OPR Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2020-01-01]
OPR Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2019-05-25]
OPR Extension: (Classic Notes) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\glljnehjkdeockbnkfbjclngdhnmnebd [2017-04-01]
OPR Extension: (Quick History) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmnhfgcahjdhfocnolfkmfadlieleijj [2017-04-01]
OPR Extension: (Privacy Badger) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2020-01-21]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\addons_portal_app [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\adblocker [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\welcome_page_app [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\web_feed_handler [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\video_handler [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\docs_minimal_app [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\bookmark_manager [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\pdf [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\background_worker [0]
OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\portal_app [0]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [441664 2019-11-28] (Digital Wave Ltd -> Digital Wave Ltd)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [37224 2020-03-03] (IDSA Production signing key -> Intel)
S3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [143720 2020-03-03] (IDSA Production signing key -> Intel)
S4 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software -> Duality Software)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [5840360 2019-10-02] (GlassWire -> SecureMix LLC)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation -> Intel Corporation)
S3 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6408384 2019-08-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-09] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 HLfms; C:\Program Files\High-Logic FontService\fontservice.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation -> Broadcom Corporation)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (Bitdefender SRL -> BitDefender)
S2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [757240 2020-03-04] (Bitdefender SRL -> Bitdefender)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [54800 2018-11-24] (Software Security Systems ChTUP -> CrystalIdea Software)
S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [309120 2020-02-20] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [25480 2019-03-12] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [21384 2019-04-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [14728 2018-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-05-25] (Glarysoft LTD -> Glarysoft Ltd)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (GlassWire -> SecureMix LLC)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-01-27] (Intel Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows ® Win 7 DDK provider)
S3 psvolacc; C:\Windows\system32\drivers\psvolacc.sys [34520 2018-12-06] (Paramount Software UK Ltd -> Windows ® Win 7 DDK provider)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [22096 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
U3 aswbdisk; no ImagePath
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-03-19 17:09 - 2020-03-19 17:11 - 000000000 ____D C:\FRST
2020-03-17 03:48 - 2020-03-17 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Restore
2020-03-16 00:39 - 2020-03-16 00:39 - 000001722 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\EMAIL-SIGS.lnk
2020-03-16 00:21 - 2020-03-16 00:21 - 000000834 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\=============.lnk
2020-03-15 23:49 - 2020-03-15 23:49 - 000003118 _____ C:\Windows\system32\Tasks\{0D6FEA8A-3421-4B6A-ACD7-DFFBF62E0584}
2020-03-15 23:48 - 2020-03-15 23:48 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\WinBatch
2020-03-15 23:08 - 2020-03-15 23:08 - 000001885 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2020-03-15 23:08 - 2020-03-15 23:08 - 000000000 ____D C:\Program Files\Microsoft Security Client
2020-03-15 23:08 - 2020-03-15 23:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2020-03-15 19:41 - 2020-03-15 19:41 - 000000000 ____D C:\Program Files (x86)\Userfeel
2020-03-15 15:23 - 2020-03-15 15:23 - 000066556 _____ C:\ProgramData\agent.uninstall.1584300193.bdinstall.v2.bin
2020-03-15 13:50 - 2020-03-15 13:50 - 000001722 _____ C:\Users\Prize-02\Desktop\EMAIL-SIGS.lnk
2020-03-15 13:50 - 2020-03-15 13:50 - 000001022 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Revo Uninstaller.lnk
2020-03-15 12:21 - 2020-03-15 12:21 - 000001022 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller.lnk
2020-03-15 12:21 - 2020-03-15 12:21 - 000000000 ____D C:\Program Files\VS Revo Group
2020-03-14 22:57 - 2020-03-14 22:57 - 000003030 _____ C:\Windows\system32\Tasks\{7B4D4634-DD59-46C1-BE97-FF902FDE90A9}
2020-03-14 21:21 - 2020-03-14 21:21 - 000102904 _____ C:\ProgramData\agent.1584235305.bdinstall.v2.bin
2020-03-14 20:55 - 2020-03-14 20:56 - 000105817 _____ C:\ProgramData\uninstalltool.1584233759.4012.bin
2020-03-14 20:55 - 2020-03-14 20:56 - 000002486 _____ C:\ProgramData\uninstalltool.1584233759.3724.bin
2020-03-14 16:44 - 2020-03-14 17:25 - 000000000 ____D C:\ProgramData\BDLogging
2020-03-11 14:16 - 2020-03-11 14:16 - 000000000 ____D C:\Intel
2020-03-09 22:31 - 2020-03-09 22:31 - 000000973 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\High-Logic MainType.lnk
2020-03-04 20:04 - 2020-03-19 15:01 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Userfeel
2020-03-04 20:04 - 2020-03-04 20:04 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Userfeel.lnk
2020-03-03 16:26 - 2020-03-15 15:42 - 000000000 ____D C:\Program Files (x86)\GlassWire
2020-03-03 16:26 - 2020-03-03 16:26 - 000001889 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire.lnk
2020-03-03 16:26 - 2015-05-29 00:30 - 000008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2020-03-03 16:26 - 2015-05-29 00:15 - 000033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2020-03-03 14:29 - 2020-03-03 14:30 - 000000963 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\adwcleaner_8.0.3.exe - Shortcut.lnk
2020-03-03 14:28 - 2020-03-03 14:28 - 000003074 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-03-03 13:03 - 2020-03-03 13:03 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Neos Eureka S.r.l
2020-03-01 21:09 - 2020-03-01 21:09 - 000000362 _____ C:\Users\Prize-02\Desktop\FROG ®.lnk
2020-02-28 16:54 - 2020-02-28 16:54 - 000001210 _____ C:\Users\Public\HP--Desktop.lnk
2020-02-28 16:53 - 2020-02-28 16:53 - 000001743 _____ C:\Users\Public\HP--MyDDoc.lnk
2020-02-28 16:53 - 2020-02-28 16:53 - 000001186 _____ C:\Users\Public\HP-Roaming-Appdata.lnk
2020-02-26 00:38 - 2020-03-15 15:42 - 000000000 ____D C:\Program Files (x86)\DS Clock
2020-02-26 00:38 - 2020-02-26 00:38 - 000000988 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DS Clock.lnk
2020-02-26 00:38 - 2020-02-26 00:38 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Duality Software
2020-02-24 15:27 - 2020-02-24 15:30 - 000000135 _____ C:\Users\Prize-02\Desktop\new red.txt
2020-02-22 04:55 - 2020-03-16 13:51 - 000001551 _____ C:\Users\Prize-02\Desktop\CANON.lnk
2020-02-21 17:20 - 2020-02-21 17:20 - 000000021 _____ C:\unhide files.bat(1).txt
2020-02-21 02:06 - 2020-02-21 02:06 - 000002153 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\CHROME.lnk
2020-02-20 18:22 - 2020-02-20 18:28 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-20 18:22 - 2020-02-20 18:28 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-20 18:17 - 2020-03-15 15:00 - 000000000 ____D C:\Program Files\Uninstall Tool
2020-02-20 18:17 - 2020-03-15 12:20 - 000003534 _____ C:\Windows\system32\Tasks\UninstallTool_SkipUAC_Prize-02
2020-02-20 18:17 - 2020-02-20 18:17 - 000000867 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Un?nstall Tool.lnk
2020-02-20 18:17 - 2020-02-20 18:17 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\CrystalIdea Software
2020-02-20 18:17 - 2018-11-24 14:11 - 000054800 _____ (CrystalIdea Software) C:\Windows\system32\Drivers\CisUtMonitor.sys
2020-02-20 17:14 - 2020-02-20 18:22 - 000000000 ____D C:\Program Files (x86)\Google
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-03-19 17:12 - 2019-08-14 11:26 - 000000000 ____D C:\TEMP
2020-03-19 17:07 - 2019-07-15 02:38 - 000000000 ____D C:\Users\Prize-02\AppData\LocalLow\Mozilla
2020-03-17 18:42 - 2017-02-24 02:27 - 000008165 _____ C:\Windows\BRRBCOM.INI
2020-03-17 04:24 - 2018-10-25 19:15 - 000000000 ___RD C:\Program Files\Mozilla Firefox
2020-03-17 04:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2020-03-17 04:15 - 2019-05-25 02:04 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2020-03-17 04:14 - 2017-05-02 18:50 - 000000014 _____ C:\Windows\popcinfo.dat
2020-03-17 03:48 - 2017-02-20 23:44 - 000000000 ____D C:\Program Files\Desktop Restore
2020-03-16 20:14 - 2009-07-14 00:45 - 000024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-16 20:14 - 2009-07-14 00:45 - 000024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-16 16:13 - 2019-10-08 12:38 - 000000000 ____D C:\ProgramData\TEMP
2020-03-16 12:52 - 2017-02-19 20:06 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\VLC
2020-03-16 03:05 - 2016-10-19 09:11 - 000774504 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-03-16 03:05 - 2009-07-14 01:13 - 000774504 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-15 23:55 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-15 23:54 - 2017-03-05 04:09 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2020-03-15 23:30 - 2017-02-13 23:08 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-15 23:30 - 2016-10-18 17:50 - 000000000 ____D C:\Program Files\Intel
2020-03-15 23:30 - 2016-10-18 17:22 - 000000000 ____D C:\Program Files (x86)\Intel
2020-03-15 23:27 - 2016-10-18 17:23 - 000000000 ____D C:\ProgramData\Intel
2020-03-15 23:08 - 2017-11-14 22:16 - 000001945 _____ C:\Windows\epplauncher.mif
2020-03-15 15:42 - 2020-01-31 21:44 - 000000000 ____D C:\Program Files\WEbcamImageSave
2020-03-15 15:42 - 2020-01-04 22:13 - 000000000 ____D C:\Program Files\qBittorrent
2020-03-15 15:42 - 2020-01-02 17:52 - 000000000 ____D C:\Program Files\TreeComp
2020-03-15 15:42 - 2019-12-02 04:32 - 000000000 ____D C:\Program Files (x86)\Youtube Downloader HD
2020-03-15 15:42 - 2019-11-04 04:37 - 000000000 ____D C:\Program Files (x86)\EndItAll
2020-03-15 15:42 - 2019-10-06 15:18 - 000000000 ____D C:\Program Files\WizTree
2020-03-15 15:42 - 2019-09-07 12:18 - 000000000 ____D C:\Program Files\RegScanner for 64
2020-03-15 15:42 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==INTERNET==
2020-03-15 15:42 - 2019-08-31 02:28 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==SECURITY==
2020-03-15 15:42 - 2019-07-14 16:53 - 000000000 ____D C:\Program Files (x86)\Postimage
2020-03-15 15:42 - 2019-06-26 00:39 - 000000000 ___RD C:\Program Files\Waterfox
2020-03-15 15:42 - 2019-06-14 14:24 - 000000000 ____D C:\Program Files\ADWCleaner--no-install
2020-03-15 15:42 - 2019-03-10 15:38 - 000000000 ____D C:\Program Files\Registry Workshop
2020-03-15 15:42 - 2018-08-04 21:21 - 000000000 ____D C:\Program Files (x86)\Sticky Password
2020-03-15 15:42 - 2018-01-13 21:00 - 000000000 ____D C:\Program Files (x86)\BurnAware Free
2020-03-15 15:42 - 2017-10-15 01:12 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\IrfanView
2020-03-15 15:42 - 2017-10-15 01:12 - 000000000 ____D C:\Program Files\IrfanView
2020-03-15 15:42 - 2017-04-15 17:39 - 000000000 ___RD C:\Program Files (x86)\Mozilla Thunderbird
2020-03-15 15:42 - 2017-02-14 07:27 - 000000000 ____D C:\Program Files\Unlocker
2020-03-15 15:42 - 2017-02-13 21:06 - 000000000 ____D C:\Program Files\7-Zipx64
2020-03-15 15:42 - 2017-02-12 02:42 - 000000000 ____D C:\Program Files\Recuva
2020-03-15 15:42 - 2017-02-09 23:40 - 000000000 ____D C:\Program Files (x86)\FreeAlarmClock
2020-03-15 15:42 - 2016-10-18 12:33 - 000000000 ___RD C:\Users\Prize-02
2020-03-15 15:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2020-03-15 15:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2020-03-15 15:00 - 2018-06-25 20:23 - 000000000 ____D C:\ProgramData\CanonIJEGV
2020-03-15 15:00 - 2017-02-27 23:22 - 000000000 ___RD C:\++000ICONS-Used-in-Filing-System
2020-03-15 15:00 - 2017-02-19 10:41 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Foxit Software
2020-03-15 15:00 - 2017-02-12 02:51 - 000000000 ____D C:\ProgramData\Youtube to MP3 Converter
2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==UTIL==
2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==MULTIMEDIA==
2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\-----------------------------
2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\============
2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==GRAPHICS, PUBL==
2020-03-15 14:59 - 2019-06-26 00:39 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Waterfox
2020-03-15 14:59 - 2017-02-10 20:24 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Thornsoft Development
2020-03-15 14:59 - 2017-02-09 23:36 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Thunderbird
2020-03-15 14:59 - 2017-02-09 16:46 - 000000000 ___RD C:\Users\Prize-02\Desktop\Desktop files
2020-03-15 14:59 - 2016-10-18 17:38 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Mozilla
2020-03-15 01:54 - 2017-06-04 16:23 - 000000000 ____D C:\Windows\system32\Macromed
2020-03-15 01:54 - 2017-02-12 23:29 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-03-15 01:53 - 2016-10-18 17:48 - 000000000 ____D C:\swsetup
2020-03-14 21:21 - 2017-05-28 16:10 - 000017712 _____ C:\GDIPFONTCACHEV1.DAT
2020-03-09 22:26 - 2009-07-13 22:34 - 000000834 _____ C:\Windows\win.ini
2020-03-07 23:25 - 2018-10-26 15:09 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-03-07 23:25 - 2018-10-26 15:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-03-07 23:25 - 2018-10-26 15:09 - 000004456 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-03-04 15:42 - 2020-02-10 20:07 - 000757240 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2020-03-03 14:30 - 2020-01-20 03:30 - 000001319 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\magnifier.lnk
2020-03-03 14:30 - 2019-10-31 17:54 - 000001170 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\enditall.lnk
2020-03-03 13:20 - 2019-12-02 20:06 - 000000257 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\PW - Copy.txt
2020-03-01 19:28 - 2017-02-10 20:20 - 000000000 ___RD C:\Program Files\ClipMate7
2020-03-01 17:15 - 2019-05-22 23:09 - 000000000 ___RD C:\Program Files\Folder Painter
2020-02-28 05:55 - 2020-02-10 20:07 - 000453552 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\gemma.sys
2020-02-24 01:59 - 2019-08-30 14:06 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-02-20 18:31 - 2017-09-03 17:02 - 000000000 ____D C:\Program Files (x86)\Win Driver Backup
2020-02-20 15:35 - 2020-02-10 20:07 - 001972328 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2020-02-20 15:35 - 2020-02-10 20:07 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2020-02-19 00:37 - 2019-05-30 16:34 - 000181040 _____ C:\Windows\system32\FNTCACHE.DAT
2020-02-19 00:37 - 2017-12-30 04:42 - 000000000 ____D C:\ProgramData\AVAST Software
 
==================== Files in the root of some directories ========
 
2017-02-09 11:17 - 2017-03-09 15:56 - 017185304 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2018-12-24 21:37 - 2018-12-24 21:40 - 000009111 _____ () C:\Users\Prize-02\AppData\Roaming\downloads.json
2018-11-27 15:09 - 2018-11-27 15:09 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT2AD6.tmp
2018-10-18 23:55 - 2018-10-18 23:55 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT6141.tmp
2020-02-19 02:33 - 2020-02-19 02:33 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT7B49.tmp
2020-02-19 02:33 - 2020-02-19 02:33 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT7B78.tmp
2018-10-29 15:19 - 2018-10-29 15:19 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT8AE0.tmp
2018-07-29 08:15 - 2018-07-29 08:15 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITA784.tmp
2017-09-24 15:34 - 2017-09-24 15:34 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITB4B0.tmp
2017-09-24 15:34 - 2017-09-24 15:34 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITB4DF.tmp
2018-10-25 19:24 - 2018-10-25 19:24 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITC62B.tmp
2018-10-25 19:24 - 2018-10-25 19:24 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITC83E.tmp
2020-03-14 21:58 - 2020-03-14 21:58 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITCE94.tmp
2020-03-14 21:58 - 2020-03-14 21:58 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITCFCD.tmp
2017-04-20 23:09 - 2019-10-17 14:46 - 000006144 _____ () C:\Users\Prize-02\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-09-14 12:18 - 2019-09-14 12:18 - 000000017 _____ () C:\Users\Prize-02\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2020-03-18 01:36
==================== End of FRST.txt ========================

*******************************************************************************************************************

There are 3 TEMP folders, obviously too many

 Users>myname>appdata>Local

also C:\TEMP

also WINDOWS\TEMP

I don't remember why I made the 2nd one in C:\  about 6 months ago, something I read about online.  I thought it would replace one of the others. Can I initially just remove it and fix the registry??

Notes: Glasswire is my firewall.

I'm the only user, with all Admin rights.

Neither partition is anywhere near full despite the Farbar message. C has 77 GB free, D has 53 GB free.

Edited by Win7wiz, Today, 03:53 PM.



https://ift.tt/3du0WYf

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US