LandzDown Forum

 
Mos ago, a regular Win update utterly trashed this computer (my win8 box updated just fine). Managed to get it working again by using System Restore.
A bunch of files had been deleted. I'd backed-up quite a bit & was able to put them back, at least the missing files I located. Interestingly, I noticed it took out a lot of .html files but would tend to leave others intact, including .BAK, .css etc.
Had various strange things happen since then. Slow start-ups, at times RAM use skyrockets, etc. Most recently, I noticed my MS Security app had "shut off"- "Microsoft Antimalware Service service terminated unexpectedly"- so, here I am!
(MS AV is working fine now, by the way. I simply rebooted.)
-- I noticed some out-of-date browser folder BUs show from my scans, if they're confusing, I can move them to another folder & redo. Lemme know.
Cheers. Thanks.
  ##
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by happy (administrator) on LAPPY (ASUSTeK Computer Inc. K54C) (02-09-2019 07:40:52)
Running from C:\Users\happy\Desktop\00000
Loaded Profiles: happy (Available Profiles: happy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) [File not signed]
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUSTeK Computer Inc. -> ASUS)
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios -> BillP Studios)
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2013-10-24]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe () [File not signed]
Startup: C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0000-Launch_BROWSERS.cmd [2019-08-15] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AEFE3C1-0C25-4C8F-BD16-976785226767} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {20851120-42F3-4C27-8020-70E8422C9E90} - System32\Tasks\Opera scheduled Autoupdate 1499952880 => C:\Program Files\Opera\launcher.exe [1520152 2019-08-27] (Opera Software AS -> Opera Software)
Task: {31C4EF86-EE62-488B-90E4-4438DDC78369} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4D5FACA0-B385-4511-9192-7C3BEB163646} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {87F619F3-E712-49E9-A5A5-80323CB92151} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1556640 2012-06-20] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {A741CCBC-CE0F-41FC-95B4-ECF9222B1F44} - System32\Tasks\{C95A24F3-5910-45DC-BF71-3DC579D2D404} => C:\windows\system32\pcalua.exe -a "C:\Users\happy\Desktop\DOWNLOADS HERE\irfanview_plugins_437_setup.exe" -d "C:\Users\happy\Desktop\DOWNLOADS HERE"
Task: {CDC6F1D0-992A-4B6A-9F14-FA9873939549} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [473728 2012-02-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F1F666BA-3D7B-4274-8D95-4BB002002540} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F5255F09-864E-4907-B017-417DC2FA7DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7F5F0944-5C21-41EE-8BD6-BB8AB1089EB0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7A67B45-A19A-4987-8C05-DCF3D814347C}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1482688010082
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

FireFox:
========
FF DefaultProfile: 3vb57d2z.default
FF DefaultProfile: pmboff70.default
FF DefaultProfile: v0k5j5hr.default-1510011962003
FF DefaultProfile: n8i1vt93.default-1565580858196
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\n8i1vt93.default-1565580858196 [not found] <==== ATTENTION
FF DefaultProfile: 0h9ztolt.default
FF ProfilePath: C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default [2019-08-15]
FF Extension: (AdBlocker Ultimate) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\adblockultimate@adblockultimate.net.xpi [2019-08-12]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\clean-links@Cimbali.github.com.xpi [2019-08-12]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-08-12]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2019-08-12]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\uBlock0@raymondhill.net.xpi [2019-08-12]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\uMatrix@raymondhill.net.xpi [2019-08-12]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-08-12]
FF Extension: (Privacy Possum) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2019-08-12]
FF Extension: (Referrer Switch) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{033d950a-38b9-4976-b19e-5f9ed7d78daa}.xpi [2019-08-12]
FF Extension: (Download all Images) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2019-08-12]
FF Extension: (Disable JavaScript) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi [2019-08-12]
FF Extension: (Cookie Quick Manager) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2019-08-12]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2019-08-12]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-08-12]
FF Extension: (Markdown Viewer Webext) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2019-08-12]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2019-08-12]
FF Extension: (Random User-Agent) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{b43b974b-1d3a-4232-b226-eaa2ac6ebb69}.xpi [2019-08-12]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2019-08-12]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-12]
FF Extension: (javascript) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2019-08-12]
FF ProfilePath: C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default [2017-10-03]
FF NetworkProxy: WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-19] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (Screengrab (fix version)) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-07-21] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-13] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-07-18] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-07-18] [Legacy]
FF Extension: (Screengrab (fix version)) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-01-01] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-03-30] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003 [2017-11-16]
FF DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
FF Homepage: WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003 -> hxxps://duckduckgo.com/
FF Extension: (Policy Control - JavaScript and Flash blocker) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\jid1-gHwvGmJ8Ii9oOq@jetpack.xpi [2017-11-16]
FF Extension: (Whitelist JavaScript) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\veto@myridia.com.xpi [2017-11-16]
FF Extension: (Javascript Control) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi [2017-11-16]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default [2017-07-18]
FF NetworkProxy: MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-17] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default [2017-07-18]
FF Homepage: MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default -> hxxps://duckduckgo.com/
FF Extension: (CanvasBlocker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2017-07-11] [Legacy]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\clickclean@hotcleaner.com [2017-07-18] [Legacy]
FF Extension: (colorPicker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\colorPicker@colorPicker.xpi [2017-02-20] [Legacy]
FF Extension: (Firebug) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (Valence) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\fxdevtools-adapters@mozilla.org [2017-07-18] [Legacy]
FF Extension: (Image Picker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\ImagePicker@topolog.org [2017-07-18] [Legacy]
FF Extension: (DOM Inspector) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\inspector@mozilla.org [2017-07-18] [Legacy]
FF Extension: (Google search link fix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2017-01-31]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2016-09-21] [Legacy]
FF Extension: (Lightbeam) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-03-22] [Legacy]
FF Extension: (de-t-co) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-fJE7HYlCweigaA@jetpack.xpi [2016-09-14] [Legacy]
FF Extension: (SpeedView) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-MmDjnsjlez2Sdw@jetpack.xpi [2016-12-14] [Legacy]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-07-11]
FF Extension: (JavaScript View) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-u9RbFp9JcoEGGw@jetpack.xpi [2016-12-14] [Legacy]
FF Extension: (Google Redirects Fixer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2015-12-28] [Legacy]
FF Extension: (JavaScript Deobfuscator) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2016-12-06] [Legacy]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2017-07-08] [Legacy]
FF Extension: (Status-4-Evar) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\status4evar@caligonstudios.com.xpi [2016-11-26] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-12-14] [Legacy]
FF Extension: (ThumbsDown) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\thumbsdown@mozdev.org.xpi [2015-12-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-27] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Show external css/js files) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\viewext@lissak.fr.xpi [2016-12-14] [Legacy]
FF Extension: (NoSquint Plus) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\zoomlevelplus@zoomlevelplus.net.xpi [2017-04-24] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\zoompage@DW-dev.xpi [2017-03-03] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (FireShot) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-07-18] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2017-07-18] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-01] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-07-18] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-05-06] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-18] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-01] [Legacy]
FF Extension: (Default Full Zoom Level) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2017-07-18] [Legacy]
FF Extension: (DownThemAll!) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF Extension: (Theme Font & Size Changer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-06-17] [Legacy]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\status4evar@caligonstudios.com.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\viewext@lissak.fr.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\zoompage@DW-dev.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\clickclean@hotcleaner.com [not found]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default [2019-07-30]
FF NetworkProxy: Mozilla\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-19] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release [2019-09-02]
FF Homepage: Mozilla\Firefox\Profiles\u6laa06p.default-release -> hxxps://start.duckduckgo.com/
FF Extension: (Firefox Multi-Account Containers) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\@testpilot-containers.xpi [2019-01-24]
FF Extension: (Firefox DevTools ADB Extension) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\adb@mozilla.org.xpi [2019-07-12] [UpdateUrl:hxxps://ftp.mozilla.org/pub/labs/devtools/adb-extension/win32/update.json]
FF Extension: (AdBlocker Ultimate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2019-08-12]
FF Extension: (CanvasBlocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\CanvasBlocker@kkapsner.de.xpi [2019-07-25]
FF Extension: (Clear Flash Cookies) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\clear-flash-cookies@cpeterso.com.xpi [2017-11-20]
FF Extension: (Cookie Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\cookie-manager@robwu.nl.xpi [2018-10-23]
FF Extension: (Cookie AutoDelete) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\CookieAutoDelete@kennydo.com.xpi [2019-04-29]
FF Extension: (Firebug) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
FF Extension: (Google search link fix) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2019-07-03]
FF Extension: (Firefox Lightbeam) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2018-02-18]
FF Extension: (Policy Control - JavaScript and Flash blocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-gHwvGmJ8Ii9oOq@jetpack.xpi [2018-02-08]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-07-10]
FF Extension: (Double-click Image Downloader) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-xgtdawe3yyUeBQ@jetpack.xpi [2018-05-16]
FF Extension: (google-no-tracking-url) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2017-08-22]
FF Extension: (Neat URL) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\neaturl@hugsmile.eu.xpi [2018-05-29]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2019-08-08]
FF Extension: (Skip Redirect) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\skipredirect@sblask.xpi [2019-06-15]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\smart-referer@meh.paranoid.pk.xpi [2018-09-21]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-07-27]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\uMatrix@raymondhill.net.xpi [2018-12-28]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-08-16]
FF Extension: (Whitelist JavaScript) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\veto@myridia.com.xpi [2018-04-26]
FF Extension: (NoSquint Plus) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\zoomlevelplus@zoomlevelplus.net.xpi [2017-11-11]
FF Extension: (Zoom Page WE) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\zoompage-we@DW-dev.xpi [2019-08-29]
FF Extension: (Download all Images) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2019-07-03]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (Javascript Control) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi [2017-11-20]
FF Extension: (Cookie Quick Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2019-08-12]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-08-20]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2019-07-03]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-07-11]
FF Extension: (Markdown Viewer Webext) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2019-07-14]
FF Extension: (Font Finder) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a658a273-612e-489e-b4f1-5344e672f4f5}.xpi [2019-04-07]
FF Extension: (EditThisCookie) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a6a5b521-62f8-48c1-ad86-702fd9f0e2c8}.xpi [2017-11-16]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2019-08-01]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-11-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-23]
FF Extension: (HTTP Header Live) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{ed102056-8b4f-43a9-99cd-6d1b25abe87e}.xpi [2019-08-20]
FF Extension: (Theme Font & Size Changer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-11-15]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default [2017-07-17]
FF Homepage: MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default -> hxxps://duckduckgo.com/
FF Extension: (Page Zoom Button) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-08-12] [Legacy]
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2017-02-17] [Legacy] [not signed]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\clickclean@hotcleaner.com [2017-07-17] [Legacy]
FF Extension: (Developer Tools) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\devtools@addons.palemoon.org.xpi [2016-12-14] [Legacy] [not signed]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2015-12-08] [Legacy]
FF Extension: (Proxy Privacy Ruler) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\pxruler@Off.JustOff.xpi [2017-07-15] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-28] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\zoompage@DW-dev.xpi [2017-03-03] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (FireShot) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-07-17] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2017-07-17] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2017-07-17] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-16] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-07-17] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-05-04] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-17] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-08-18] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF Extension: (Page Zoom Button) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-08-12] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\zoompage@DW-dev.xpi [2017-08-17] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-08] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-16] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2016-04-28] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-08-06] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-08-18] [Legacy]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\clickclean@hotcleaner.com [2017-07-11] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-23] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default [2019-09-02]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default -> hxxps://start.duckduckgo.com/
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2018-04-10] [Legacy] [not signed]
FF Extension: (Block Content) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\blockcont@mdsy.xpi [2019-02-03] [Legacy] [not signed]
FF Extension: (Cookies Exterminator) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2019-04-16] [Legacy] [not signed]
FF Extension: (Developer Tools) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\devtools@addons.palemoon.org.xpi [2016-12-14] [Legacy] [not signed]
FF Extension: (Exif Viewer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\exif-viewer@asraskin.org.xpi [2019-04-26] [Legacy] [not signed]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2015-12-08] [Legacy]
FF Extension: (Proxy Privacy Ruler) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\pxruler@Off.JustOff.xpi [2019-04-16] [Legacy] [not signed]
FF Extension: (Save All Images) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\save-images-me@Off.JustOff.xpi [2019-04-24] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-20] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-09-11] [Legacy]
FF Extension: (Cookie Permissions Button) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{8e05f2af-03be-443e-a2b5-b4375a3a1930}.xpi [2018-08-14] [Legacy] [not signed]
FF Extension: (Cookie Masters) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{a04a71f3-ce74-4134-8f86-fae693b19e44}.xpi [2018-08-04] [Legacy] [not signed]
FF Extension: (Toggle JavaScript [Enabled/Disabled]) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{b5af16a6-105d-4a14-a5a6-c2b358b06a04}.xpi [2018-08-30] [Legacy] [not signed]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default [2019-07-12]
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Block Content) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\blockcont@mdsy.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (CanvasBlocker Legacy) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\CanvasBlocker@legacy.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Cookies Exterminator) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Exif Viewer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\exif-viewer@asraskin.org.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (ScriptBlock) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\jsblock@4bebca82.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Calendate) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\{5b965352-430a-11e2-956a-13226188709b}.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2019-06-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\oeytmn1z.default [2015-05-03]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]

Opera:
=======
OPR DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
OPR Extension: (Zoom for Opera) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\agocngbnphnfdhpacecdpcpfphhdmoff [2019-07-11]
OPR Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\clblbeknmgobkgonndomehcjpckopfeh [2018-07-11]
OPR Extension: (Live HTTP Headers) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\djlgkpdankikgjpjmknpdabbegoaokli [2018-07-11]
OPR Extension: (Custom Style Script) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmnbfbgbgicodipenaajdcogalomcmph [2019-06-25]
OPR Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2018-07-11]
OPR Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2018-07-11]
OPR Extension: (WebRTC Leak Prevent) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjabaljgaabcnmcoalhaldkmcfbojkkb [2018-07-11]
OPR Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2019-07-31]
OPR Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2019-07-09]
OPR Extension: (History Eraser) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2018-07-11]
OPR Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdhadkjmpbhfdmmoogneplmcpoelfggp [2019-08-17]
OPR Extension: (Magic Actions for YouTube™) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2019-04-15]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-08-17]
OPR Extension: (JavaScript Switcher) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\pjljfckmhjnpbcgneijeeiimpkdjccob [2018-07-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUSTeK Computer Inc. -> ASUS)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AgereSoftModem; C:\windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (Microsoft Windows -> LSI Corp)
R3 asmthub3; C:\windows\System32\DRIVERS\asmthub3.sys [130024 2011-11-22] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R3 asmtxhci; C:\windows\System32\DRIVERS\asmtxhci.sys [395752 2011-11-22] (MCCI Internal Testing Software -> ASMedia Technology Inc)
S3 athr; C:\windows\System32\DRIVERS\athrx.sys [1394688 2009-06-19] (Microsoft Windows -> Atheros Communications, Inc.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] (ASUSTeK Computer Inc. ->  )
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 SiSGbeLH; C:\windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-02 07:08 - 2019-09-02 07:41 - 000000000 ____D C:\Users\happy\Desktop\00000
2019-09-02 05:14 - 2019-09-02 05:14 - 000003288 ____N C:\bootsqm.dat
2019-09-02 04:10 - 2019-09-02 07:40 - 000000000 ____D C:\FRST
2019-08-18 14:47 - 2019-08-18 14:48 - 000262144 _____ C:\windows\Minidump\081819-20217-01.dmp
2019-08-15 17:50 - 2019-08-15 17:50 - 000000773 _____ C:\Users\happy\Desktop\Start Tor Browser.lnk
2019-08-15 17:50 - 2019-08-15 17:50 - 000000000 ____D C:\Users\happy\Desktop\Tor Browser
2019-08-15 16:44 - 2019-08-17 18:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-12 03:45 - 2019-08-12 03:45 - 000000000 ____D C:\Users\happy\AppData\Roaming\WAS_FF_2019-8-11
2019-08-12 02:44 - 2019-08-17 18:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-12 02:44 - 2019-08-12 02:44 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-12 02:44 - 2019-08-12 02:44 - 000000926 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000884 _____ C:\Users\Public\Desktop\Waterfox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Users\happy\AppData\Roaming\Waterfox
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Users\happy\AppData\Local\Waterfox
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Program Files\Waterfox
2019-08-11 22:34 - 2019-08-11 22:34 - 000000000 ____D C:\Users\happy\Desktop\Old Firefox Data
2019-08-05 02:02 - 2019-08-05 02:02 - 000239398 _____ C:\Users\happy\AppData\Local\recently-used.xbel

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-02 07:08 - 2016-11-18 20:48 - 000000000 ____D C:\Users\happy\AppData\LocalLow\Mozilla
2019-09-02 06:53 - 2013-11-14 03:32 - 000003902 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4A7FB7E8-812B-4EFC-8112-5440817388C6}
2019-09-02 06:53 - 2013-11-11 11:40 - 000000000 ____D C:\Users\happy\AppData\Roaming\vlc
2019-09-02 06:10 - 2013-11-11 04:36 - 000000000 ____D C:\Users\happy\Desktop\DOWNLOADS HERE
2019-09-02 05:29 - 2009-07-13 23:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-02 05:29 - 2009-07-13 23:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-02 05:22 - 2013-11-11 03:44 - 000000380 _____ C:\Users\happy\AppData\Roaming\sp_data.sys
2019-09-02 05:22 - 2013-11-11 03:44 - 000000000 ___HD C:\ASUS.DAT
2019-09-02 05:21 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-09-02 05:06 - 2013-11-24 23:31 - 000000000 ____D C:\Users\happy\AppData\Roaming\BatteryBar
2019-09-02 05:04 - 2016-01-18 14:35 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-09-02 05:04 - 2013-10-24 15:29 - 000000000 ____D C:\ProgramData\Temp
2019-09-02 05:03 - 2019-05-13 06:27 - 000002298 _____ C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-09-02 05:03 - 2019-05-13 06:27 - 000002261 _____ C:\Users\happy\Desktop\Vivaldi.lnk
2019-09-02 05:03 - 2016-08-11 06:44 - 000000000 ____D C:\Users\happy\AppData\Local\Vivaldi
2019-09-02 04:36 - 2019-04-29 16:51 - 000000000 ____D C:\Users\happy\AppData\Local\Blisk
2019-08-30 16:54 - 2017-07-13 08:34 - 000003828 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1499952880
2019-08-30 16:54 - 2017-07-13 08:34 - 000000000 ____D C:\Program Files\Opera
2019-08-29 11:25 - 2015-04-25 01:12 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2019-08-18 14:47 - 2019-07-27 18:44 - 1096761027 _____ C:\windows\MEMORY.DMP
2019-08-18 14:47 - 2019-07-27 18:44 - 000000000 ____D C:\windows\Minidump
2019-08-18 05:35 - 2009-07-14 00:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2019-08-18 05:35 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2019-08-18 01:39 - 2015-04-25 01:12 - 000000000 ____D C:\Users\happy\AppData\Roaming\Moonchild Productions
2019-08-15 17:50 - 2017-06-06 00:34 - 000000821 _____ C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2019-08-15 17:49 - 2013-11-11 05:47 - 000000000 ____D C:\Users\happy\Desktop\OLD
2019-08-12 03:42 - 2017-11-06 19:05 - 000000000 ____D C:\Users\happy\AppData\Roaming\Mozilla
2019-08-12 00:47 - 2013-11-11 10:19 - 000000000 ____D C:\ProgramData\Mozilla
2019-08-09 20:17 - 2018-12-20 12:36 - 000000000 ____D C:\Users\happy\Desktop\pat
2019-08-08 13:27 - 2009-07-13 23:45 - 000337648 _____ C:\windows\system32\FNTCACHE.DAT
2019-08-05 03:38 - 2018-07-04 05:25 - 000000000 ____D C:\Users\happy\.gimp-2.8
2019-08-04 06:58 - 2013-11-11 03:44 - 000072472 _____ C:\Users\happy\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories ================

2013-11-11 03:44 - 2019-09-02 05:22 - 000000380 _____ () C:\Users\happy\AppData\Roaming\sp_data.sys
2019-08-05 02:02 - 2019-08-05 02:02 - 000239398 _____ () C:\Users\happy\AppData\Local\recently-used.xbel
2016-01-23 18:43 - 2016-01-23 18:43 - 000007641 _____ () C:\Users\happy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-31 06:08
==================== End of FRST.txt ============================

  ##
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by happy (02-09-2019 07:42:31)
Running from C:\Users\happy\Desktop\00000
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-11 08:43:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1167706805-3652461753-1077729752-500 - Administrator - Disabled)
Guest (S-1-5-21-1167706805-3652461753-1077729752-501 - Limited - Disabled)
happy (S-1-5-21-1167706805-3652461753-1077729752-1000 - Administrator - Enabled) => C:\Users\happy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AkelPad 4.8.4 (HKLM-x32\...\AkelPad) (Version: 4.8.4 - )
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Packag

 - HERE GOES :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by happy (03-09-2019 05:54:18)
Running from C:\Users\happy\Desktop\00000
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-11 08:43:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1167706805-3652461753-1077729752-500 - Administrator - Disabled)
Guest (S-1-5-21-1167706805-3652461753-1077729752-501 - Limited - Disabled)
happy (S-1-5-21-1167706805-3652461753-1077729752-1000 - Administrator - Enabled) => C:\Users\happy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AkelPad 4.8.4 (HKLM-x32\...\AkelPad) (Version: 4.8.4 - )
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Basilisk 52.9.2019.03.27 (x64 en-US) (HKLM\...\Basilisk 52.9.2019.03.27 (x64 en-US)) (Version: 52.9.2019.03.27 - Mozilla)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
EditPad Lite 7.4.1 (HKLM\...\EditPad Lite) (Version: 7.4.1 - Just Great Software)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Geany 1.31 (HKLM-x32\...\Geany) (Version: 1.31 - The Geany developer team)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 60.0.3255.70 (HKLM-x32\...\Opera 60.0.3255.70) (Version: 60.0.3255.70 - Opera Software)
Opera Stable 63.0.3368.53 (HKLM-x32\...\Opera 63.0.3368.53) (Version: 63.0.3368.53 - Opera Software)
Pale Moon 28.7.0 (x86 en-US) (HKLM-x32\...\Pale Moon 28.7.0 (x86 en-US)) (Version: 28.7.0 - Moonchild Productions)
Programmer's Notepad (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.4.2.1440 - Simon Steele)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SciTE Text Editor (HKLM\...\{4B6DD064-D280-4567-B332-E8F5828A7A25}) (Version: 3.3.3 - ebswift.com)
SeaMonkey 2.49.4 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.4 (x86 en-US)) (Version: 2.49.4 - Mozilla)
sfArk (HKLM-x32\...\sfArk) (Version:  - )
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
STDU Viewer version 1.6.300.0 (HKLM-x32\...\STDU Viewer_is1) (Version: 1.6.300.0 - STDUtility)
Subtitle Edit 3.5.8 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.8.0 - Nikse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vivaldi (HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\Vivaldi) (Version: 2.7.1628.30 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Waterfox 56.2.12 (x64 en-US) (HKLM\...\Waterfox 56.2.12 (x64 en-US)) (Version: 56.2.12 - Waterfox Ltd)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinHasher 1.6.1 (HKLM-x32\...\GPFComicsWinHasher_is1) (Version: WinHasher 1.6.1 - GPF Comics)
WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\happy\AppData\Local\Vivaldi\Application\2.7.1628.30\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [SciTE] -> {C4ACBD3E-6114-4618-904C-B206ABA9DEB0} => C:\Program Files (x86)\SciTE\wscitecm64.dll [2010-11-15] (Burgaud.com) [File not signed]
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:/Program Files (x86)/ASUS/ASUS WebStorage/3.0.108.222/XPClient.DLL [2011-07-29] (eCareme Technologies, Inc.) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-11-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-03-31 21:55 - 2010-03-31 21:55 - 000221184 _____ ( ) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.EZNamespaceExtensions.dll
2009-03-01 21:07 - 2009-03-01 21:07 - 000200704 _____ ( ) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.EZShellExtensions.dll
2012-02-21 16:49 - 2012-02-21 16:49 - 000009216 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2007-07-12 13:11 - 2007-07-12 13:11 - 001163264 _____ () [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2004-05-27 20:13 - 2004-05-27 20:13 - 000080384 _____ (ACTIONTEC Electronics,Inc) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\ATKWLIOC.DLL
2013-10-24 15:22 - 2010-12-20 19:49 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2012-06-27 16:22 - 2012-06-27 16:22 - 000223232 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2012-02-21 16:48 - 2012-02-21 16:48 - 000053248 _____ (ASUSTeK) [File not signed] C:\Program Files (x86)\ASUS\Splendid\Chameleon.dll
2012-02-21 16:49 - 2012-02-21 16:49 - 000032768 _____ (ASUSTek) [File not signed] C:\Program Files (x86)\ASUS\Splendid\OVS.dll
2005-09-21 19:30 - 2005-09-21 19:30 - 000036864 _____ (ATK) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\inter_f2.dll
2010-11-15 11:38 - 2010-11-15 11:38 - 000017920 _____ (Burgaud.com) [File not signed] C:\Program Files (x86)\SciTE\wscitecm64.dll
2019-03-05 21:16 - 2019-03-05 21:16 - 000113152 _____ (Don HO don.h@free.fr) [File not signed] C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll
2011-05-25 02:09 - 2011-05-25 02:09 - 000227840 _____ (eCareme Technologies, Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll
2011-07-28 03:48 - 2011-07-28 03:48 - 000274432 _____ (eCareme Technologies, Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\eCaremeDLL.dll
2011-07-29 04:37 - 2011-07-29 04:37 - 004526080 _____ (eCareme Technologies, Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\XPClient.dll
2011-04-27 23:22 - 2011-04-27 23:22 - 002891264 _____ (FreeImage) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\FreeImage.dll
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-10-24 15:22 - 2010-12-20 19:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2019-07-27 05:18 - 2019-08-29 11:25 - 000377856 _____ (Mozilla Foundation) [File not signed] C:\Program Files (x86)\Pale Moon\freebl3.dll
2011-05-17 12:32 - 2011-05-17 12:32 - 000331776 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\RtlLib.dll
2011-05-17 12:31 - 2011-05-17 12:31 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\IpLib.dll
2005-01-13 02:36 - 2005-01-13 02:36 - 000303104 _____ (Silicon Integrated Systems Corp.) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\SiSPkt.dll
2009-10-28 20:41 - 2009-10-28 20:41 - 000270336 _____ (The Apache Software Foundation) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\log4net.dll
2011-05-17 12:31 - 2011-05-17 12:31 - 001069056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12682 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-07 08:39 - 2016-07-07 08:46 - 000450826 _____ C:\windows\system32\drivers\etc\hosts

127.0.0.1   www.abcnews.com.co
127.0.0.1   abcnews.com.co
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info

There are 15467 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\happy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{739D8E39-AC66-4445-A1F3-2F2365EF372A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{5FAEA3D0-04C4-48D8-B56A-804C62FC48FA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{216BA990-CB07-4A66-8C03-F73F788F8988}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{2732787A-81D8-45E2-B1BD-0DC4B57EF6EA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{D39AFA0C-1F5D-40D7-BE6A-51CDAE68901C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{5C3D228C-BDC9-451D-87CE-24C8C79C31B0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{907EEC08-83E6-4678-9CF7-1CF1320AFC64}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{582C1719-5669-487A-8344-11281C0C91BF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{73CFBD81-4061-4327-B98D-F853FC169BA8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{08BEBA5B-2D0E-4B40-80FF-E4CEACCAB908}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{35C97E34-A8DD-4D65-B3EA-F42EF1B59D8F}C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe] => (Block) C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe (GitHub, Inc.) [File not signed]
FirewallRules: [UDP Query User{49A5C5AC-A0BC-4713-A64C-C6B9B6E4A62D}C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe] => (Block) C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe (GitHub, Inc.) [File not signed]
FirewallRules: [TCP Query User{9144930E-2B3E-4754-A873-23004A554908}D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe] => (Block) D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe No File
FirewallRules: [UDP Query User{59525DBB-179B-4D7F-8DA1-5E5C788C9C6A}D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe] => (Block) D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe No File
FirewallRules: [{9A87956E-EC1E-4178-80D4-F2BD6584AD4B}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{3DE216D4-2EA5-405A-A67C-31708B6D25E4}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{0AAC5364-72C7-4410-8800-0DD630AFAD19}] => (Allow) C:\Program Files (x86)\Basilisk\basilisk.exe No File
FirewallRules: [{D4A50239-F2E0-4E18-9790-A2F59CA4FAE2}] => (Allow) C:\Program Files (x86)\Basilisk\basilisk.exe No File
FirewallRules: [{CB54FF73-BD4C-49A8-A131-148FC97AFC38}] => (Allow) C:\Program Files\Opera\60.0.3255.27\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{B695984A-C329-4949-8EEE-E53157FEE342}C:\users\happy\desktop\tor browser\browser\firefox.exe] => (Block) C:\users\happy\desktop\tor browser\browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [UDP Query User{6E964137-062D-47E3-A4AF-BF74BFF6C6DA}C:\users\happy\desktop\tor browser\browser\firefox.exe] => (Block) C:\users\happy\desktop\tor browser\browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{BD670C61-E309-4862-AB75-AB4FA22FD4F6}] => (Allow) C:\Program Files\Basilisk\basilisk.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{6A647BD6-AADD-48C7-94A4-ADA762C360DF}] => (Allow) C:\Program Files\Basilisk\basilisk.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{302B85E0-7377-4027-9063-04478EEC56C5}] => (Allow) C:\Program Files\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CC670390-7F4E-42AF-A065-03C2F9BABB9C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9EBD2AF6-7B6A-4E49-AEEE-5184AAB11C7B}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Mozilla Corporation)
FirewallRules: [{3ABC81F6-5159-49A5-9A34-F6586A78FFAC}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Mozilla Corporation)
FirewallRules: [{9B21FF0D-3EDB-4D80-B710-66EA8E33B59B}] => (Allow) C:\Program Files\Opera\63.0.3368.53\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2019 11:34:23 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (09/02/2019 11:34:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.24000, time stamp: 0x5a499a8d
Exception code: 0xc0000006
Fault offset: 0x000000000001b7bd
Faulting process id: 0xce0
Faulting application start time: 0x01d561ac31ea4ca3
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 84e90ad8-cd9f-11e9-b2c5-3085a90a3db5

Error: (09/02/2019 11:32:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (09/02/2019 11:32:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.24000, time stamp: 0x5a499a8d
Exception code: 0xc0000006
Fault offset: 0x000000000001b7bd
Faulting process id: 0x1690
Faulting application start time: 0x01d561abe2c6ece7
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 3662c5ee-cd9f-11e9-b2c5-3085a90a3db5

Error: (09/02/2019 11:29:57 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (09/02/2019 11:29:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.24000, time stamp: 0x5a499a8d
Exception code: 0xc0000006
Fault offset: 0x000000000001b7bd
Faulting process id: 0x500
Faulting application start time: 0x01d5617825ad3f68
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: e67c355b-cd9e-11e9-b2c5-3085a90a3db5

Error: (09/02/2019 05:32:14 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy16 - 00000000000000C8,0x0053c198,00000000002FF020,0,00000000002FE010,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (09/02/2019 04:36:22 AM) (Source: Firefox) (EventID: 52) (User: )
Description: Event-ID 52


System errors:
=============
Error: (09/03/2019 05:58:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/03/2019 05:43:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (09/03/2019 05:40:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/03/2019 05:37:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:33:34 AM on ‎9/‎3/‎2019 was unexpected.

Error: (09/03/2019 05:34:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/03/2019 05:33:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/02/2019 11:34:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 3 time(s).

Error: (09/02/2019 11:32:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================

Date: 2015-08-01 15:16:58.310
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:58.294
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:58.279
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:58.263
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.499
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.483
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.467
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.467
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

==================== Memory info ===========================

BIOS: American Megatrends Inc. K54C.207 04/18/2012
Motherboard: ASUSTeK Computer Inc. K54C
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 91%
Total physical RAM: 4000.13 MB
Available physical RAM: 356.11 MB
Total Virtual: 7998.39 MB
Available Virtual: 4022.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:37.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:147.96 GB) (Free:30.87 GB) NTFS

\\?\Volume{bef42f45-3ce8-11e3-8882-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0ED6495C)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=125 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hi there.
I use different browsers mainly to check that code I've written works in all of them.
Opera Stable 60 I don't understand. Opera updated itself from earlier versions & is now 63 when launched. 12.16 I never use.
Epic & Maxthon I uninstalled long ago, apparently there are still unwanted specks of them sitting around.
Blisk alerted me to an issue one of my websites had when viewed on a wide screen. *Thank you, Blisk!* I deleted it tho, the free version doesn't work long before shutting off.
SeaMonkey 2.49.4 is out-of-date, I see the newest build is SeaMonkey 2.49.5. Is this dangerous to use?
I have Vivaldi because some sites/code only plays nice with Google's Chrome, which I dislike for privacy reasons.
I use some browsers only to view HTML files locally. FF is a fantastic browser but they've made some decisions that screw me up. Googling, I found users who had the same problem who used about:config to change a security setting as a fix. (One of the newer builds starting killing some three.js code when run locally- it still runs in current builds of Vivaldi & Opera & Paper Moon.)
Also, when a website doesn't like one browser, after I've turned off addons etc, often I find simply find using another browser does the trick.
Each browser comes with strengths & limitations. I'll like one for privacy, but it's slow, or another for its large selection of addons but... etc etc.
  I also think it's kind of fun playing with browsers.
Anyway, thanks. I'll do FRST now.
Take care.

FIRST was changed so that all you need to do now is copy the code and after launching as Admin, merely click the Fix button. 

Yes, it is safe. I've had to do the same on Windows 10 when testing.

Thank you for the birthday wishes.  It just goes to show you haven't visited here in a while -- although that means you haven't had any problems in a while which is good.

Take a look at the FRST script I posted and note that it is essentially removing leftovers.  Note the "no file" indication at the end of the lines.  That said, it is likely that you are not allotting enough space for System Restore.  The current usage of my primary device is 11.98 GB.  Open System Restore and click the button for "Configure".  See how much the Current Usage is as compared to the 12.5 GB you have allotted.  Try increasing it a small amount -- perhaps 12% instead of 10%.

In searching the error message you received, the instructions provided in Error 0x80042308 when attempting to set a system restore point. - Microsoft Community worked for some but not others.  In other results, I've all seen it is a result of failing hardware.

Let's see if this helps.

1.  Run System File Checker:

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• Enter the command below and press on Enter and wait for it to finish (~15 minutes).
  

sfc /scannow
2.  Next, please run the internal disk checker program: 

• Click Start and select "Computer"
• Right-click C:
• Select the "Tools" tab
• In the Error-checking area, click "Check Now"
• Click "Start"
• Check the option to "Automatically fix file system errors" and click Start.

You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer.  Click "Schedule disk check" and then restart the computer, allowing disk check to run at startup.

3.  To find the disk check log that is produced please download ListChkdskResult by SleepyDude to the desktop.

• Double-click on the icon and click Run
  
• The log will appear on your desktop as a .txt file and the notepad will open.

Please copy and paste the results in your next reply.

Although the last of the logs were cut off due to the length, the log results show that ChkDsk has been run several times recently with the results from the last run showing "Read failure", "bad clusters" and "4 KB in bad sectors" which definitely indicates that the hard drive is failing.  I suggest that you run SeaTools.  It can test all brands of harddrives but only repairs SeaGate drives.

1.   Back up all important data.
2.   Download SeaTools from Software and Firmware Downloads | Seagate Support US SeaTools | Seagate
3.   There is a PDF tutorial here:  SeaTools for Windows Guide

Note:  The process with SeaTools can take a very long time.  I've suggested it because I've used it before.  However, there are other tools available that do run faster that you may wish to try instead.  For example, Hard Disk Sentinel has a free trial:  https://www.hdsentinel.com/