Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
- Ran by Prize-02 (administrator) on HP (Hewlett-Packard p6-2020t) (19-03-2020 17:09:32)
- Running from D:\AAADown7
- Loaded Profiles: Prize-02 (Available Profiles: Prize-02)
- Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
- Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- () [File not signed] C:\Program Files (x86)\Virtual Magnifying Glass\magnifier.exe
- (Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
- (Duality Software -> Duality Software) C:\Program Files (x86)\DS Clock\dsclock.exe
- (Elias Fotinis) [File not signed] C:\Program Files (x86)\DeskPins\deskpins.exe
- (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
- (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
- (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
- (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
- (KarenWare.com -> KarenWare.com) C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
- (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
- (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
- (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spUIAManager.exe
- (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
- (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
- (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
- (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
- (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
- (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
- (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
- (Petr Stepanets -> ) [File not signed] C:\Program Files (x86)\Postimage\postimage.exe
- (Thornsoft Development, Inc. -> Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
- (Waterfox Limited -> Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
- (Waterfox Limited -> Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
- (WordWeb Software -> WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
- ==================== Registry (Whitelisted) ===================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
- HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
- HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [237416 2020-03-03] (IDSA Production signing key -> Intel)
- HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (U)
- HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (U)
- HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
- HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [66288 2019-10-09] (Lamantine Software a.s. -> Lamantine Software a.s.)
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [DS Clock] => C:\Program Files (x86)\DS Clock\DSClock.exe [584208 2012-12-17] (Duality Software -> Duality Software)
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [ClipMate7] => C:\Program Files (x86)\ClipMate7\ClipMate.exe [3760424 2009-01-31] (Thornsoft Development, Inc. -> Thornsoft Development, Inc.)
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [81120 2016-02-12] (WordWeb Software -> WordWeb Software)
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [Postimage] => C:\Program Files (x86)\Postimage\postimage.exe [16306936 2013-07-21] (Petr Stepanets -> ) [File not signed]
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2020-01-05] (Glarysoft LTD -> Glarysoft Ltd)
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [7864296 2019-10-02] (GlassWire -> SecureMix LLC)
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\system: [DisableChangePassword] 1
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\system: [DisableLockWorkstation] 1
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\Explorer: [NoShutdown] 1
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Policies\Explorer: [NoLogoff] 1
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\HUMANO~1.SCR [4156488 2019-02-13] (Axialis Software) [File not signed]
- HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Windows\system32\advpack.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation)
- HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC)
- HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Windows\SysWOW64\advpack.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation)
- HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
- Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2019-04-02]
- ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed]
- Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Postimage.lnk [2019-10-26]
- ShortcutTarget: Postimage.lnk -> C:\Program Files (x86)\Postimage\postimage.exe (Petr Stepanets -> ) [File not signed]
- Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PTReplicator.lnk [2019-08-31]
- ShortcutTarget: PTReplicator.lnk -> C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (KarenWare.com -> KarenWare.com)
- Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TB PROG.lnk [2019-08-31]
- ShortcutTarget: TB PROG.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
- Startup: C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Magnifying Glass.lnk [2019-03-19]
- ShortcutTarget: Virtual Magnifying Glass.lnk -> C:\Program Files (x86)\Virtual Magnifying Glass\magnifier.exe () [File not signed]
- BootExecute: autocheck autochk /p \??\C:autocheck autochk *
- GroupPolicy: Restriction - Chrome <==== ATTENTION
- GroupPolicy\User: Restriction ? <==== ATTENTION
- FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
- CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
- ==================== Scheduled Tasks (Whitelisted) ============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- Task: {1B9B1BB6-B9CB-4946-9177-20BA6B80583F} - System32\Tasks\{52F4E76F-240F-4C2C-B86F-AD259CD9981E} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
- Task: {211EDBD6-B7B9-45DC-981B-DE92DA052C53} - System32\Tasks\{7B4D4634-DD59-46C1-BE97-FF902FDE90A9} => C:\Windows\system32\pcalua.exe -a R:\sp47471.exe -d R:\
- Task: {252CF549-AB54-482C-92D6-E62182992FC9} - System32\Tasks\{0CE99B97-6B2F-46CC-8346-C4DCBF136F18} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
- Task: {2EB029A0-8FFF-40B7-BED0-8001205600C3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-03-07] (Adobe Inc. -> Adobe)
- Task: {3025A5C3-DD97-4F91-AC6C-67C460DB9239} - \Avira SystrayStartTrigger -> No File <==== ATTENTION
- Task: {32B2C975-999C-4CB2-97D3-7B5115902125} - System32\Tasks\UninstallTool_SkipUAC_Prize-02 => C:\Program Files\Uninstall Tool\UninstallTool.exe [4886600 2019-09-17] (CrystalBit Solutions -> CrystalIDEA Software)
- Task: {37414884-C2BC-4762-8F2F-3264800FA425} - System32\Tasks\{D5A7F2CD-7F06-41C3-A2DE-69E61D5B9B8C} => D:\AAADown\IQWebPlayerSetup.exe
- Task: {47E8503B-6B3A-4D9B-B07F-5D30AAE4FD4C} - System32\Tasks\{A9FDA765-441F-4F59-85CB-57629BE45BE7} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
- Task: {49ED5B6A-86E2-448E-B5DC-852D4AD3D800} - System32\Tasks\{AF34CBCB-F6C7-4FD2-B2E3-DD14E548E172} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
- Task: {4CE7ED54-6122-48A0-B40F-D29F13B13B25} - System32\Tasks\{6CE0F2A6-627A-413D-8FD7-39B853FBA5EC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\MS Installer Cleanup\msicuu2.exe" -d "C:\Program Files\MS Installer Cleanup"
- Task: {50F2DBF7-7FDE-4FE0-80C3-46BC57D2FC9B} - System32\Tasks\{7BDE9FEF-2706-4897-8116-48C5A5395D61} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup(1).exe
- Task: {59AE4F54-8CC8-48AE-97AB-E74A2D10F94E} - System32\Tasks\{7BBF96EB-8C40-44B6-AB8B-D3C1CA2A128C} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
- Task: {61633760-FCC1-4D55-BFA0-97C86CFA6C6D} - System32\Tasks\{B2051E66-DFD5-41AF-A080-8918B253FAC0} => D:\AAADown7\IQWebPlayerSetup.exe
- Task: {61794E05-C1E1-4FB6-BA77-B65049373AB0} - System32\Tasks\{7683D11D-A8C0-4843-8C00-557713C99344} => D:\AAADown7\IQWebPlayerSetup.exe
- Task: {627F3024-3DE1-447B-A6DC-1F641C705CA2} - System32\Tasks\{8BF4B743-0295-439F-96FD-E2954FE55DF6} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
- Task: {64C9B236-195B-4F35-92F4-A8C03EBEEBA3} - System32\Tasks\{73A02160-3022-4730-98D8-EC4F62C1B1FC} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
- Task: {6C864234-9FB1-4631-A341-DDAFF349A651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-20] (Google Inc -> Google Inc.)
- Task: {6D154475-4074-4F88-9658-E72878A702EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-20] (Google Inc -> Google Inc.)
- Task: {6FC8163D-3161-443F-9781-F0906B47A971} - System32\Tasks\Print a Dot => C:\Windows\system32\notepad.exe [193536 2015-07-09] (Microsoft Windows -> Microsoft Corporation)
- Task: {747E8FEF-39D8-4301-B4D0-82F229AAFDA3} - System32\Tasks\{2038AF07-3684-4CBA-9DE4-22C7CEB4FB07} => D:\Backup --Cursors+Scr Sav\scr--Living SnowGlobe files\Living_SnowGlobes_installer.exe
- Task: {769ED811-B483-49F2-BF21-45420B1265D6} - System32\Tasks\{6772F8D0-C3D2-4899-85B9-953384EC8C47} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup(1).exe
- Task: {78F3F4C5-8C52-4AB1-BDC4-C83EC8FC2590} - System32\Tasks\{BEB81A6D-C64C-45A2-B76A-C60938AE67A6} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
- Task: {79F9021B-20F5-4538-922D-CCEF31F744D5} - System32\Tasks\{9D6DC38C-20A7-4441-93B3-F6C51D5192A4} => C:\DATA TO MOVE TO D\AAADown\IQWebPlayerSetup.exe
- Task: {7CABF514-041F-4F86-BAA6-CE03A63C19D7} - System32\Tasks\{78808907-FA88-473C-B195-2C15CE9EF267} => C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
- Task: {7DCE1B86-1BE6-4944-A851-20360A504E9D} - System32\Tasks\{6B78D469-891C-40E8-99F8-871DC6C049E9} => msiexec.exe /package "D:\AAADown\LibreOffice_5.3.0_Win_x86.msi"
- Task: {7E68EE19-FE84-4933-AAF0-49451CC4377A} - System32\Tasks\{5D9591D3-3683-41EC-85B6-6C99F0A83491} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
- Task: {834B7CC5-D448-4253-9F8E-1CDD8B54A604} - System32\Tasks\{7E66ED6D-B90F-44A7-AF6F-8B57CD2F8AEA} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\Inquisit_50110.exe -d D:\AAADown7
- Task: {88D38555-B718-4C0F-8B70-7F2187812D22} - System32\Tasks\{3A192F7D-1407-4E62-AE65-5162B5A910C4} => D:\AAADown7\IQWebPlayerSetup.exe
- Task: {8C9C1AC5-C70E-4E76-B3DC-CE01AECEF822} - System32\Tasks\{0D6FEA8A-3421-4B6A-ACD7-DFFBF62E0584} => C:\Windows\system32\pcalua.exe -a "D:\AAADown7\sp56479-orog-graph-driver for HP.exe" -d D:\AAADown7
- Task: {928029B2-06F6-4628-92AD-385BA74198AC} - System32\Tasks\{0B0C88E2-5D3F-46CD-A6CE-9F2F81FF491A} => "c:\program files\mozilla firefox 52.1.0 esr\firefox.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1603
- Task: {96413DB8-6AC6-498C-8F26-FF54F806264B} - System32\Tasks\clean printer => RUNDLL32 PRINTUI.DLL,PrintUIEntry /n"<Brother MFC-J485DW Printer>" /k
- Task: {9B78857F-A8F0-4B3D-AE59-C1C30CE8DBBA} - System32\Tasks\{36C3B0E8-87EE-490E-8ECF-4D55E15FFE16} => D:\MyDDoc\Cracks+ keys\solsuite_patch.exe
- Task: {9BD28EBE-EE11-499F-8378-0F4A23E95782} - System32\Tasks\{307511CB-CA72-4383-81BF-C73E14A376E4} => D:\MyDDoc\ZZZ Down\4--MULTIMEDIA\IQWebPlayerSetup5 this one works.exe
- Task: {9D6A9B5C-CD1F-4FAE-8B95-81BB9C5F0107} - System32\Tasks\{D40D849B-29F8-49D7-AF66-87B90757FFA1} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\microangelo.exe -d D:\AAADown7
- Task: {A10C99AD-ED9A-4810-B319-9B2B653D9AB5} - System32\Tasks\{8AA359D4-1D8D-402B-989E-06B354D24069} => C:\Windows\system32\pcalua.exe -a K:\start.exe -d K:\
- Task: {A714E5C1-C0FA-4741-AF6C-5404DD46EA66} - System32\Tasks\{211DE126-A119-4086-B969-FDB809EF7FED} => C:\Windows\system32\pcalua.exe -a D:\AAADown7\miniscsetup.exe -d D:\AAADown7
- Task: {B77FF34B-1C7A-42ED-831D-C96D8B7221CE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-02-10] (Adobe Inc. -> Adobe)
- Task: {BBDAB9CA-6FED-464A-9A0E-A9C854534242} - System32\Tasks\{925A291F-A3CF-4E99-A992-F7C680A2C04A} => msiexec.exe /package "C:\Users\Prize-02\Desktop\AMTScenesSetup.msi"
- Task: {BF1DAD98-364C-4C2D-9574-3739DF7C9B95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
- Task: {C3BCBE18-8FC5-465B-A169-DF63961C99E2} - System32\Tasks\{C84A4A27-4711-41F8-96F6-144F9A1EF4D2} => D:\AAADown\Karen--Print Direc-setup.exe
- Task: {C60CAE9D-C383-4770-8340-0CDA29C0BA86} - System32\Tasks\Opera scheduled Autoupdate 1491006997 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
- Task: {C70E53FB-6743-4B7F-B28A-85D0907FF010} - System32\Tasks\{9D598B4E-0B6B-4163-9C93-D7237B70D509} => C:\Windows\system32\pcalua.exe -a "D:\MyDDoc\ZZZ Downloaded Prog\XP ONLY\Living SnowGlobes.exe" -d "D:\MyDDoc\ZZZ Downloaded Prog\XP ONLY"
- Task: {D469036E-6084-4F2C-B9EF-0CA71A5BB17D} - System32\Tasks\{C2D6DBB9-266F-49EC-A60D-F30852B83667} => C:\Windows\system32\pcalua.exe -a "D:\MyDDoc\ZZZ Down\1--WIN7 64x\FoxArc 12en.exe" -d "D:\MyDDoc\ZZZ Down\1--WIN7 64x"
- Task: {D55CE86B-0F4A-4ABF-A922-4232A6A1A2B9} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
- Task: {D63B677D-0EE1-45F4-A9A9-BBB172263A8C} - System32\Tasks\{06803532-70E1-4367-BE9D-2ABA90E1CC50} => D:\MyDDoc\ZZZ Down\4--MULTIMEDIA\IQWebPlayerSetup5 this one works.exe
- Task: {D7B3B105-962F-40FD-9864-ED663D9077FC} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
- Task: {D7E6612C-FD4C-4D7D-9127-3467FDE79D5C} - System32\Tasks\AdwCleaner_onReboot => D:\AAADown7\adwcleaner_8.0.3.exe
- Task: {D972384E-287A-497D-B202-B96CB78221A5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
- Task: {DFADFFE4-21A6-4B34-94E0-6CDFDE6931F7} - System32\Tasks\{4BE7A0D7-A746-4C45-A97F-8B8466BE4EEE} => D:\AAADown\Installer_DeskPins.exe
- Task: {EA42509A-AAB4-4820-BAAB-9748F10341A0} - System32\Tasks\Opera scheduled assistant Autoupdate 1553624233 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
- Task: {ED65A9AB-8F56-4D14-8EF9-115584A7E573} - \TechUtilities -> No File <==== ATTENTION
- (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
- Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
- Tcpip\..\Interfaces\{4867FF03-E0E3-4847-B644-1DB822791D54}: [DhcpNameServer] 192.168.1.1
- Tcpip\..\Interfaces\{C3DC848E-79AF-434E-B586-52929BE7558E}: [DhcpNameServer] 192.168.1.1
- Internet Explorer:
- ==================
- HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
- HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- HKU\S-1-5-21-3514852469-3404283315-88258209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- DownloadDir: D:\AAADown7
- SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKU\S-1-5-21-3514852469-3404283315-88258209-1000 -> DefaultScope {234EA665-FC9F-4E0F-A8A9-3F8D41F55DA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
- SearchScopes: HKU\S-1-5-21-3514852469-3404283315-88258209-1000 -> {234EA665-FC9F-4E0F-A8A9-3F8D41F55DA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
- BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
- BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
- BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
- BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
- Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
- Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
- Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
- StartMenuInternet: IEXPLORE.EXE - iexplore.exe
- FireFox:
- ========
- FF DefaultProfile: stpbhzf0.New
- FF DefaultProfile: 31g04a7w.OLD PROFILECOPY10-25-2-018
- FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default [2019-10-29]
- FF Extension: (Avast SafePrice) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default\Extensions\sp@avast.com.xpi [2018-12-12] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
- FF Extension: (Avast Online Security) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\uow7r4rk.default\Extensions\wrc@avast.com.xpi [2018-12-12]
- FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New [2020-03-19]
- FF DownloadDir: D:\AAADown7
- FF Homepage: Waterfox\Profiles\stpbhzf0.New -> hxxps://www.aldaily.com
- FF NewTab: Waterfox\Profiles\stpbhzf0.New -> about:newtab
- FF NetworkProxy: Waterfox\Profiles\stpbhzf0.New -> autoconfig_url", "abine://auto-conf.js"
- FF Notifications: Waterfox\Profiles\stpbhzf0.New -> hxxp://turkernation.com; hxxps://protonmail.com
- FF NewTabOverride: Waterfox\Profiles\stpbhzf0.New -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
- FF NewTabOverride: Waterfox\Profiles\stpbhzf0.New -> Enabled: uBlock0@raymondhill.net
- FF Extension: (Paywall Pass) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\@paywall-pass.xpi [2019-07-02] [Legacy]
- FF Extension: (Privacy Tracking Protection) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\@privacytrackingprotection201611.xpi [2019-02-10] [Legacy]
- FF Extension: (About sessionstore) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\aboutsessionstore@dt.xpi [2019-12-02] [Legacy]
- FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ALone-live@ya.ru.xpi [2017-11-07] [Legacy]
- FF Extension: (Back/Forward History Tweaks) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\backforwardhistorytweaks@vano.xpi [2017-12-30] [Legacy]
- FF Extension: (Bookmark Favicon Changer) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2017-02-18] [Legacy]
- FF Extension: (Classic Add-ons Archive) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ca-archive@Off.JustOff.xpi [2019-03-06] [Legacy] [not signed]
- FF Extension: (Classic Theme Restorer) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-07-18] [Legacy]
- FF Extension: (Clear Flash Cookies) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\clear-flash-cookies@cpeterso.com.xpi [2019-05-26]
- FF Extension: (Classic Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2018-07-06] [Legacy]
- FF Extension: (Custom Buttons³) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\CustomButtons3@sonco.synthasite.com [2019-06-30] [Legacy] [not signed]
- FF Extension: (Expire History By Days) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\expire-history-by-days@bonardo.net.xpi [2019-05-15]
- FF Extension: (Extension List Dumper 2) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\extension_list_dumper_2@iceberg.it.xpi [2018-11-14] [Legacy]
- FF Extension: (FavIconReloader) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\FavIconReloader@mozilla.org [2019-12-25] [Legacy]
- FF Extension: (Print Friendly & PDF) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\ff-addon@printfriendly.com.xpi [2019-11-22] [UpdateUrl:hxxps://cdn.printfriendly.com/browser-extensions/firefox/updates.json]
- FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2020-01-02] [Legacy]
- FF Extension: (Text Formatting Toolbar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\format.bar@codefisher.org.xpi [2016-04-27] [Legacy]
- FF Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\https-everywhere-eff@eff.org.xpi [2020-03-16] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
- FF Extension: (Self-Destructing Cookies) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2019-09-20] [Legacy]
- FF Extension: (Behind The Overlay) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid1-Y3WfE7td45aWDw@jetpack.xpi [2018-02-11]
- FF Extension: (SSL Version Control) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27] [Legacy]
- FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\lwtheme [2019-06-26] [not signed]
- FF Extension: (Show Parent Folder) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\showParentFolder@alice.xpi [2016-09-13] [Legacy]
- FF Extension: (Status-4-Evar) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\status4evar@caligonstudios.com.xpi [2017-08-24] [Legacy]
- FF Extension: (Status Bar: Dynamic & Compact) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\statusbar@publicvlasov.xpi [2020-02-29] [Legacy] [not signed]
- FF Extension: (tb-clear-cache.tooltip) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\tb-clear-cache-single@codefisher.org.xpi [2019-12-25]
- FF Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\uBlock0@raymondhill.net.xpi [2020-03-10]
- FF Extension: (UserZoom Surveys) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\userzoom_survey_tool@jetpack.xpi [2020-03-07] [UpdateUrl:hxxps://extension-dev.userzoom.com/updates_ff.json]
- FF Extension: (Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2019-12-29] [Legacy] [not signed]
- FF Extension: (ColorfulTabs) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2019-10-04] [Legacy]
- FF Extension: (Malwarebytes Browser Guard) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2019-12-08]
- FF Extension: (MicroFox) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}.xpi [2017-08-16] [Legacy]
- FF Extension: (Password Toggler - view typed passwords) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{49872271-297b-4a1d-ac08-858590bffdf3}.xpi [2017-11-01]
- FF Extension: (SingleFile) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{531906d3-e22f-4a6c-a102-8057b88a1a63}.xpi [2020-03-18]
- FF Extension: (New Tab Homepage) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-24] [Legacy]
- FF Extension: (Custom UserAgent String) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{861a3982-bb3b-49c6-bc17-4f50de104da1}.xpi [2019-07-27]
- FF Extension: (SavvyConnect Express) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{cf3b90e8-a269-405e-a838-8ceae1a115a6}.xpi [2019-06-30]
- FF Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\Extensions\{ecb80162-dfbd-4d91-a8da-17b35ba4707a}.xpi [2019-11-28]
- FF Extension: (Text Formatting Toolbar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\format.bar@codefisher.org.xpi [2016-04-27] [Legacy]
- FF Extension: (Show Parent Folder) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\showParentFolder@alice.xpi [2016-09-13] [Legacy]
- FF Extension: (Bookmark Favicon Changer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\bookmarkfaviconchanger@sonthakit.xpi [2017-02-18] [Legacy]
- FF Extension: (Status-4-Evar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\status4evar@caligonstudios.com.xpi [2017-08-24] [Legacy]
- FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}.xpi [not found]
- FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\ALone-live@ya.ru.xpi [2017-11-07] [Legacy]
- FF Extension: (Classic Theme Restorer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-07-18] [Legacy]
- FF Extension: (Custom Buttons³) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\custombuttons3@srazzano.com [2018-10-25] [Legacy] [not signed]
- FF Extension: (Extension List Dumper 2) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\extension_list_dumper_2@iceberg.it.xpi [2018-11-14] [Legacy]
- FF Extension: (ColorfulTabs) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2019-04-15] [Legacy]
- FF Extension: (FavIconReloader) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\extensions\FavIconReloader@mozilla.org [2019-11-28] [Legacy]
- FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\duckduckgo-1.xml [2013-03-17]
- FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\duckduckgo.xml [2013-03-17]
- FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Waterfox\Profiles\stpbhzf0.New\searchplugins\ixquick-https.xml [2014-12-12]
- FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default [2019-12-04]
- FF Extension: (Avast SafePrice) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default\Extensions\sp@avast.com.xpi [2018-12-12] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
- FF Extension: (Avast Online Security) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\8f8j49mg.default\Extensions\wrc@avast.com.xpi [2018-12-12]
- FF ProfilePath: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 [2020-03-15]
- FF Homepage: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> hxxps://www.aldaily.com
- FF NewTab: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> about:newtab
- FF NetworkProxy: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> autoconfig_url", "abine://auto-conf.js"
- FF Notifications: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> hxxp://turkernation.com; hxxps://protonmail.com
- FF NewTabOverride: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
- FF NewTabOverride: Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018 -> Enabled: uBlock0@raymondhill.net
- FF Extension: (Paywall Pass) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\@paywall-pass.xpi [2019-07-02] [Legacy]
- FF Extension: (Privacy Tracking Protection) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\@privacytrackingprotection201611.xpi [2019-02-10] [Legacy]
- FF Extension: (About sessionstore) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\aboutsessionstore@dt.xpi [2019-12-02] [Legacy]
- FF Extension: (Back/Forward History Tweaks) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\backforwardhistorytweaks@vano.xpi [2017-12-30] [Legacy]
- FF Extension: (Classic Add-ons Archive) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\ca-archive@Off.JustOff.xpi [2019-03-06] [Legacy] [not signed]
- FF Extension: (Clear Flash Cookies) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\clear-flash-cookies@cpeterso.com.xpi [2019-05-26]
- FF Extension: (Classic Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2018-07-06] [Legacy]
- FF Extension: (Expire History By Days) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\expire-history-by-days@bonardo.net.xpi [2019-05-14]
- FF Extension: (Favicon Restorer) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\faviconrestorer@masserog.it [2020-01-02] [Legacy]
- FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2020-01-02] [Legacy]
- FF Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\https-everywhere-eff@eff.org.xpi [2019-11-11] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
- FF Extension: (Self-Destructing Cookies) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2019-09-20] [Legacy]
- FF Extension: (YouTube ALL HTML5) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
- FF Extension: (Behind The Overlay) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-Y3WfE7td45aWDw@jetpack.xpi [2018-02-11]
- FF Extension: (SSL Version Control) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27] [Legacy]
- FF Extension: (No Name) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\lwtheme [2018-10-25] [not signed]
- FF Extension: (Open With) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\openwith@darktrojan.net.xpi [2019-12-25] [Legacy]
- FF Extension: (Clear the browsers cache Button) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\tb-clear-cache-single@codefisher.org.xpi [2017-10-24]
- FF Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\uBlock0@raymondhill.net.xpi [2018-12-02]
- FF Extension: (userzoom) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\userzoom_survey_tool@jetpack.xpi [2020-01-09] [Legacy]
- FF Extension: (Toolbar Buttons) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-27] [Legacy]
- FF Extension: (MicroFox) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}.xpi [2017-08-16] [Legacy]
- FF Extension: (Password Toggler - view typed passwords) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{49872271-297b-4a1d-ac08-858590bffdf3}.xpi [2017-11-01]
- FF Extension: (SingleFile) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{531906d3-e22f-4a6c-a102-8057b88a1a63}.xpi [2020-03-11]
- FF Extension: (New Tab Homepage) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-24] [Legacy]
- FF Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\Extensions\{ecb80162-dfbd-4d91-a8da-17b35ba4707a}.xpi [2019-11-28]
- FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\duckduckgo-1.xml [2013-03-17]
- FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\duckduckgo.xml [2013-03-17]
- FF SearchPlugin: C:\Users\Prize-02\AppData\Roaming\Mozilla\Firefox\Profiles\31g04a7w.OLD PROFILECOPY10-25-2-018\searchplugins\ixquick-https.xml [2014-12-12]
- FF HKU\S-1-5-21-3514852469-3404283315-88258209-1000\...\Thunderbird\Extensions: [{2fde55eb-0b64-49fc-8e12-690b07010401}] - C:\Users\Prize-02\AppData\Roaming\Lamantine\Sticky Password\spAutofillTb
- FF Extension: (Sticky Password extension) - C:\Users\Prize-02\AppData\Roaming\Lamantine\Sticky Password\spAutofillTb [2019-10-19] [Legacy] [not signed]
- FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-03-07] (Adobe Inc. -> )
- FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
- FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
- FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
- FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
- FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-03-07] (Adobe Inc. -> )
- FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
- FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
- FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation -> Foxit Corporation)
- FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel® Identity Protection Technology Software -> Intel Corporation)
- FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel® Identity Protection Technology Software -> Intel Corporation)
- FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
- FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
- FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
- FF Plugin HKU\S-1-5-21-3514852469-3404283315-88258209-1000: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll [2019-10-09] (Lamantine Software a.s. -> Lamantine Software a.s.)
- FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2020-02-19] <==== ATTENTION (Points to *.cfg file)
- FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2020-02-19] <==== ATTENTION
- Chrome:
- =======
- CHR Profile: C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default [2020-03-19]
- CHR DownloadDir: D:\AAADown7
- CHR Notifications: Default -> hxxps://paidviewpoint.com; hxxps://turkerview.com; hxxps://worker.mturk.com; hxxps://www.youtube.com; hxxps://www.zdnet.com
- CHR HomePage: Default -> hxxps://worker.mturk.com/projects?filters%5Bmasters%5D=false&filters%5Bmin_reward%5D=.75&filters%5Bqualified%5D=true&filters%5Bsearch_term%5D=&page_size=100&sort=updated_desc
- CHR StartupUrls: Default -> "hxxps://www.amazon.com/ap/signin?_encoding=UTF8&clientContext=4620ca23425d9b78a5bdd54a34f1e6&marketplaceId=A384XSLT9ODACQ&openid.assoc_handle=amzn_mturk_worker_faster_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=43200&openid.return_to=https%3A%2F%2Fworker.mturk.com%2F%3Fend_signin%3D1","chrome-extension://iglbakfobmoijpbigmlfklckogbefnlf/hit_catcher/hit_catcher.html","chrome-extension://iglbakfobmoijpbigmlfklckogbefnlf/hit-finder/hit-finder.html"
- CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
- CHR DefaultSearchKeyword: Default -> duckduckgo.com
- CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
- CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
- CHR Extension: (Vivacious Purple) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\abclcohgmmeilcdckaebkmlbapabjppk [2018-06-19]
- CHR Extension: (Google Drive) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
- CHR Extension: (YouTube) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-19]
- CHR Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2019-10-08]
- CHR Extension: (uBlock Origin) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-02-07]
- CHR Extension: (Tampermonkey) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-02]
- CHR Extension: (GoFree Remove Ads) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeplmiccjbddfmopdmbnfheakekooafd [2019-12-28]
- CHR Extension: (EditThisCookie) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-01-10]
- CHR Extension: (MTurk Suite) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglbakfobmoijpbigmlfklckogbefnlf [2020-02-21]
- CHR Extension: (UserZoom Surveys v2) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgccgnbbhnlhgkhkdpmciognioebcoa [2020-03-15]
- CHR Extension: (Custom UserAgent String) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejiafennghcpgmbpiodgofeklkpahoe [2019-09-24]
- CHR Extension: (UserLook Recorder) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\neimnkpjllmhbfkghkmmajadlicnpjej [2019-01-08]
- CHR Extension: (Chrome Web Store Payments) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
- CHR Extension: (Auto Refresh Plus) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfjpkccecpdfkpmfocndhepolhljfhg [2020-02-29]
- CHR Extension: (UserTesting Browser Recorder) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlhphabpmijgblopkcjmphbbmeliagn [2020-03-03]
- CHR Extension: (Gmail) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-28]
- CHR Extension: (Chrome Media Router) - C:\Users\Prize-02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-15]
- Opera:
- =======
- OPR DownloadDir: D:\AAADown7
- OPR StartupUrls:
- OPR Extension: (YouTube™ All HTML5 Player) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\bhnpdodajbcppoliofibniblhfbjdebn [2017-05-26]
- OPR Extension: (Sticky Password manager & safe) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2020-01-01]
- OPR Extension: (HTTPS Everywhere) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2019-05-25]
- OPR Extension: (Classic Notes) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\glljnehjkdeockbnkfbjclngdhnmnebd [2017-04-01]
- OPR Extension: (Quick History) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmnhfgcahjdhfocnolfkmfadlieleijj [2017-04-01]
- OPR Extension: (Privacy Badger) - C:\Users\Prize-02\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2020-01-21]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\addons_portal_app [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\adblocker [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\welcome_page_app [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\web_feed_handler [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\video_handler [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\docs_minimal_app [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\bookmark_manager [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\pdf [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\background_worker [0]
- OPR Extension: (Privacy Badger) - C:\Program Files\43.0.2442.806\resources\portal_app [0]
- ==================== Services (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
- R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [441664 2019-11-28] (Digital Wave Ltd -> Digital Wave Ltd)
- R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [37224 2020-03-03] (IDSA Production signing key -> Intel)
- S3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [143720 2020-03-03] (IDSA Production signing key -> Intel)
- S4 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software -> Duality Software)
- R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [5840360 2019-10-02] (GlassWire -> SecureMix LLC)
- S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation -> Intel Corporation)
- S3 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6408384 2019-08-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
- S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-09] (Malwarebytes Inc -> Malwarebytes)
- R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
- R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
- S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
- S2 HLfms; C:\Program Files\High-Logic FontService\fontservice.exe [X]
- ===================== Drivers (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation -> Broadcom Corporation)
- S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (Bitdefender SRL -> BitDefender)
- S2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [757240 2020-03-04] (Bitdefender SRL -> Bitdefender)
- S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [54800 2018-11-24] (Software Security Systems ChTUP -> CrystalIdea Software)
- S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [309120 2020-02-20] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
- S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [25480 2019-03-12] (CHENGDU YIWO Tech Development Co., Ltd. -> )
- R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [21384 2019-04-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
- S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [14728 2018-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> )
- R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-05-25] (Glarysoft LTD -> Glarysoft Ltd)
- R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (GlassWire -> SecureMix LLC)
- S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-01-27] (Intel Corporation) [File not signed]
- R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
- R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
- S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
- S3 psvolacc; C:\Windows\system32\drivers\psvolacc.sys [34520 2018-12-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
- R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
- S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
- U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
- S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [22096 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
- S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
- U3 aswbdisk; no ImagePath
- S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
- S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
- S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
- S3 VGPU; System32\drivers\rdvgkmd.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One month (created) ===================
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2020-03-19 17:09 - 2020-03-19 17:11 - 000000000 ____D C:\FRST
- 2020-03-17 03:48 - 2020-03-17 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Restore
- 2020-03-16 00:39 - 2020-03-16 00:39 - 000001722 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\EMAIL-SIGS.lnk
- 2020-03-16 00:21 - 2020-03-16 00:21 - 000000834 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\=============.lnk
- 2020-03-15 23:49 - 2020-03-15 23:49 - 000003118 _____ C:\Windows\system32\Tasks\{0D6FEA8A-3421-4B6A-ACD7-DFFBF62E0584}
- 2020-03-15 23:48 - 2020-03-15 23:48 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\WinBatch
- 2020-03-15 23:08 - 2020-03-15 23:08 - 000001885 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
- 2020-03-15 23:08 - 2020-03-15 23:08 - 000000000 ____D C:\Program Files\Microsoft Security Client
- 2020-03-15 23:08 - 2020-03-15 23:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
- 2020-03-15 19:41 - 2020-03-15 19:41 - 000000000 ____D C:\Program Files (x86)\Userfeel
- 2020-03-15 15:23 - 2020-03-15 15:23 - 000066556 _____ C:\ProgramData\agent.uninstall.1584300193.bdinstall.v2.bin
- 2020-03-15 13:50 - 2020-03-15 13:50 - 000001722 _____ C:\Users\Prize-02\Desktop\EMAIL-SIGS.lnk
- 2020-03-15 13:50 - 2020-03-15 13:50 - 000001022 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Revo Uninstaller.lnk
- 2020-03-15 12:21 - 2020-03-15 12:21 - 000001022 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller.lnk
- 2020-03-15 12:21 - 2020-03-15 12:21 - 000000000 ____D C:\Program Files\VS Revo Group
- 2020-03-14 22:57 - 2020-03-14 22:57 - 000003030 _____ C:\Windows\system32\Tasks\{7B4D4634-DD59-46C1-BE97-FF902FDE90A9}
- 2020-03-14 21:21 - 2020-03-14 21:21 - 000102904 _____ C:\ProgramData\agent.1584235305.bdinstall.v2.bin
- 2020-03-14 20:55 - 2020-03-14 20:56 - 000105817 _____ C:\ProgramData\uninstalltool.1584233759.4012.bin
- 2020-03-14 20:55 - 2020-03-14 20:56 - 000002486 _____ C:\ProgramData\uninstalltool.1584233759.3724.bin
- 2020-03-14 16:44 - 2020-03-14 17:25 - 000000000 ____D C:\ProgramData\BDLogging
- 2020-03-11 14:16 - 2020-03-11 14:16 - 000000000 ____D C:\Intel
- 2020-03-09 22:31 - 2020-03-09 22:31 - 000000973 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\High-Logic MainType.lnk
- 2020-03-04 20:04 - 2020-03-19 15:01 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Userfeel
- 2020-03-04 20:04 - 2020-03-04 20:04 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Userfeel.lnk
- 2020-03-03 16:26 - 2020-03-15 15:42 - 000000000 ____D C:\Program Files (x86)\GlassWire
- 2020-03-03 16:26 - 2020-03-03 16:26 - 000001889 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire.lnk
- 2020-03-03 16:26 - 2015-05-29 00:30 - 000008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
- 2020-03-03 16:26 - 2015-05-29 00:15 - 000033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
- 2020-03-03 14:29 - 2020-03-03 14:30 - 000000963 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\adwcleaner_8.0.3.exe - Shortcut.lnk
- 2020-03-03 14:28 - 2020-03-03 14:28 - 000003074 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
- 2020-03-03 13:03 - 2020-03-03 13:03 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Neos Eureka S.r.l
- 2020-03-01 21:09 - 2020-03-01 21:09 - 000000362 _____ C:\Users\Prize-02\Desktop\FROG (R).lnk
- 2020-02-28 16:54 - 2020-02-28 16:54 - 000001210 _____ C:\Users\Public\HP--Desktop.lnk
- 2020-02-28 16:53 - 2020-02-28 16:53 - 000001743 _____ C:\Users\Public\HP--MyDDoc.lnk
- 2020-02-28 16:53 - 2020-02-28 16:53 - 000001186 _____ C:\Users\Public\HP-Roaming-Appdata.lnk
- 2020-02-26 00:38 - 2020-03-15 15:42 - 000000000 ____D C:\Program Files (x86)\DS Clock
- 2020-02-26 00:38 - 2020-02-26 00:38 - 000000988 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DS Clock.lnk
- 2020-02-26 00:38 - 2020-02-26 00:38 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Duality Software
- 2020-02-24 15:27 - 2020-02-24 15:30 - 000000135 _____ C:\Users\Prize-02\Desktop\new red.txt
- 2020-02-22 04:55 - 2020-03-16 13:51 - 000001551 _____ C:\Users\Prize-02\Desktop\CANON.lnk
- 2020-02-21 17:20 - 2020-02-21 17:20 - 000000021 _____ C:\unhide files.bat(1).txt
- 2020-02-21 02:06 - 2020-02-21 02:06 - 000002153 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\CHROME.lnk
- 2020-02-20 18:22 - 2020-02-20 18:28 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
- 2020-02-20 18:22 - 2020-02-20 18:28 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
- 2020-02-20 18:17 - 2020-03-15 15:00 - 000000000 ____D C:\Program Files\Uninstall Tool
- 2020-02-20 18:17 - 2020-03-15 12:20 - 000003534 _____ C:\Windows\system32\Tasks\UninstallTool_SkipUAC_Prize-02
- 2020-02-20 18:17 - 2020-02-20 18:17 - 000000867 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unіnstall Tool.lnk
- 2020-02-20 18:17 - 2020-02-20 18:17 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\CrystalIdea Software
- 2020-02-20 18:17 - 2018-11-24 14:11 - 000054800 _____ (CrystalIdea Software) C:\Windows\system32\Drivers\CisUtMonitor.sys
- 2020-02-20 17:14 - 2020-02-20 18:22 - 000000000 ____D C:\Program Files (x86)\Google
- ==================== One month (modified) ==================
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2020-03-19 17:12 - 2019-08-14 11:26 - 000000000 ____D C:\TEMP
- 2020-03-19 17:07 - 2019-07-15 02:38 - 000000000 ____D C:\Users\Prize-02\AppData\LocalLow\Mozilla
- 2020-03-17 18:42 - 2017-02-24 02:27 - 000008165 _____ C:\Windows\BRRBCOM.INI
- 2020-03-17 04:24 - 2018-10-25 19:15 - 000000000 ___RD C:\Program Files\Mozilla Firefox
- 2020-03-17 04:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
- 2020-03-17 04:15 - 2019-05-25 02:04 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
- 2020-03-17 04:14 - 2017-05-02 18:50 - 000000014 _____ C:\Windows\popcinfo.dat
- 2020-03-17 03:48 - 2017-02-20 23:44 - 000000000 ____D C:\Program Files\Desktop Restore
- 2020-03-16 20:14 - 2009-07-14 00:45 - 000024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2020-03-16 20:14 - 2009-07-14 00:45 - 000024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2020-03-16 16:13 - 2019-10-08 12:38 - 000000000 ____D C:\ProgramData\TEMP
- 2020-03-16 12:52 - 2017-02-19 20:06 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\VLC
- 2020-03-16 03:05 - 2016-10-19 09:11 - 000774504 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
- 2020-03-16 03:05 - 2009-07-14 01:13 - 000774504 _____ C:\Windows\system32\PerfStringBackup.INI
- 2020-03-15 23:55 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
- 2020-03-15 23:54 - 2017-03-05 04:09 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
- 2020-03-15 23:30 - 2017-02-13 23:08 - 000000000 ____D C:\ProgramData\Package Cache
- 2020-03-15 23:30 - 2016-10-18 17:50 - 000000000 ____D C:\Program Files\Intel
- 2020-03-15 23:30 - 2016-10-18 17:22 - 000000000 ____D C:\Program Files (x86)\Intel
- 2020-03-15 23:27 - 2016-10-18 17:23 - 000000000 ____D C:\ProgramData\Intel
- 2020-03-15 23:08 - 2017-11-14 22:16 - 000001945 _____ C:\Windows\epplauncher.mif
- 2020-03-15 15:42 - 2020-01-31 21:44 - 000000000 ____D C:\Program Files\WEbcamImageSave
- 2020-03-15 15:42 - 2020-01-04 22:13 - 000000000 ____D C:\Program Files\qBittorrent
- 2020-03-15 15:42 - 2020-01-02 17:52 - 000000000 ____D C:\Program Files\TreeComp
- 2020-03-15 15:42 - 2019-12-02 04:32 - 000000000 ____D C:\Program Files (x86)\Youtube Downloader HD
- 2020-03-15 15:42 - 2019-11-04 04:37 - 000000000 ____D C:\Program Files (x86)\EndItAll
- 2020-03-15 15:42 - 2019-10-06 15:18 - 000000000 ____D C:\Program Files\WizTree
- 2020-03-15 15:42 - 2019-09-07 12:18 - 000000000 ____D C:\Program Files\RegScanner for 64
- 2020-03-15 15:42 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==INTERNET==
- 2020-03-15 15:42 - 2019-08-31 02:28 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==SECURITY==
- 2020-03-15 15:42 - 2019-07-14 16:53 - 000000000 ____D C:\Program Files (x86)\Postimage
- 2020-03-15 15:42 - 2019-06-26 00:39 - 000000000 ___RD C:\Program Files\Waterfox
- 2020-03-15 15:42 - 2019-06-14 14:24 - 000000000 ____D C:\Program Files\ADWCleaner--no-install
- 2020-03-15 15:42 - 2019-03-10 15:38 - 000000000 ____D C:\Program Files\Registry Workshop
- 2020-03-15 15:42 - 2018-08-04 21:21 - 000000000 ____D C:\Program Files (x86)\Sticky Password
- 2020-03-15 15:42 - 2018-01-13 21:00 - 000000000 ____D C:\Program Files (x86)\BurnAware Free
- 2020-03-15 15:42 - 2017-10-15 01:12 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\IrfanView
- 2020-03-15 15:42 - 2017-10-15 01:12 - 000000000 ____D C:\Program Files\IrfanView
- 2020-03-15 15:42 - 2017-04-15 17:39 - 000000000 ___RD C:\Program Files (x86)\Mozilla Thunderbird
- 2020-03-15 15:42 - 2017-02-14 07:27 - 000000000 ____D C:\Program Files\Unlocker
- 2020-03-15 15:42 - 2017-02-13 21:06 - 000000000 ____D C:\Program Files\7-Zipx64
- 2020-03-15 15:42 - 2017-02-12 02:42 - 000000000 ____D C:\Program Files\Recuva
- 2020-03-15 15:42 - 2017-02-09 23:40 - 000000000 ____D C:\Program Files (x86)\FreeAlarmClock
- 2020-03-15 15:42 - 2016-10-18 12:33 - 000000000 ___RD C:\Users\Prize-02
- 2020-03-15 15:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
- 2020-03-15 15:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
- 2020-03-15 15:00 - 2018-06-25 20:23 - 000000000 ____D C:\ProgramData\CanonIJEGV
- 2020-03-15 15:00 - 2017-02-27 23:22 - 000000000 ___RD C:\++000ICONS-Used-in-Filing-System
- 2020-03-15 15:00 - 2017-02-19 10:41 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Foxit Software
- 2020-03-15 15:00 - 2017-02-12 02:51 - 000000000 ____D C:\ProgramData\Youtube to MP3 Converter
- 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==UTIL==
- 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==MULTIMEDIA==
- 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\-----------------------------
- 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\============
- 2020-03-15 14:59 - 2019-08-31 02:28 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\==GRAPHICS, PUBL==
- 2020-03-15 14:59 - 2019-06-26 00:39 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Waterfox
- 2020-03-15 14:59 - 2017-02-10 20:24 - 000000000 ____D C:\Users\Prize-02\AppData\Roaming\Thornsoft Development
- 2020-03-15 14:59 - 2017-02-09 23:36 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Thunderbird
- 2020-03-15 14:59 - 2017-02-09 16:46 - 000000000 ___RD C:\Users\Prize-02\Desktop\Desktop files
- 2020-03-15 14:59 - 2016-10-18 17:38 - 000000000 ___RD C:\Users\Prize-02\AppData\Roaming\Mozilla
- 2020-03-15 01:54 - 2017-06-04 16:23 - 000000000 ____D C:\Windows\system32\Macromed
- 2020-03-15 01:54 - 2017-02-12 23:29 - 000000000 ____D C:\Windows\SysWOW64\Macromed
- 2020-03-15 01:53 - 2016-10-18 17:48 - 000000000 ____D C:\swsetup
- 2020-03-14 21:21 - 2017-05-28 16:10 - 000017712 _____ C:\GDIPFONTCACHEV1.DAT
- 2020-03-09 22:26 - 2009-07-13 22:34 - 000000834 _____ C:\Windows\win.ini
- 2020-03-07 23:25 - 2018-10-26 15:09 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
- 2020-03-07 23:25 - 2018-10-26 15:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
- 2020-03-07 23:25 - 2018-10-26 15:09 - 000004456 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
- 2020-03-04 15:42 - 2020-02-10 20:07 - 000757240 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
- 2020-03-03 14:30 - 2020-01-20 03:30 - 000001319 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\magnifier.lnk
- 2020-03-03 14:30 - 2019-10-31 17:54 - 000001170 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\enditall.lnk
- 2020-03-03 13:20 - 2019-12-02 20:06 - 000000257 _____ C:\Users\Prize-02\AppData\Roaming\Microsoft\Windows\Start Menu\PW - Copy.txt
- 2020-03-01 19:28 - 2017-02-10 20:20 - 000000000 ___RD C:\Program Files\ClipMate7
- 2020-03-01 17:15 - 2019-05-22 23:09 - 000000000 ___RD C:\Program Files\Folder Painter
- 2020-02-28 05:55 - 2020-02-10 20:07 - 000453552 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\gemma.sys
- 2020-02-24 01:59 - 2019-08-30 14:06 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
- 2020-02-20 18:31 - 2017-09-03 17:02 - 000000000 ____D C:\Program Files (x86)\Win Driver Backup
- 2020-02-20 15:35 - 2020-02-10 20:07 - 001972328 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
- 2020-02-20 15:35 - 2020-02-10 20:07 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
- 2020-02-19 00:37 - 2019-05-30 16:34 - 000181040 _____ C:\Windows\system32\FNTCACHE.DAT
- 2020-02-19 00:37 - 2017-12-30 04:42 - 000000000 ____D C:\ProgramData\AVAST Software
- ==================== Files in the root of some directories ========
- 2017-02-09 11:17 - 2017-03-09 15:56 - 017185304 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
- 2018-12-24 21:37 - 2018-12-24 21:40 - 000009111 _____ () C:\Users\Prize-02\AppData\Roaming\downloads.json
- 2018-11-27 15:09 - 2018-11-27 15:09 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT2AD6.tmp
- 2018-10-18 23:55 - 2018-10-18 23:55 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT6141.tmp
- 2020-02-19 02:33 - 2020-02-19 02:33 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT7B49.tmp
- 2020-02-19 02:33 - 2020-02-19 02:33 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT7B78.tmp
- 2018-10-29 15:19 - 2018-10-29 15:19 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BIT8AE0.tmp
- 2018-07-29 08:15 - 2018-07-29 08:15 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITA784.tmp
- 2017-09-24 15:34 - 2017-09-24 15:34 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITB4B0.tmp
- 2017-09-24 15:34 - 2017-09-24 15:34 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITB4DF.tmp
- 2018-10-25 19:24 - 2018-10-25 19:24 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITC62B.tmp
- 2018-10-25 19:24 - 2018-10-25 19:24 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITC83E.tmp
- 2020-03-14 21:58 - 2020-03-14 21:58 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITCE94.tmp
- 2020-03-14 21:58 - 2020-03-14 21:58 - 000000000 _____ () C:\Users\Prize-02\AppData\Local\BITCFCD.tmp
- 2017-04-20 23:09 - 2019-10-17 14:46 - 000006144 _____ () C:\Users\Prize-02\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
- 2019-09-14 12:18 - 2019-09-14 12:18 - 000000017 _____ () C:\Users\Prize-02\AppData\Local\resmon.resmoncfg
- ==================== SigCheck ============================
- (There is no automatic fix for files that do not pass verification.)
- LastRegBack: 2020-03-18 01:36
- ==================== End of FRST.txt ========================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement