API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 19th, 2020
146
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 68.79 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
  2. Ran by Prize-02 (administrator) on HP (Hewlett-Packard p6-2020t) (19-03-2020 17:09:32)
  3. Running from D:\AAADown7
  4. Loaded Profiles: Prize-02 (Available Profiles: Prize-02)
  5. Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
  6. Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. () [File not signed] C:\Program Files (x86)\Virtual Magnifying Glass\magnifier.exe
  15. (Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
  16. (Duality Software -> Duality Software) C:\Program Files (x86)\DS Clock\dsclock.exe
  17. (Elias Fotinis) [File not signed] C:\Program Files (x86)\DeskPins\deskpins.exe
  18. (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
  19. (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
  20. (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
  21. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  22. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  23. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  24. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  25. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  26. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  27. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  28. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  29. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  30. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  31. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  32. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  33. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  34. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  35. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  36. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  37. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  38. (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  39. (IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
  40. (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
  41. (KarenWare.com -> KarenWare.com) C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
  42. (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
  43. (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
  44. (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spUIAManager.exe
  45. (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
  46. (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
  47. (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
  48. (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
  49. (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
  50. (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
  51. (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
  52. (Petr Stepanets -> ) [File not signed] C:\Program Files (x86)\Postimage\postimage.exe
  53. (Thornsoft Development, Inc. -> Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
  54. (Waterfox Limited -> Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
  55. (Waterfox Limited -> Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
  56. (WordWeb Software -> WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
  57.  
  58. ==================== Registry (Whitelisted) ===================
  59.  
  60. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  61.  
  62. HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
  63. HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  64. HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [237416 2020-03-03] (IDSA Production signing key -> Intel)
  65. HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (U)
  66. HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (U)
  67. HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
  68. HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
  69. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [66288 2019-10-09] (Lamantine Software a.s. -> Lamantine Software a.s.)
  70. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [DS Clock] => C:\Program Files (x86)\DS Clock\DSClock.exe [584208 2012-12-17] (Duality Software -> Duality Software)
  71. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [ClipMate7] => C:\Program Files (x86)\ClipMate7\ClipMate.exe [3760424 2009-01-31] (Thornsoft Development, Inc. -> Thornsoft Development, Inc.)
  72. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [81120 2016-02-12] (WordWeb Software -> WordWeb Software)
  73. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [Postimage] => C:\Program Files (x86)\Postimage\postimage.exe [16306936 2013-07-21] (Petr Stepanets -> ) [File not signed]
  74. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2020-01-05] (Glarysoft LTD -> Glarysoft Ltd)
  75. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [7864296 2019-10-02] (GlassWire -> SecureMix LLC)
  76. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\system: [DisableChangePassword] 1
  77. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\system: [DisableLockWorkstation] 1
  78. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\Explorer: [NoShutdown] 1
  79. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\Explorer: [NoLogoff] 1
  80. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\HUMANO~1.SCR [4156488 2019-02-13] (Axialis Software) [File not signed]
  81. HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Windows\system32\advpack.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation)
  82. HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC)
  83. HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Windows\SysWOW64\advpack.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation)
  84. HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
  85. Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2019-04-02]
  86. ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed]
  87. Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Postimage.lnk [2019-10-26]
  88. ShortcutTarget: Postimage.lnk -> C:\Program Files (x86)\Postimage\postimage.exe (Petr Stepanets -> ) [File not signed]
  89. Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PTReplicator.lnk [2019-08-31]
  90. ShortcutTarget: PTReplicator.lnk -> C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (KarenWare.com -> KarenWare.com)
  91. Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TB PROG.lnk [2019-08-31]
  92. ShortcutTarget: TB PROG.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
  93. Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Magnifying Glass.lnk [2019-03-19]
  94. ShortcutTarget: Virtual Magnifying Glass.lnk -> C:\Program Files (x86)\Virtual Magnifying Glass\magnifier.exe () [File not signed]
  95. BootExecute: autocheck autochk /p \??\C:autocheck autochk *
  96. GroupPolicy: Restriction - Chrome <==== ATTENTION
  97. GroupPolicy\User: Restriction ? <==== ATTENTION
  98. FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
  99. CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  100.  
  101. ==================== Scheduled Tasks (Whitelisted) ============
  102.  
  103. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  104.  
  105. Task: {1B9B1BB6-B9CB-4946-9177-20BA6B80583F} - System32\Tasks\{52F4E76F-240F-4C2C-B86F-AD259CD9981E} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
  106. Task: {211EDBD6-B7B9-45DC-981B-DE92DA052C53} - System32\Tasks\{7B4D4634-DD59-46C1-BE97-FF902FDE90A9} => C:\Windows\system32\pcalua.exe -a R:\sp47471.exe -d R:\
  107. Task: {252CF549-AB54-482C-92D6-E62182992FC9} - System32\Tasks\{0CE99B97-6B2F-46CC-8346-C4DCBF136F18} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
  108. Task: {2EB029A0-8FFF-40B7-BED0-8001205600C3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-03-07] (Adobe Inc. -> Adobe)
  109. Task: {3025A5C3-DD97-4F91-AC6C-67C460DB9239} - \Avira SystrayStartTrigger -> No File <==== ATTENTION
  110. Task: {32B2C975-999C-4CB2-97D3-7B5115902125} - System32\Tasks\UninstallTool_SkipUAC_Prize-02 => C:\Program Files\Uninstall Tool\UninstallTool.exe [4886600 2019-09-17] (CrystalBit Solutions -> CrystalIDEA Software)
  111. Task: {37414884-C2BC-4762-8F2F-3264800FA425} - System32\Tasks\{D5A7F2CD-7F06-41C3-A2DE-69E61D5B9B8C} => D:\AAADown\IQWebPlayerSetup.exe
  112. Task: {47E8503B-6B3A-4D9B-B07F-5D30AAE4FD4C} - System32\Tasks\{A9FDA765-441F-4F59-85CB-57629BE45BE7} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
  113. Task: {49ED5B6A-86E2-448E-B5DC-852D4AD3D800} - System32\Tasks\{AF34CBCB-F6C7-4FD2-B2E3-DD14E548E172} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
  114. Task: {4CE7ED54-6122-48A0-B40F-D29F13B13B25} - System32\Tasks\{6CE0F2A6-627A-413D-8FD7-39B853FBA5EC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\MS Installer Cleanup\msicuu2.exe" -d "C:\Program Files\MS Installer Cleanup"
  115. Task: {50F2DBF7-7FDE-4FE0-80C3-46BC57D2FC9B} - System32\Tasks\{7BDE9FEF-2706-4897-8116-48C5A5395D61} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup(1).exe
  116. Task: {59AE4F54-8CC8-48AE-97AB-E74A2D10F94E} - System32\Tasks\{7BBF96EB-8C40-44B6-AB8B-D3C1CA2A128C} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
  117. Task: {61633760-FCC1-4D55-BFA0-97C86CFA6C6D} - System32\Tasks\{B2051E66-DFD5-41AF-A080-8918B253FAC0} => D:\AAADown7\IQWebPlayerSetup.exe
  118. Task: {61794E05-C1E1-4FB6-BA77-B65049373AB0} - System32\Tasks\{7683D11D-A8C0-4843-8C00-557713C99344} => D:\AAADown7\IQWebPlayerSetup.exe
  119. Task: {627F3024-3DE1-447B-A6DC-1F641C705CA2} - System32\Tasks\{8BF4B743-0295-439F-96FD-E2954FE55DF6} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
  120. Task: {64C9B236-195B-4F35-92F4-A8C03EBEEBA3} - System32\Tasks\{73A02160-3022-4730-98D8-EC4F62C1B1FC} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
  121. Task: {6C864234-9FB1-4631-A341-DDAFF349A651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-20] (Google Inc -> Google Inc.)
  122. Task: {6D154475-4074-4F88-9658-E72878A702EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-20] (Google Inc -> Google Inc.)
  123. Task: {6FC8163D-3161-443F-9781-F0906B47A971} - System32\Tasks\Print a Dot => C:\Windows\system32\notepad.exe [193536 2015-07-09] (Microsoft Windows -> Microsoft Corporation)
  124. Task: {747E8FEF-39D8-4301-B4D0-82F229AAFDA3} - System32\Tasks\{2038AF07-3684-4CBA-9DE4-22C7CEB4FB07} => D:\Backup --Cursors+Scr Sav\scr--Living SnowGlobe files\Living_SnowGlobes_installer.exe
  125. Task: {769ED811-B483-49F2-BF21-45420B1265D6} - System32\Tasks\{6772F8D0-C3D2-4899-85B9-953384EC8C47} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup(1).exe
  126. Task: {78F3F4C5-8C52-4AB1-BDC4-C83EC8FC2590} - System32\Tasks\{BEB81A6D-C64C-45A2-B76A-C60938AE67A6} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
  127. Task: {79F9021B-20F5-4538-922D-CCEF31F744D5} - System32\Tasks\{9D6DC38C-20A7-4441-93B3-F6C51D5192A4} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
  128. Task: {7CABF514-041F-4F86-BAA6-CE03A63C19D7} - System32\Tasks\{78808907-FA88-473C-B195-2C15CE9EF267} => C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
  129. Task: {7DCE1B86-1BE6-4944-A851-20360A504E9D} - System32\Tasks\{6B78D469-891C-40E8-99F8-871DC6C049E9} => msiexec.exe /package "D:\AAADown\LibreOffice_5.3.0_Win_x86.msi"
  130. Task: {7E68EE19-FE84-4933-AAF0-49451CC4377A} - System32\Tasks\{5D9591D3-3683-41EC-85B6-6C99F0A83491} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
  131. Task: {834B7CC5-D448-4253-9F8E-1CDD8B54A604} - System32\Tasks\{7E66ED6D-B90F-44A7-AF6F-8B57CD2F8AEA} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\Inquisit_50110.exe -d D:\AAADown7
  132. Task: {88D38555-B718-4C0F-8B70-7F2187812D22} - System32\Tasks\{3A192F7D-1407-4E62-AE65-5162B5A910C4} => D:\AAADown7\IQWebPlayerSetup.exe
  133. Task: {8C9C1AC5-C70E-4E76-B3DC-CE01AECEF822} - System32\Tasks\{0D6FEA8A-3421-4B6A-ACD7-DFFBF62E0584} => C:\Windows\system32\pcalua.exe -a "D:\AAADown7\sp56479-orog-graph-driver for HP.exe" -d D:\AAADown7
  134. Task: {928029B2-06F6-4628-92AD-385BA74198AC} - System32\Tasks\{0B0C88E2-5D3F-46CD-A6CE-9F2F81FF491A} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
  135. Task: {96413DB8-6AC6-498C-8F26-FF54F806264B} - System32\Tasks\clean printer => RUNDLL32 PRINTUI.DLL,PrintUIEntry /n"&lt;Brother MFC-J485DW Printer>" /k
  136. Task: {9B78857F-A8F0-4B3D-AE59-C1C30CE8DBBA} - System32\Tasks\{36C3B0E8-87EE-490E-8ECF-4D55E15FFE16} => D:\MyDDoc\Cracks+ keys\solsuite_patch.exe
  137. Task: {9BD28EBE-EE11-499F-8378-0F4A23E95782} - System32\Tasks\{307511CB-CA72-4383-81BF-C73E14A376E4} => D:\MyDDoc\ZZZ Down\4--MULTIMEDIA\IQWebPlayerSetup5 this one works.exe
  138. Task: {9D6A9B5C-CD1F-4FAE-8B95-81BB9C5F0107} - System32\Tasks\{D40D849B-29F8-49D7-AF66-87B90757FFA1} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\microangelo.exe -d D:\AAADown7
  139. Task: {A10C99AD-ED9A-4810-B319-9B2B653D9AB5} - System32\Tasks\{8AA359D4-1D8D-402B-989E-06B354D24069} => C:\Windows\system32\pcalua.exe -a K:\start.exe -d K:\
  140. Task: {A714E5C1-C0FA-4741-AF6C-5404DD46EA66} - System32\Tasks\{211DE126-A119-4086-B969-FDB809EF7FED} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\miniscsetup.exe -d D:\AAADown7
  141. Task: {B77FF34B-1C7A-42ED-831D-C96D8B7221CE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-02-10] (Adobe Inc. -> Adobe)
  142. Task: {BBDAB9CA-6FED-464A-9A0E-A9C854534242} - System32\Tasks\{925A291F-A3CF-4E99-A992-F7C680A2C04A} => msiexec.exe /package "C:\Users\Prize-02\Desktop\AMTScenesSetup.msi"
  143. Task: {BF1DAD98-364C-4C2D-9574-3739DF7C9B95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
  144. Task: {C3BCBE18-8FC5-465B-A169-DF63961C99E2} - System32\Tasks\{C84A4A27-4711-41F8-96F6-144F9A1EF4D2} => D:\AAADown\Karen--Print Direc-setup.exe
  145. Task: {C60CAE9D-C383-4770-8340-0CDA29C0BA86} - System32\Tasks\Opera scheduled Autoupdate 1491006997 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
  146. Task: {C70E53FB-6743-4B7F-B28A-85D0907FF010} - System32\Tasks\{9D598B4E-0B6B-4163-9C93-D7237B70D509} => C:\Windows\system32\pcalua.exe -a "D:\MyDDoc\ZZZ Downloaded Prog\XP ONLY\Living SnowGlobes.exe" -d "D:\MyDDoc\ZZZ Downloaded Prog\XP ONLY"
  147. Task: {D469036E-6084-4F2C-B9EF-0CA71A5BB17D} - System32\Tasks\{C2D6DBB9-266F-49EC-A60D-F30852B83667} => C:\Windows\system32\pcalua.exe -a "D:\MyDDoc\ZZZ Down\1--WIN7 64x\FoxArc 12en.exe" -d "D:\MyDDoc\ZZZ Down\1--WIN7 64x"
  148. Task: {D55CE86B-0F4A-4ABF-A922-4232A6A1A2B9} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
  149. Task: {D63B677D-0EE1-45F4-A9A9-BBB172263A8C} - System32\Tasks\{06803532-70E1-4367-BE9D-2ABA90E1CC50} => D:\MyDDoc\ZZZ Down\4--MULTIMEDIA\IQWebPlayerSetup5 this one works.exe
  150. Task: {D7B3B105-962F-40FD-9864-ED663D9077FC} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
  151. Task: {D7E6612C-FD4C-4D7D-9127-3467FDE79D5C} - System32\Tasks\AdwCleaner_onReboot => D:\AAADown7\adwcleaner_8.0.3.exe
  152. Task: {D972384E-287A-497D-B202-B96CB78221A5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  153. Task: {DFADFFE4-21A6-4B34-94E0-6CDFDE6931F7} - System32\Tasks\{4BE7A0D7-A746-4C45-A97F-8B8466BE4EEE} => D:\AAADown\Installer_DeskPins.exe
  154. Task: {EA42509A-AAB4-4820-BAAB-9748F10341A0} - System32\Tasks\Opera scheduled assistant Autoupdate 1553624233 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
  155. Task: {ED65A9AB-8F56-4D14-8EF9-115584A7E573} - \TechUtilities -> No File <==== ATTENTION
  156.  
  157. (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
  158.  
  159.  
  160. ==================== Internet (Whitelisted) ====================
  161.  
  162. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  163.  
  164. Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  165. Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
  166. Tcpip\..\Interfaces\{4867FF03-E0E3-4847-B644-1DB822791D54}: [DhcpNameServer] 192.168.1.1
  167. Tcpip\..\Interfaces\{C3DC848E-79AF-434E-B586-52929BE7558E}: [DhcpNameServer] 192.168.1.1
  168.  
  169. Internet Explorer:
  170. ==================
  171. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
  172. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  173. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
  174. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  175. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
  176. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
  177. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
  178. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  179. HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  180. DownloadDir: D:\AAADown7
  181. SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  182. SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  183. SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  184. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  185. SearchScopes: HKU\S-1-5-21-3514852469-3404283315-88258209-1000 -> DefaultScope {234EA665-FC9F-4E0F-A8A9-3F8D41F55DA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
  186. SearchScopes: HKU\S-1-5-21-3514852469-3404283315-88258209-1000 -> {234EA665-FC9F-4E0F-A8A9-3F8D41F55DA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
  187. BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
  188. BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
  189. BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
  190. BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
  191. Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
  192. Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
  193. Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
  194. StartMenuInternet: IEXPLORE.EXE - iexplore.exe
  195.  
  196. FireFox:
  197. ========
  198. FF DefaultProfile: stpbhzf0.New
  199. FF DefaultProfile: 31g04a7w.OLD PROFILECOPY10-25-2-018
  200. FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default [2019-10-29]
  201. FF Extension: (Avast SafePrice) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default\Extensions\sp@avast.com.xpi [2018-12-12] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
  202. FF Extension: (Avast Online Security) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default\Extensions\wrc@avast.com.xpi [2018-12-12]
  203. FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New [2020-03-19]
  204. FF DownloadDir: D:\AAADown7
  205. FF Homepage: Waterfox\Profiles\stpbhzf0.New -> hxxps://www.aldaily.com
  206. FF NewTab: Waterfox\Profiles\stpbhzf0.New -> about:newtab
  207. FF NetworkProxy: Waterfox\Profiles\stpbhzf0.New -> autoconfig_url", "abine://auto-conf.js"
  208. FF Notifications: Waterfox\Profiles\stpbhzf0.New -> hxxp://turkernation.com; hxxps://protonmail.com
  209. FF NewTabOverride: Waterfox\Profiles\stpbhzf0.New -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
  210. FF NewTabOverride: Waterfox\Profiles\stpbhzf0.New -> Enabled: uBlock0@raymondhill.net
  211. FF Extension: (Paywall Pass) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\@paywall-pass.xpi [2019-07-02] [Legacy]
  212. FF Extension: (Privacy Tracking Protection) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\@privacytrackingprotection201611.xpi [2019-02-10] [Legacy]
  213. FF Extension: (About sessionstore) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\aboutsessionstore@dt.xpi [2019-12-02] [Legacy]
  214. FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ALone-live@ya.ru.xpi [2017-11-07] [Legacy]
  215. FF Extension: (Back/Forward History Tweaks) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\backforwardhistorytweaks@vano.xpi [2017-12-30] [Legacy]
  216. FF Extension: (Bookmark Favicon Changer) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2017-02-18] [Legacy]
  217. FF Extension: (Classic Add-ons Archive) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ca-archive@Off.JustOff.xpi [2019-03-06] [Legacy] [not signed]
  218. FF Extension: (Classic Theme Restorer) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-07-18] [Legacy]
  219. FF Extension: (Clear Flash Cookies) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\clear-flash-cookies@cpeterso.com.xpi [2019-05-26]
  220. FF Extension: (Classic Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2018-07-06] [Legacy]
  221. FF Extension: (Custom Buttons&#179;) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\CustomButtons3@sonco.synthasite.com [2019-06-30] [Legacy] [not signed]
  222. FF Extension: (Expire History By Days) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\expire-history-by-days@bonardo.net.xpi [2019-05-15]
  223. FF Extension: (Extension List Dumper 2) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\extension_list_dumper_2@iceberg.it.xpi [2018-11-14] [Legacy]
  224. FF Extension: (FavIconReloader) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\FavIconReloader@mozilla.org [2019-12-25] [Legacy]
  225. FF Extension: (Print Friendly & PDF) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ff-addon@printfriendly.com.xpi [2019-11-22] [UpdateUrl:hxxps://cdn.printfriendly.com/browser-extensions/firefox/updates.json]
  226. FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2020-01-02] [Legacy]
  227. FF Extension: (Text Formatting Toolbar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\format.bar@codefisher.org.xpi [2016-04-27] [Legacy]
  228. FF Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\https-everywhere-eff@eff.org.xpi [2020-03-16] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
  229. FF Extension: (Self-Destructing Cookies) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2019-09-20] [Legacy]
  230. FF Extension: (Behind The Overlay) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid1-Y3WfE7td45aWDw@jetpack.xpi [2018-02-11]
  231. FF Extension: (SSL Version Control) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27] [Legacy]
  232. FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\lwtheme [2019-06-26] [not signed]
  233. FF Extension: (Show Parent Folder) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\showParentFolder@alice.xpi [2016-09-13] [Legacy]
  234. FF Extension: (Status-4-Evar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\status4evar@caligonstudios.com.xpi [2017-08-24] [Legacy]
  235. FF Extension: (Status Bar: Dynamic & Compact) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\statusbar@publicvlasov.xpi [2020-02-29] [Legacy] [not signed]
  236. FF Extension: (tb-clear-cache.tooltip) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\tb-clear-cache-single@codefisher.org.xpi [2019-12-25]
  237. FF Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\uBlock0@raymondhill.net.xpi [2020-03-10]
  238. FF Extension: (UserZoom Surveys) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\userzoom_survey_tool@jetpack.xpi [2020-03-07] [UpdateUrl:hxxps://extension-dev.userzoom.com/updates_ff.json]
  239. FF Extension: (Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2019-12-29] [Legacy] [not signed]
  240. FF Extension: (ColorfulTabs) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2019-10-04] [Legacy]
  241. FF Extension: (Malwarebytes Browser Guard) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2019-12-08]
  242. FF Extension: (MicroFox) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}.xpi [2017-08-16] [Legacy]
  243. FF Extension: (Password Toggler - view typed passwords) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{49872271-297b-4a1d-ac08-858590bffdf3}.xpi [2017-11-01]
  244. FF Extension: (SingleFile) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{531906d3-e22f-4a6c-a102-8057b88a1a63}.xpi [2020-03-18]
  245. FF Extension: (New Tab Homepage) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-24] [Legacy]
  246. FF Extension: (Custom UserAgent String) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{861a3982-bb3b-49c6-bc17-4f50de104da1}.xpi [2019-07-27]
  247. FF Extension: (SavvyConnect Express) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{cf3b90e8-a269-405e-a838-8ceae1a115a6}.xpi [2019-06-30]
  248. FF Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{ecb80162-dfbd-4d91-a8da-17b35ba4707a}.xpi [2019-11-28]
  249. FF Extension: (Text Formatting Toolbar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\format.bar@codefisher.org.xpi [2016-04-27] [Legacy]
  250. FF Extension: (Show Parent Folder) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\showParentFolder@alice.xpi [2016-09-13] [Legacy]
  251. FF Extension: (Bookmark Favicon Changer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\bookmarkfaviconchanger@sonthakit.xpi [2017-02-18] [Legacy]
  252. FF Extension: (Status-4-Evar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\status4evar@caligonstudios.com.xpi [2017-08-24] [Legacy]
  253. FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [not found]
  254. FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\ALone-live@ya.ru.xpi [2017-11-07] [Legacy]
  255. FF Extension: (Classic Theme Restorer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-07-18] [Legacy]
  256. FF Extension: (Custom Buttons&#179;) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\custombuttons3@srazzano.com [2018-10-25] [Legacy] [not signed]
  257. FF Extension: (Extension List Dumper 2) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\extension_list_dumper_2@iceberg.it.xpi [2018-11-14] [Legacy]
  258. FF Extension: (ColorfulTabs) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2019-04-15] [Legacy]
  259. FF Extension: (FavIconReloader) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\FavIconReloader@mozilla.org [2019-11-28] [Legacy]
  260. FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\duckduckgo-1.xml [2013-03-17]
  261. FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\duckduckgo.xml [2013-03-17]
  262. FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\ixquick-https.xml [2014-12-12]
  263. FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default [2019-12-04]
  264. FF Extension: (Avast SafePrice) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default\Extensions\sp@avast.com.xpi [2018-12-12] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
  265. FF Extension: (Avast Online Security) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default\Extensions\wrc@avast.com.xpi [2018-12-12]
  266. FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 [2020-03-15]
  267. FF Homepage: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> hxxps://www.aldaily.com
  268. FF NewTab: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> about:newtab
  269. FF NetworkProxy: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> autoconfig_url", "abine://auto-conf.js"
  270. FF Notifications: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> hxxp://turkernation.com; hxxps://protonmail.com
  271. FF NewTabOverride: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
  272. FF NewTabOverride: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> Enabled: uBlock0@raymondhill.net
  273. FF Extension: (Paywall Pass) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\@paywall-pass.xpi [2019-07-02] [Legacy]
  274. FF Extension: (Privacy Tracking Protection) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\@privacytrackingprotection201611.xpi [2019-02-10] [Legacy]
  275. FF Extension: (About sessionstore) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\aboutsessionstore@dt.xpi [2019-12-02] [Legacy]
  276. FF Extension: (Back/Forward History Tweaks) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\backforwardhistorytweaks@vano.xpi [2017-12-30] [Legacy]
  277. FF Extension: (Classic Add-ons Archive) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\ca-archive@Off.JustOff.xpi [2019-03-06] [Legacy] [not signed]
  278. FF Extension: (Clear Flash Cookies) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\clear-flash-cookies@cpeterso.com.xpi [2019-05-26]
  279. FF Extension: (Classic Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2018-07-06] [Legacy]
  280. FF Extension: (Expire History By Days) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\expire-history-by-days@bonardo.net.xpi [2019-05-14]
  281. FF Extension: (Favicon Restorer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\faviconrestorer@masserog.it [2020-01-02] [Legacy]
  282. FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2020-01-02] [Legacy]
  283. FF Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\https-everywhere-eff@eff.org.xpi [2019-11-11] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
  284. FF Extension: (Self-Destructing Cookies) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2019-09-20] [Legacy]
  285. FF Extension: (YouTube ALL HTML5) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
  286. FF Extension: (Behind The Overlay) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-Y3WfE7td45aWDw@jetpack.xpi [2018-02-11]
  287. FF Extension: (SSL Version Control) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27] [Legacy]
  288. FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\lwtheme [2018-10-25] [not signed]
  289. FF Extension: (Open With) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\openwith@darktrojan.net.xpi [2019-12-25] [Legacy]
  290. FF Extension: (Clear the browsers cache Button) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\tb-clear-cache-single@codefisher.org.xpi [2017-10-24]
  291. FF Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\uBlock0@raymondhill.net.xpi [2018-12-02]
  292. FF Extension: (userzoom) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\userzoom_survey_tool@jetpack.xpi [2020-01-09] [Legacy]
  293. FF Extension: (Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-27] [Legacy]
  294. FF Extension: (MicroFox) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}.xpi [2017-08-16] [Legacy]
  295. FF Extension: (Password Toggler - view typed passwords) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{49872271-297b-4a1d-ac08-858590bffdf3}.xpi [2017-11-01]
  296. FF Extension: (SingleFile) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{531906d3-e22f-4a6c-a102-8057b88a1a63}.xpi [2020-03-11]
  297. FF Extension: (New Tab Homepage) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-24] [Legacy]
  298. FF Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{ecb80162-dfbd-4d91-a8da-17b35ba4707a}.xpi [2019-11-28]
  299. FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\duckduckgo-1.xml [2013-03-17]
  300. FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\duckduckgo.xml [2013-03-17]
  301. FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\ixquick-https.xml [2014-12-12]
  302. FF HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Thunderbird\Extensions: [{2fde55eb-0b64-49fc-8e12-690b07010401}] - C:\Users\Prize-02\AppData\Roaming\Lamantine\Sticky Password\spAutofillTb
  303. FF Extension: (Sticky Password extension) - C:\Users\Prize-02\AppData\Roaming\Lamantine\Sticky Password\spAutofillTb [2019-10-19] [Legacy] [not signed]
  304. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-03-07] (Adobe Inc. -> )
  305. FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
  306. FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
  307. FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
  308. FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
  309. FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-03-07] (Adobe Inc. -> )
  310. FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
  311. FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
  312. FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
  313. FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel® Identity Protection Technology Software -> Intel Corporation)
  314. FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel® Identity Protection Technology Software -> Intel Corporation)
  315. FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  316. FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
  317. FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
  318. FF Plugin HKU\S-1-5-21-3514852469-3404283315-88258209-1000: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll [2019-10-09] (Lamantine Software a.s. -> Lamantine Software a.s.)
  319. FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2020-02-19] <==== ATTENTION (Points to *.cfg file)
  320. FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2020-02-19] <==== ATTENTION
  321.  
  322. Chrome:
  323. =======
  324. CHR Profile: C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default [2020-03-19]
  325. CHR DownloadDir: D:\AAADown7
  326. CHR Notifications: Default -> hxxps://paidviewpoint.com; hxxps://turkerview.com; hxxps://worker.mturk.com; hxxps://www.youtube.com; hxxps://www.zdnet.com
  327. CHR HomePage: Default -> hxxps://worker.mturk.com/projects?filters%5Bmasters%5D=false&filters%5Bmin_reward%5D=.75&filters%5Bqualified%5D=true&filters%5Bsearch_term%5D=&page_size=100&sort=updated_desc
  328. CHR StartupUrls: Default -> "hxxps://www.amazon.com/ap/signin?_encoding=UTF8&clientContext=4620ca23425d9b78a5bdd54a34f1e6&marketplaceId=A384XSLT9ODACQ&openid.assoc_handle=amzn_mturk_worker_faster_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=43200&openid.return_to=https%3A%2F%2Fworker.mturk.com%2F%3Fend_signin%3D1","chrome-extension://iglbakfobmoijpbigmlfklckogbefnlf/hit_catcher/hit_catcher.html","chrome-extension://iglbakfobmoijpbigmlfklckogbefnlf/hit-finder/hit-finder.html"
  329. CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
  330. CHR DefaultSearchKeyword: Default -> duckduckgo.com
  331. CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
  332. CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
  333. CHR Extension: (Vivacious Purple) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\abclcohgmmeilcdckaebkmlbapabjppk [2018-06-19]
  334. CHR Extension: (Google Drive) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
  335. CHR Extension: (YouTube) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-19]
  336. CHR Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2019-10-08]
  337. CHR Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-02-07]
  338. CHR Extension: (Tampermonkey) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-02]
  339. CHR Extension: (GoFree Remove Ads) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeplmiccjbddfmopdmbnfheakekooafd [2019-12-28]
  340. CHR Extension: (EditThisCookie) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-01-10]
  341. CHR Extension: (MTurk Suite) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglbakfobmoijpbigmlfklckogbefnlf [2020-02-21]
  342. CHR Extension: (UserZoom Surveys v2) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgccgnbbhnlhgkhkdpmciognioebcoa [2020-03-15]
  343. CHR Extension: (Custom UserAgent String) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejiafennghcpgmbpiodgofeklkpahoe [2019-09-24]
  344. CHR Extension: (UserLook Recorder) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\neimnkpjllmhbfkghkmmajadlicnpjej [2019-01-08]
  345. CHR Extension: (Chrome Web Store Payments) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
  346. CHR Extension: (Auto Refresh Plus) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfjpkccecpdfkpmfocndhepolhljfhg [2020-02-29]
  347. CHR Extension: (UserTesting Browser Recorder) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlhphabpmijgblopkcjmphbbmeliagn [2020-03-03]
  348. CHR Extension: (Gmail) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-28]
  349. CHR Extension: (Chrome Media Router) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-15]
  350.  
  351. Opera:
  352. =======
  353. OPR DownloadDir: D:\AAADown7
  354. OPR StartupUrls:
  355. OPR Extension: (YouTube™ All HTML5 Player) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\bhnpdodajbcppoliofibniblhfbjdebn [2017-05-26]
  356. OPR Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2020-01-01]
  357. OPR Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2019-05-25]
  358. OPR Extension: (Classic Notes) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\glljnehjkdeockbnkfbjclngdhnmnebd [2017-04-01]
  359. OPR Extension: (Quick History) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmnhfgcahjdhfocnolfkmfadlieleijj [2017-04-01]
  360. OPR Extension: (Privacy Badger) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2020-01-21]
  361. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\addons_portal_app [0]
  362. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\adblocker [0]
  363. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\welcome_page_app [0]
  364. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\web_feed_handler [0]
  365. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\video_handler [0]
  366. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\docs_minimal_app [0]
  367. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\bookmark_manager [0]
  368. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\pdf [0]
  369. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\background_worker [0]
  370. OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\portal_app [0]
  371.  
  372. ==================== Services (Whitelisted) ===================
  373.  
  374. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  375.  
  376. S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
  377. R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [441664 2019-11-28] (Digital Wave Ltd -> Digital Wave Ltd)
  378. R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [37224 2020-03-03] (IDSA Production signing key -> Intel)
  379. S3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [143720 2020-03-03] (IDSA Production signing key -> Intel)
  380. S4 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software -> Duality Software)
  381. R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [5840360 2019-10-02] (GlassWire -> SecureMix LLC)
  382. S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation -> Intel Corporation)
  383. S3 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6408384 2019-08-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
  384. S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-09] (Malwarebytes Inc -> Malwarebytes)
  385. R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  386. R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
  387. S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
  388. S2 HLfms; C:\Program Files\High-Logic FontService\fontservice.exe [X]
  389.  
  390. ===================== Drivers (Whitelisted) ===================
  391.  
  392. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  393.  
  394. S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation -> Broadcom Corporation)
  395. S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (Bitdefender SRL -> BitDefender)
  396. S2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [757240 2020-03-04] (Bitdefender SRL -> Bitdefender)
  397. S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [54800 2018-11-24] (Software Security Systems ChTUP -> CrystalIdea Software)
  398. S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [309120 2020-02-20] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
  399. S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [25480 2019-03-12] (CHENGDU YIWO Tech Development Co., Ltd. -> )
  400. R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [21384 2019-04-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
  401. S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [14728 2018-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> )
  402. R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-05-25] (Glarysoft LTD -> Glarysoft Ltd)
  403. R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (GlassWire -> SecureMix LLC)
  404. S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-01-27] (Intel Corporation) [File not signed]
  405. R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
  406. R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
  407. S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
  408. S3 psvolacc; C:\Windows\system32\drivers\psvolacc.sys [34520 2018-12-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
  409. R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
  410. S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
  411. U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
  412. S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [22096 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
  413. S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
  414. U3 aswbdisk; no ImagePath
  415. S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
  416. S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
  417. S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
  418. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  419.  
  420. ==================== NetSvcs (Whitelisted) ===================
  421.  
  422. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  423.  
  424.  
  425. ==================== One month (created) ===================
  426.  
  427. (If an entry is included in the fixlist, the file/folder will be moved.)
  428.  
  429. 2020-03-19 17:09 - 2020-03-19 17:11 - 000000000 ____D C:\FRST
  430. 2020-03-17 03:48 - 2020-03-17 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Restore
  431. 2020-03-16 00:39 - 2020-03-16 00:39 - 000001722 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\EMAIL-SIGS.lnk
  432. 2020-03-16 00:21 - 2020-03-16 00:21 - 000000834 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\=============.lnk
  433. 2020-03-15 23:49 - 2020-03-15 23:49 - 000003118 _____ C:\Windows\system32\Tasks\{0D6FEA8A-3421-4B6A-ACD7-DFFBF62E0584}
  434. 2020-03-15 23:48 - 2020-03-15 23:48 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\WinBatch
  435. 2020-03-15 23:08 - 2020-03-15 23:08 - 000001885 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
  436. 2020-03-15 23:08 - 2020-03-15 23:08 - 000000000 ____D C:\Program Files\Microsoft Security Client
  437. 2020-03-15 23:08 - 2020-03-15 23:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
  438. 2020-03-15 19:41 - 2020-03-15 19:41 - 000000000 ____D C:\Program Files (x86)\Userfeel
  439. 2020-03-15 15:23 - 2020-03-15 15:23 - 000066556 _____ C:\ProgramData\agent.uninstall.1584300193.bdinstall.v2.bin
  440. 2020-03-15 13:50 - 2020-03-15 13:50 - 000001722 _____ C:\Users\Prize-02\Desktop\EMAIL-SIGS.lnk
  441. 2020-03-15 13:50 - 2020-03-15 13:50 - 000001022 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Revo Uninstaller.lnk
  442. 2020-03-15 12:21 - 2020-03-15 12:21 - 000001022 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller.lnk
  443. 2020-03-15 12:21 - 2020-03-15 12:21 - 000000000 ____D C:\Program Files\VS Revo Group
  444. 2020-03-14 22:57 - 2020-03-14 22:57 - 000003030 _____ C:\Windows\system32\Tasks\{7B4D4634-DD59-46C1-BE97-FF902FDE90A9}
  445. 2020-03-14 21:21 - 2020-03-14 21:21 - 000102904 _____ C:\ProgramData\agent.1584235305.bdinstall.v2.bin
  446. 2020-03-14 20:55 - 2020-03-14 20:56 - 000105817 _____ C:\ProgramData\uninstalltool.1584233759.4012.bin
  447. 2020-03-14 20:55 - 2020-03-14 20:56 - 000002486 _____ C:\ProgramData\uninstalltool.1584233759.3724.bin
  448. 2020-03-14 16:44 - 2020-03-14 17:25 - 000000000 ____D C:\ProgramData\BDLogging
  449. 2020-03-11 14:16 - 2020-03-11 14:16 - 000000000 ____D C:\Intel
  450. 2020-03-09 22:31 - 2020-03-09 22:31 - 000000973 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\High-Logic MainType.lnk
  451. 2020-03-04 20:04 - 2020-03-19 15:01 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Userfeel
  452. 2020-03-04 20:04 - 2020-03-04 20:04 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Userfeel.lnk
  453. 2020-03-03 16:26 - 2020-03-15 15:42 - 000000000 ____D C:\Program Files (x86)\GlassWire
  454. 2020-03-03 16:26 - 2020-03-03 16:26 - 000001889 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire.lnk
  455. 2020-03-03 16:26 - 2015-05-29 00:30 - 000008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
  456. 2020-03-03 16:26 - 2015-05-29 00:15 - 000033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
  457. 2020-03-03 14:29 - 2020-03-03 14:30 - 000000963 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\adwcleaner_8.0.3.exe - Shortcut.lnk
  458. 2020-03-03 14:28 - 2020-03-03 14:28 - 000003074 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
  459. 2020-03-03 13:03 - 2020-03-03 13:03 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Neos Eureka S.r.l
  460. 2020-03-01 21:09 - 2020-03-01 21:09 - 000000362 _____ C:\Users\Prize-02\Desktop\FROG (R).lnk
  461. 2020-02-28 16:54 - 2020-02-28 16:54 - 000001210 _____ C:\Users\Public\HP--Desktop.lnk
  462. 2020-02-28 16:53 - 2020-02-28 16:53 - 000001743 _____ C:\Users\Public\HP--MyDDoc.lnk
  463. 2020-02-28 16:53 - 2020-02-28 16:53 - 000001186 _____ C:\Users\Public\HP-Roaming-Appdata.lnk
  464. 2020-02-26 00:38 - 2020-03-15 15:42 - 000000000 ____D C:\Program Files (x86)\DS Clock
  465. 2020-02-26 00:38 - 2020-02-26 00:38 - 000000988 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DS Clock.lnk
  466. 2020-02-26 00:38 - 2020-02-26 00:38 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Duality Software
  467. 2020-02-24 15:27 - 2020-02-24 15:30 - 000000135 _____ C:\Users\Prize-02\Desktop\new red.txt
  468. 2020-02-22 04:55 - 2020-03-16 13:51 - 000001551 _____ C:\Users\Prize-02\Desktop\CANON.lnk
  469. 2020-02-21 17:20 - 2020-02-21 17:20 - 000000021 _____ C:\unhide files.bat(1).txt
  470. 2020-02-21 02:06 - 2020-02-21 02:06 - 000002153 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\CHROME.lnk
  471. 2020-02-20 18:22 - 2020-02-20 18:28 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
  472. 2020-02-20 18:22 - 2020-02-20 18:28 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
  473. 2020-02-20 18:17 - 2020-03-15 15:00 - 000000000 ____D C:\Program Files\Uninstall Tool
  474. 2020-02-20 18:17 - 2020-03-15 12:20 - 000003534 _____ C:\Windows\system32\Tasks\UninstallTool_SkipUAC_Prize-02
  475. 2020-02-20 18:17 - 2020-02-20 18:17 - 000000867 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unіnstall Tool.lnk
  476. 2020-02-20 18:17 - 2020-02-20 18:17 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\CrystalIdea Software
  477. 2020-02-20 18:17 - 2018-11-24 14:11 - 000054800 _____ (CrystalIdea Software) C:\Windows\system32\Drivers\CisUtMonitor.sys
  478. 2020-02-20 17:14 - 2020-02-20 18:22 - 000000000 ____D C:\Program Files (x86)\Google
  479.  
  480. ==================== One month (modified) ==================
  481.  
  482. (If an entry is included in the fixlist, the file/folder will be moved.)
  483.  
  484. 2020-03-19 17:12 - 2019-08-14 11:26 - 000000000 ____D C:\TEMP
  485. 2020-03-19 17:07 - 2019-07-15 02:38 - 000000000 ____D C:\Users\Prize-02\AppData\LocalLow\Mozilla
  486. 2020-03-17 18:42 - 2017-02-24 02:27 - 000008165 _____ C:\Windows\BRRBCOM.INI
  487. 2020-03-17 04:24 - 2018-10-25 19:15 - 000000000 ___RD C:\Program Files\Mozilla Firefox
  488. 2020-03-17 04:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
  489. 2020-03-17 04:15 - 2019-05-25 02:04 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
  490. 2020-03-17 04:14 - 2017-05-02 18:50 - 000000014 _____ C:\Windows\popcinfo.dat
  491. 2020-03-17 03:48 - 2017-02-20 23:44 - 000000000 ____D C:\Program Files\Desktop Restore
  492. 2020-03-16 20:14 - 2009-07-14 00:45 - 000024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  493. 2020-03-16 20:14 - 2009-07-14 00:45 - 000024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  494. 2020-03-16 16:13 - 2019-10-08 12:38 - 000000000 ____D C:\ProgramData\TEMP
  495. 2020-03-16 12:52 - 2017-02-19 20:06 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\VLC
  496. 2020-03-16 03:05 - 2016-10-19 09:11 - 000774504 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
  497. 2020-03-16 03:05 - 2009-07-14 01:13 - 000774504 _____ C:\Windows\system32\PerfStringBackup.INI
  498. 2020-03-15 23:55 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
  499. 2020-03-15 23:54 - 2017-03-05 04:09 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
  500. 2020-03-15 23:30 - 2017-02-13 23:08 - 000000000 ____D C:\ProgramData\Package Cache
  501. 2020-03-15 23:30 - 2016-10-18 17:50 - 000000000 ____D C:\Program Files\Intel
  502. 2020-03-15 23:30 - 2016-10-18 17:22 - 000000000 ____D C:\Program Files (x86)\Intel
  503. 2020-03-15 23:27 - 2016-10-18 17:23 - 000000000 ____D C:\ProgramData\Intel
  504. 2020-03-15 23:08 - 2017-11-14 22:16 - 000001945 _____ C:\Windows\epplauncher.mif
  505. 2020-03-15 15:42 - 2020-01-31 21:44 - 000000000 ____D C:\Program Files\WEbcamImageSave
  506. 2020-03-15 15:42 - 2020-01-04 22:13 - 000000000 ____D C:\Program Files\qBittorrent
  507. 2020-03-15 15:42 - 2020-01-02 17:52 - 000000000 ____D C:\Program Files\TreeComp
  508. 2020-03-15 15:42 - 2019-12-02 04:32 - 000000000 ____D C:\Program Files (x86)\Youtube Downloader HD
  509. 2020-03-15 15:42 - 2019-11-04 04:37 - 000000000 ____D C:\Program Files (x86)\EndItAll
  510. 2020-03-15 15:42 - 2019-10-06 15:18 - 000000000 ____D C:\Program Files\WizTree
  511. 2020-03-15 15:42 - 2019-09-07 12:18 - 000000000 ____D C:\Program Files\RegScanner for 64
  512. 2020-03-15 15:42 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==INTERNET==
  513. 2020-03-15 15:42 - 2019-08-31 02:28 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==SECURITY==
  514. 2020-03-15 15:42 - 2019-07-14 16:53 - 000000000 ____D C:\Program Files (x86)\Postimage
  515. 2020-03-15 15:42 - 2019-06-26 00:39 - 000000000 ___RD C:\Program Files\Waterfox
  516. 2020-03-15 15:42 - 2019-06-14 14:24 - 000000000 ____D C:\Program Files\ADWCleaner--no-install
  517. 2020-03-15 15:42 - 2019-03-10 15:38 - 000000000 ____D C:\Program Files\Registry Workshop
  518. 2020-03-15 15:42 - 2018-08-04 21:21 - 000000000 ____D C:\Program Files (x86)\Sticky Password
  519. 2020-03-15 15:42 - 2018-01-13 21:00 - 000000000 ____D C:\Program Files (x86)\BurnAware Free
  520. 2020-03-15 15:42 - 2017-10-15 01:12 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\IrfanView
  521. 2020-03-15 15:42 - 2017-10-15 01:12 - 000000000 ____D C:\Program Files\IrfanView
  522. 2020-03-15 15:42 - 2017-04-15 17:39 - 000000000 ___RD C:\Program Files (x86)\Mozilla Thunderbird
  523. 2020-03-15 15:42 - 2017-02-14 07:27 - 000000000 ____D C:\Program Files\Unlocker
  524. 2020-03-15 15:42 - 2017-02-13 21:06 - 000000000 ____D C:\Program Files\7-Zipx64
  525. 2020-03-15 15:42 - 2017-02-12 02:42 - 000000000 ____D C:\Program Files\Recuva
  526. 2020-03-15 15:42 - 2017-02-09 23:40 - 000000000 ____D C:\Program Files (x86)\FreeAlarmClock
  527. 2020-03-15 15:42 - 2016-10-18 12:33 - 000000000 ___RD C:\Users\Prize-02
  528. 2020-03-15 15:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
  529. 2020-03-15 15:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
  530. 2020-03-15 15:00 - 2018-06-25 20:23 - 000000000 ____D C:\ProgramData\CanonIJEGV
  531. 2020-03-15 15:00 - 2017-02-27 23:22 - 000000000 ___RD C:\++000ICONS-Used-in-Filing-System
  532. 2020-03-15 15:00 - 2017-02-19 10:41 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Foxit Software
  533. 2020-03-15 15:00 - 2017-02-12 02:51 - 000000000 ____D C:\ProgramData\Youtube to MP3 Converter
  534. 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==UTIL==
  535. 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==MULTIMEDIA==
  536. 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\-----------------------------
  537. 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\============
  538. 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==GRAPHICS, PUBL==
  539. 2020-03-15 14:59 - 2019-06-26 00:39 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Waterfox
  540. 2020-03-15 14:59 - 2017-02-10 20:24 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Thornsoft Development
  541. 2020-03-15 14:59 - 2017-02-09 23:36 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Thunderbird
  542. 2020-03-15 14:59 - 2017-02-09 16:46 - 000000000 ___RD C:\Users\Prize-02\Desktop\Desktop files
  543. 2020-03-15 14:59 - 2016-10-18 17:38 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Mozilla
  544. 2020-03-15 01:54 - 2017-06-04 16:23 - 000000000 ____D C:\Windows\system32\Macromed
  545. 2020-03-15 01:54 - 2017-02-12 23:29 - 000000000 ____D C:\Windows\SysWOW64\Macromed
  546. 2020-03-15 01:53 - 2016-10-18 17:48 - 000000000 ____D C:\swsetup
  547. 2020-03-14 21:21 - 2017-05-28 16:10 - 000017712 _____ C:\GDIPFONTCACHEV1.DAT
  548. 2020-03-09 22:26 - 2009-07-13 22:34 - 000000834 _____ C:\Windows\win.ini
  549. 2020-03-07 23:25 - 2018-10-26 15:09 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
  550. 2020-03-07 23:25 - 2018-10-26 15:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
  551. 2020-03-07 23:25 - 2018-10-26 15:09 - 000004456 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
  552. 2020-03-04 15:42 - 2020-02-10 20:07 - 000757240 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
  553. 2020-03-03 14:30 - 2020-01-20 03:30 - 000001319 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\magnifier.lnk
  554. 2020-03-03 14:30 - 2019-10-31 17:54 - 000001170 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\enditall.lnk
  555. 2020-03-03 13:20 - 2019-12-02 20:06 - 000000257 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\PW - Copy.txt
  556. 2020-03-01 19:28 - 2017-02-10 20:20 - 000000000 ___RD C:\Program Files\ClipMate7
  557. 2020-03-01 17:15 - 2019-05-22 23:09 - 000000000 ___RD C:\Program Files\Folder Painter
  558. 2020-02-28 05:55 - 2020-02-10 20:07 - 000453552 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\gemma.sys
  559. 2020-02-24 01:59 - 2019-08-30 14:06 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
  560. 2020-02-20 18:31 - 2017-09-03 17:02 - 000000000 ____D C:\Program Files (x86)\Win Driver Backup
  561. 2020-02-20 15:35 - 2020-02-10 20:07 - 001972328 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
  562. 2020-02-20 15:35 - 2020-02-10 20:07 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
  563. 2020-02-19 00:37 - 2019-05-30 16:34 - 000181040 _____ C:\Windows\system32\FNTCACHE.DAT
  564. 2020-02-19 00:37 - 2017-12-30 04:42 - 000000000 ____D C:\ProgramData\AVAST Software
  565.  
  566. ==================== Files in the root of some directories ========
  567.  
  568. 2017-02-09 11:17 - 2017-03-09 15:56 - 017185304 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
  569. 2018-12-24 21:37 - 2018-12-24 21:40 - 000009111 _____ () C:\Users\Prize-02\AppData\Roaming\downloads.json
  570. 2018-11-27 15:09 - 2018-11-27 15:09 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT2AD6.tmp
  571. 2018-10-18 23:55 - 2018-10-18 23:55 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT6141.tmp
  572. 2020-02-19 02:33 - 2020-02-19 02:33 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT7B49.tmp
  573. 2020-02-19 02:33 - 2020-02-19 02:33 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT7B78.tmp
  574. 2018-10-29 15:19 - 2018-10-29 15:19 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT8AE0.tmp
  575. 2018-07-29 08:15 - 2018-07-29 08:15 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITA784.tmp
  576. 2017-09-24 15:34 - 2017-09-24 15:34 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITB4B0.tmp
  577. 2017-09-24 15:34 - 2017-09-24 15:34 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITB4DF.tmp
  578. 2018-10-25 19:24 - 2018-10-25 19:24 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITC62B.tmp
  579. 2018-10-25 19:24 - 2018-10-25 19:24 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITC83E.tmp
  580. 2020-03-14 21:58 - 2020-03-14 21:58 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITCE94.tmp
  581. 2020-03-14 21:58 - 2020-03-14 21:58 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITCFCD.tmp
  582. 2017-04-20 23:09 - 2019-10-17 14:46 - 000006144 _____ () C:\Users\Prize-02\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  583. 2019-09-14 12:18 - 2019-09-14 12:18 - 000000017 _____ () C:\Users\Prize-02\AppData\Local\resmon.resmoncfg
  584.  
  585. ==================== SigCheck ============================
  586.  
  587. (There is no automatic fix for files that do not pass verification.)
  588.  
  589.  
  590. LastRegBack: 2020-03-18 01:36
  591. ==================== End of FRST.txt ========================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!