Author Topic: Happy Labor Day, Here's my stuff  (Read 2514 times)

0 Members and 1 Guest are viewing this topic.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Happy Labor Day, Here's my stuff
« on: September 02, 2019, 12:17:38 PM »
 >:(
Mos ago, a regular Win update utterly trashed this computer (my win8 box updated just fine). Managed to get it working again by using System Restore.
A bunch of files had been deleted. I'd backed-up quite a bit & was able to put them back, at least the missing files I located. Interestingly, I noticed it took out a lot of .html files but would tend to leave others intact, including .BAK, .css etc.
Had various strange things happen since then. Slow start-ups, at times RAM use skyrockets, etc. Most recently, I noticed my MS Security app had "shut off"- "Microsoft Antimalware Service service terminated unexpectedly"- so, here I am!
(MS AV is working fine now, by the way. I simply rebooted.)
-- I noticed some out-of-date browser folder BUs show from my scans, if they're confusing, I can move them to another folder & redo. Lemme know.
Cheers. Thanks.
  ##
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by happy (administrator) on LAPPY (ASUSTeK Computer Inc. K54C) (02-09-2019 07:40:52)
Running from C:\Users\happy\Desktop\00000
Loaded Profiles: happy (Available Profiles: happy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) [File not signed]
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUSTeK Computer Inc. -> ASUS)
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios -> BillP Studios)
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2013-10-24]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe () [File not signed]
Startup: C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0000-Launch_BROWSERS.cmd [2019-08-15] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AEFE3C1-0C25-4C8F-BD16-976785226767} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {20851120-42F3-4C27-8020-70E8422C9E90} - System32\Tasks\Opera scheduled Autoupdate 1499952880 => C:\Program Files\Opera\launcher.exe [1520152 2019-08-27] (Opera Software AS -> Opera Software)
Task: {31C4EF86-EE62-488B-90E4-4438DDC78369} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4D5FACA0-B385-4511-9192-7C3BEB163646} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {87F619F3-E712-49E9-A5A5-80323CB92151} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1556640 2012-06-20] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {A741CCBC-CE0F-41FC-95B4-ECF9222B1F44} - System32\Tasks\{C95A24F3-5910-45DC-BF71-3DC579D2D404} => C:\windows\system32\pcalua.exe -a "C:\Users\happy\Desktop\DOWNLOADS HERE\irfanview_plugins_437_setup.exe" -d "C:\Users\happy\Desktop\DOWNLOADS HERE"
Task: {CDC6F1D0-992A-4B6A-9F14-FA9873939549} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [473728 2012-02-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F1F666BA-3D7B-4274-8D95-4BB002002540} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F5255F09-864E-4907-B017-417DC2FA7DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7F5F0944-5C21-41EE-8BD6-BB8AB1089EB0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7A67B45-A19A-4987-8C05-DCF3D814347C}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1482688010082
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

FireFox:
========
FF DefaultProfile: 3vb57d2z.default
FF DefaultProfile: pmboff70.default
FF DefaultProfile: v0k5j5hr.default-1510011962003
FF DefaultProfile: n8i1vt93.default-1565580858196
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\n8i1vt93.default-1565580858196 [not found] <==== ATTENTION
FF DefaultProfile: 0h9ztolt.default
FF ProfilePath: C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default [2019-08-15]
FF Extension: (AdBlocker Ultimate) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\adblockultimate@adblockultimate.net.xpi [2019-08-12]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\clean-links@Cimbali.github.com.xpi [2019-08-12]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-08-12]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2019-08-12]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\uBlock0@raymondhill.net.xpi [2019-08-12]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\uMatrix@raymondhill.net.xpi [2019-08-12]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-08-12]
FF Extension: (Privacy Possum) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2019-08-12]
FF Extension: (Referrer Switch) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{033d950a-38b9-4976-b19e-5f9ed7d78daa}.xpi [2019-08-12]
FF Extension: (Download all Images) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2019-08-12]
FF Extension: (Disable JavaScript) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi [2019-08-12]
FF Extension: (Cookie Quick Manager) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2019-08-12]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2019-08-12]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-08-12]
FF Extension: (Markdown Viewer Webext) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2019-08-12]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2019-08-12]
FF Extension: (Random User-Agent) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{b43b974b-1d3a-4232-b226-eaa2ac6ebb69}.xpi [2019-08-12]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2019-08-12]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-12]
FF Extension: (javascript) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2019-08-12]
FF ProfilePath: C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default [2017-10-03]
FF NetworkProxy: WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-19] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (Screengrab (fix version)) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-07-21] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-13] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-07-18] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-07-18] [Legacy]
FF Extension: (Screengrab (fix version)) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-01-01] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-03-30] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003 [2017-11-16]
FF DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
FF Homepage: WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003 -> hxxps://duckduckgo.com/
FF Extension: (Policy Control - JavaScript and Flash blocker) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\jid1-gHwvGmJ8Ii9oOq@jetpack.xpi [2017-11-16]
FF Extension: (Whitelist JavaScript) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\veto@myridia.com.xpi [2017-11-16]
FF Extension: (Javascript Control) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi [2017-11-16]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default [2017-07-18]
FF NetworkProxy: MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-17] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default [2017-07-18]
FF Homepage: MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default -> hxxps://duckduckgo.com/
FF Extension: (CanvasBlocker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2017-07-11] [Legacy]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\clickclean@hotcleaner.com [2017-07-18] [Legacy]
FF Extension: (colorPicker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\colorPicker@colorPicker.xpi [2017-02-20] [Legacy]
FF Extension: (Firebug) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (Valence) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\fxdevtools-adapters@mozilla.org [2017-07-18] [Legacy]
FF Extension: (Image Picker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\ImagePicker@topolog.org [2017-07-18] [Legacy]
FF Extension: (DOM Inspector) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\inspector@mozilla.org [2017-07-18] [Legacy]
FF Extension: (Google search link fix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2017-01-31]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2016-09-21] [Legacy]
FF Extension: (Lightbeam) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-03-22] [Legacy]
FF Extension: (de-t-co) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-fJE7HYlCweigaA@jetpack.xpi [2016-09-14] [Legacy]
FF Extension: (SpeedView) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-MmDjnsjlez2Sdw@jetpack.xpi [2016-12-14] [Legacy]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-07-11]
FF Extension: (JavaScript View) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-u9RbFp9JcoEGGw@jetpack.xpi [2016-12-14] [Legacy]
FF Extension: (Google Redirects Fixer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2015-12-28] [Legacy]
FF Extension: (JavaScript Deobfuscator) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2016-12-06] [Legacy]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2017-07-08] [Legacy]
FF Extension: (Status-4-Evar) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\status4evar@caligonstudios.com.xpi [2016-11-26] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-12-14] [Legacy]
FF Extension: (ThumbsDown) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\thumbsdown@mozdev.org.xpi [2015-12-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-27] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Show external css/js files) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\viewext@lissak.fr.xpi [2016-12-14] [Legacy]
FF Extension: (NoSquint Plus) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\zoomlevelplus@zoomlevelplus.net.xpi [2017-04-24] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\zoompage@DW-dev.xpi [2017-03-03] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (FireShot) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-07-18] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2017-07-18] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-01] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-07-18] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-05-06] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-18] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-01] [Legacy]
FF Extension: (Default Full Zoom Level) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2017-07-18] [Legacy]
FF Extension: (DownThemAll!) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF Extension: (Theme Font & Size Changer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-06-17] [Legacy]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\status4evar@caligonstudios.com.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\viewext@lissak.fr.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\zoompage@DW-dev.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\clickclean@hotcleaner.com [not found]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default [2019-07-30]
FF NetworkProxy: Mozilla\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-19] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release [2019-09-02]
FF Homepage: Mozilla\Firefox\Profiles\u6laa06p.default-release -> hxxps://start.duckduckgo.com/
FF Extension: (Firefox Multi-Account Containers) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\@testpilot-containers.xpi [2019-01-24]
FF Extension: (Firefox DevTools ADB Extension) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\adb@mozilla.org.xpi [2019-07-12] [UpdateUrl:hxxps://ftp.mozilla.org/pub/labs/devtools/adb-extension/win32/update.json]
FF Extension: (AdBlocker Ultimate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2019-08-12]
FF Extension: (CanvasBlocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\CanvasBlocker@kkapsner.de.xpi [2019-07-25]
FF Extension: (Clear Flash Cookies) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\clear-flash-cookies@cpeterso.com.xpi [2017-11-20]
FF Extension: (Cookie Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\cookie-manager@robwu.nl.xpi [2018-10-23]
FF Extension: (Cookie AutoDelete) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\CookieAutoDelete@kennydo.com.xpi [2019-04-29]
FF Extension: (Firebug) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
FF Extension: (Google search link fix) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2019-07-03]
FF Extension: (Firefox Lightbeam) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2018-02-18]
FF Extension: (Policy Control - JavaScript and Flash blocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-gHwvGmJ8Ii9oOq@jetpack.xpi [2018-02-08]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-07-10]
FF Extension: (Double-click Image Downloader) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-xgtdawe3yyUeBQ@jetpack.xpi [2018-05-16]
FF Extension: (google-no-tracking-url) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2017-08-22]
FF Extension: (Neat URL) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\neaturl@hugsmile.eu.xpi [2018-05-29]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2019-08-08]
FF Extension: (Skip Redirect) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\skipredirect@sblask.xpi [2019-06-15]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\smart-referer@meh.paranoid.pk.xpi [2018-09-21]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-07-27]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\uMatrix@raymondhill.net.xpi [2018-12-28]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-08-16]
FF Extension: (Whitelist JavaScript) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\veto@myridia.com.xpi [2018-04-26]
FF Extension: (NoSquint Plus) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\zoomlevelplus@zoomlevelplus.net.xpi [2017-11-11]
FF Extension: (Zoom Page WE) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\zoompage-we@DW-dev.xpi [2019-08-29]
FF Extension: (Download all Images) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2019-07-03]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (Javascript Control) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi [2017-11-20]
FF Extension: (Cookie Quick Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2019-08-12]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-08-20]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2019-07-03]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-07-11]
FF Extension: (Markdown Viewer Webext) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2019-07-14]
FF Extension: (Font Finder) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a658a273-612e-489e-b4f1-5344e672f4f5}.xpi [2019-04-07]
FF Extension: (EditThisCookie) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a6a5b521-62f8-48c1-ad86-702fd9f0e2c8}.xpi [2017-11-16]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2019-08-01]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-11-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-23]
FF Extension: (HTTP Header Live) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{ed102056-8b4f-43a9-99cd-6d1b25abe87e}.xpi [2019-08-20]
FF Extension: (Theme Font & Size Changer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-11-15]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default [2017-07-17]
FF Homepage: MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default -> hxxps://duckduckgo.com/
FF Extension: (Page Zoom Button) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-08-12] [Legacy]
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2017-02-17] [Legacy] [not signed]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\clickclean@hotcleaner.com [2017-07-17] [Legacy]
FF Extension: (Developer Tools) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\devtools@addons.palemoon.org.xpi [2016-12-14] [Legacy] [not signed]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2015-12-08] [Legacy]
FF Extension: (Proxy Privacy Ruler) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\pxruler@Off.JustOff.xpi [2017-07-15] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-28] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\zoompage@DW-dev.xpi [2017-03-03] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (FireShot) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-07-17] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2017-07-17] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2017-07-17] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-16] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-07-17] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-05-04] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-17] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-08-18] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF Extension: (Page Zoom Button) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-08-12] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\zoompage@DW-dev.xpi [2017-08-17] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-08] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-16] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2016-04-28] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-08-06] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-08-18] [Legacy]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\clickclean@hotcleaner.com [2017-07-11] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-23] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default [2019-09-02]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default -> hxxps://start.duckduckgo.com/
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2018-04-10] [Legacy] [not signed]
FF Extension: (Block Content) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\blockcont@mdsy.xpi [2019-02-03] [Legacy] [not signed]
FF Extension: (Cookies Exterminator) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2019-04-16] [Legacy] [not signed]
FF Extension: (Developer Tools) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\devtools@addons.palemoon.org.xpi [2016-12-14] [Legacy] [not signed]
FF Extension: (Exif Viewer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\exif-viewer@asraskin.org.xpi [2019-04-26] [Legacy] [not signed]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2015-12-08] [Legacy]
FF Extension: (Proxy Privacy Ruler) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\pxruler@Off.JustOff.xpi [2019-04-16] [Legacy] [not signed]
FF Extension: (Save All Images) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\save-images-me@Off.JustOff.xpi [2019-04-24] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-20] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-09-11] [Legacy]
FF Extension: (Cookie Permissions Button) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{8e05f2af-03be-443e-a2b5-b4375a3a1930}.xpi [2018-08-14] [Legacy] [not signed]
FF Extension: (Cookie Masters) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{a04a71f3-ce74-4134-8f86-fae693b19e44}.xpi [2018-08-04] [Legacy] [not signed]
FF Extension: (Toggle JavaScript [Enabled/Disabled]) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{b5af16a6-105d-4a14-a5a6-c2b358b06a04}.xpi [2018-08-30] [Legacy] [not signed]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default [2019-07-12]
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Block Content) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\blockcont@mdsy.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (CanvasBlocker Legacy) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\CanvasBlocker@legacy.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Cookies Exterminator) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Exif Viewer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\exif-viewer@asraskin.org.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (ScriptBlock) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\jsblock@4bebca82.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Calendate) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\{5b965352-430a-11e2-956a-13226188709b}.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2019-06-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\oeytmn1z.default [2015-05-03]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]

Opera:
=======
OPR DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
OPR Extension: (Zoom for Opera) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\agocngbnphnfdhpacecdpcpfphhdmoff [2019-07-11]
OPR Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\clblbeknmgobkgonndomehcjpckopfeh [2018-07-11]
OPR Extension: (Live HTTP Headers) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\djlgkpdankikgjpjmknpdabbegoaokli [2018-07-11]
OPR Extension: (Custom Style Script) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmnbfbgbgicodipenaajdcogalomcmph [2019-06-25]
OPR Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2018-07-11]
OPR Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2018-07-11]
OPR Extension: (WebRTC Leak Prevent) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjabaljgaabcnmcoalhaldkmcfbojkkb [2018-07-11]
OPR Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2019-07-31]
OPR Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2019-07-09]
OPR Extension: (History Eraser) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2018-07-11]
OPR Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdhadkjmpbhfdmmoogneplmcpoelfggp [2019-08-17]
OPR Extension: (Magic Actions for YouTube™) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2019-04-15]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-08-17]
OPR Extension: (JavaScript Switcher) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\pjljfckmhjnpbcgneijeeiimpkdjccob [2018-07-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUSTeK Computer Inc. -> ASUS)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AgereSoftModem; C:\windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (Microsoft Windows -> LSI Corp)
R3 asmthub3; C:\windows\System32\DRIVERS\asmthub3.sys [130024 2011-11-22] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R3 asmtxhci; C:\windows\System32\DRIVERS\asmtxhci.sys [395752 2011-11-22] (MCCI Internal Testing Software -> ASMedia Technology Inc)
S3 athr; C:\windows\System32\DRIVERS\athrx.sys [1394688 2009-06-19] (Microsoft Windows -> Atheros Communications, Inc.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] (ASUSTeK Computer Inc. ->  )
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 SiSGbeLH; C:\windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-02 07:08 - 2019-09-02 07:41 - 000000000 ____D C:\Users\happy\Desktop\00000
2019-09-02 05:14 - 2019-09-02 05:14 - 000003288 ____N C:\bootsqm.dat
2019-09-02 04:10 - 2019-09-02 07:40 - 000000000 ____D C:\FRST
2019-08-18 14:47 - 2019-08-18 14:48 - 000262144 _____ C:\windows\Minidump\081819-20217-01.dmp
2019-08-15 17:50 - 2019-08-15 17:50 - 000000773 _____ C:\Users\happy\Desktop\Start Tor Browser.lnk
2019-08-15 17:50 - 2019-08-15 17:50 - 000000000 ____D C:\Users\happy\Desktop\Tor Browser
2019-08-15 16:44 - 2019-08-17 18:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-12 03:45 - 2019-08-12 03:45 - 000000000 ____D C:\Users\happy\AppData\Roaming\WAS_FF_2019-8-11
2019-08-12 02:44 - 2019-08-17 18:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-12 02:44 - 2019-08-12 02:44 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-12 02:44 - 2019-08-12 02:44 - 000000926 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000884 _____ C:\Users\Public\Desktop\Waterfox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Users\happy\AppData\Roaming\Waterfox
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Users\happy\AppData\Local\Waterfox
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Program Files\Waterfox
2019-08-11 22:34 - 2019-08-11 22:34 - 000000000 ____D C:\Users\happy\Desktop\Old Firefox Data
2019-08-05 02:02 - 2019-08-05 02:02 - 000239398 _____ C:\Users\happy\AppData\Local\recently-used.xbel

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-02 07:08 - 2016-11-18 20:48 - 000000000 ____D C:\Users\happy\AppData\LocalLow\Mozilla
2019-09-02 06:53 - 2013-11-14 03:32 - 000003902 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4A7FB7E8-812B-4EFC-8112-5440817388C6}
2019-09-02 06:53 - 2013-11-11 11:40 - 000000000 ____D C:\Users\happy\AppData\Roaming\vlc
2019-09-02 06:10 - 2013-11-11 04:36 - 000000000 ____D C:\Users\happy\Desktop\DOWNLOADS HERE
2019-09-02 05:29 - 2009-07-13 23:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-02 05:29 - 2009-07-13 23:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-02 05:22 - 2013-11-11 03:44 - 000000380 _____ C:\Users\happy\AppData\Roaming\sp_data.sys
2019-09-02 05:22 - 2013-11-11 03:44 - 000000000 ___HD C:\ASUS.DAT
2019-09-02 05:21 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-09-02 05:06 - 2013-11-24 23:31 - 000000000 ____D C:\Users\happy\AppData\Roaming\BatteryBar
2019-09-02 05:04 - 2016-01-18 14:35 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-09-02 05:04 - 2013-10-24 15:29 - 000000000 ____D C:\ProgramData\Temp
2019-09-02 05:03 - 2019-05-13 06:27 - 000002298 _____ C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-09-02 05:03 - 2019-05-13 06:27 - 000002261 _____ C:\Users\happy\Desktop\Vivaldi.lnk
2019-09-02 05:03 - 2016-08-11 06:44 - 000000000 ____D C:\Users\happy\AppData\Local\Vivaldi
2019-09-02 04:36 - 2019-04-29 16:51 - 000000000 ____D C:\Users\happy\AppData\Local\Blisk
2019-08-30 16:54 - 2017-07-13 08:34 - 000003828 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1499952880
2019-08-30 16:54 - 2017-07-13 08:34 - 000000000 ____D C:\Program Files\Opera
2019-08-29 11:25 - 2015-04-25 01:12 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2019-08-18 14:47 - 2019-07-27 18:44 - 1096761027 _____ C:\windows\MEMORY.DMP
2019-08-18 14:47 - 2019-07-27 18:44 - 000000000 ____D C:\windows\Minidump
2019-08-18 05:35 - 2009-07-14 00:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2019-08-18 05:35 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2019-08-18 01:39 - 2015-04-25 01:12 - 000000000 ____D C:\Users\happy\AppData\Roaming\Moonchild Productions
2019-08-15 17:50 - 2017-06-06 00:34 - 000000821 _____ C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2019-08-15 17:49 - 2013-11-11 05:47 - 000000000 ____D C:\Users\happy\Desktop\OLD
2019-08-12 03:42 - 2017-11-06 19:05 - 000000000 ____D C:\Users\happy\AppData\Roaming\Mozilla
2019-08-12 00:47 - 2013-11-11 10:19 - 000000000 ____D C:\ProgramData\Mozilla
2019-08-09 20:17 - 2018-12-20 12:36 - 000000000 ____D C:\Users\happy\Desktop\pat
2019-08-08 13:27 - 2009-07-13 23:45 - 000337648 _____ C:\windows\system32\FNTCACHE.DAT
2019-08-05 03:38 - 2018-07-04 05:25 - 000000000 ____D C:\Users\happy\.gimp-2.8
2019-08-04 06:58 - 2013-11-11 03:44 - 000072472 _____ C:\Users\happy\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories ================

2013-11-11 03:44 - 2019-09-02 05:22 - 000000380 _____ () C:\Users\happy\AppData\Roaming\sp_data.sys
2019-08-05 02:02 - 2019-08-05 02:02 - 000239398 _____ () C:\Users\happy\AppData\Local\recently-used.xbel
2016-01-23 18:43 - 2016-01-23 18:43 - 000007641 _____ () C:\Users\happy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-31 06:08
==================== End of FRST.txt ============================

  ##
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by happy (02-09-2019 07:42:31)
Running from C:\Users\happy\Desktop\00000
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-11 08:43:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1167706805-3652461753-1077729752-500 - Administrator - Disabled)
Guest (S-1-5-21-1167706805-3652461753-1077729752-501 - Limited - Disabled)
happy (S-1-5-21-1167706805-3652461753-1077729752-1000 - Administrator - Enabled) => C:\Users\happy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AkelPad 4.8.4 (HKLM-x32\...\AkelPad) (Version: 4.8.4 - )
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Packag

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19713
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Happy Labor Day, Here's my stuff
« Reply #1 on: September 02, 2019, 03:31:03 PM »
Hi, babyoh.

The FRST.txt log was so long that the Addition.txt log was cut off.  Please re-launch the Addition.txt log and copy/paste it in a new reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Happy Labor Day, Here's my stuff
« Reply #2 on: September 03, 2019, 10:13:05 AM »
 - HERE GOES :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by happy (03-09-2019 05:54:18)
Running from C:\Users\happy\Desktop\00000
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-11 08:43:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1167706805-3652461753-1077729752-500 - Administrator - Disabled)
Guest (S-1-5-21-1167706805-3652461753-1077729752-501 - Limited - Disabled)
happy (S-1-5-21-1167706805-3652461753-1077729752-1000 - Administrator - Enabled) => C:\Users\happy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AkelPad 4.8.4 (HKLM-x32\...\AkelPad) (Version: 4.8.4 - )
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Basilisk 52.9.2019.03.27 (x64 en-US) (HKLM\...\Basilisk 52.9.2019.03.27 (x64 en-US)) (Version: 52.9.2019.03.27 - Mozilla)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
EditPad Lite 7.4.1 (HKLM\...\EditPad Lite) (Version: 7.4.1 - Just Great Software)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Geany 1.31 (HKLM-x32\...\Geany) (Version: 1.31 - The Geany developer team)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 60.0.3255.70 (HKLM-x32\...\Opera 60.0.3255.70) (Version: 60.0.3255.70 - Opera Software)
Opera Stable 63.0.3368.53 (HKLM-x32\...\Opera 63.0.3368.53) (Version: 63.0.3368.53 - Opera Software)
Pale Moon 28.7.0 (x86 en-US) (HKLM-x32\...\Pale Moon 28.7.0 (x86 en-US)) (Version: 28.7.0 - Moonchild Productions)
Programmer's Notepad (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.4.2.1440 - Simon Steele)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SciTE Text Editor (HKLM\...\{4B6DD064-D280-4567-B332-E8F5828A7A25}) (Version: 3.3.3 - ebswift.com)
SeaMonkey 2.49.4 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.4 (x86 en-US)) (Version: 2.49.4 - Mozilla)
sfArk (HKLM-x32\...\sfArk) (Version:  - )
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
STDU Viewer version 1.6.300.0 (HKLM-x32\...\STDU Viewer_is1) (Version: 1.6.300.0 - STDUtility)
Subtitle Edit 3.5.8 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.8.0 - Nikse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vivaldi (HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\Vivaldi) (Version: 2.7.1628.30 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Waterfox 56.2.12 (x64 en-US) (HKLM\...\Waterfox 56.2.12 (x64 en-US)) (Version: 56.2.12 - Waterfox Ltd)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinHasher 1.6.1 (HKLM-x32\...\GPFComicsWinHasher_is1) (Version: WinHasher 1.6.1 - GPF Comics)
WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\happy\AppData\Local\Vivaldi\Application\2.7.1628.30\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [SciTE] -> {C4ACBD3E-6114-4618-904C-B206ABA9DEB0} => C:\Program Files (x86)\SciTE\wscitecm64.dll [2010-11-15] (Burgaud.com) [File not signed]
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:/Program Files (x86)/ASUS/ASUS WebStorage/3.0.108.222/XPClient.DLL [2011-07-29] (eCareme Technologies, Inc.) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-11-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-03-31 21:55 - 2010-03-31 21:55 - 000221184 _____ ( ) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.EZNamespaceExtensions.dll
2009-03-01 21:07 - 2009-03-01 21:07 - 000200704 _____ ( ) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.EZShellExtensions.dll
2012-02-21 16:49 - 2012-02-21 16:49 - 000009216 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2007-07-12 13:11 - 2007-07-12 13:11 - 001163264 _____ () [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2004-05-27 20:13 - 2004-05-27 20:13 - 000080384 _____ (ACTIONTEC Electronics,Inc) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\ATKWLIOC.DLL
2013-10-24 15:22 - 2010-12-20 19:49 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2012-06-27 16:22 - 2012-06-27 16:22 - 000223232 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2012-02-21 16:48 - 2012-02-21 16:48 - 000053248 _____ (ASUSTeK) [File not signed] C:\Program Files (x86)\ASUS\Splendid\Chameleon.dll
2012-02-21 16:49 - 2012-02-21 16:49 - 000032768 _____ (ASUSTek) [File not signed] C:\Program Files (x86)\ASUS\Splendid\OVS.dll
2005-09-21 19:30 - 2005-09-21 19:30 - 000036864 _____ (ATK) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\inter_f2.dll
2010-11-15 11:38 - 2010-11-15 11:38 - 000017920 _____ (Burgaud.com) [File not signed] C:\Program Files (x86)\SciTE\wscitecm64.dll
2019-03-05 21:16 - 2019-03-05 21:16 - 000113152 _____ (Don HO don.h@free.fr) [File not signed] C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll
2011-05-25 02:09 - 2011-05-25 02:09 - 000227840 _____ (eCareme Technologies, Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll
2011-07-28 03:48 - 2011-07-28 03:48 - 000274432 _____ (eCareme Technologies, Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\eCaremeDLL.dll
2011-07-29 04:37 - 2011-07-29 04:37 - 004526080 _____ (eCareme Technologies, Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\XPClient.dll
2011-04-27 23:22 - 2011-04-27 23:22 - 002891264 _____ (FreeImage) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\FreeImage.dll
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-10-24 15:22 - 2010-12-20 19:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2019-07-27 05:18 - 2019-08-29 11:25 - 000377856 _____ (Mozilla Foundation) [File not signed] C:\Program Files (x86)\Pale Moon\freebl3.dll
2011-05-17 12:32 - 2011-05-17 12:32 - 000331776 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\RtlLib.dll
2011-05-17 12:31 - 2011-05-17 12:31 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\IpLib.dll
2005-01-13 02:36 - 2005-01-13 02:36 - 000303104 _____ (Silicon Integrated Systems Corp.) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\SiSPkt.dll
2009-10-28 20:41 - 2009-10-28 20:41 - 000270336 _____ (The Apache Software Foundation) [File not signed] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\log4net.dll
2011-05-17 12:31 - 2011-05-17 12:31 - 001069056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12682 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-07 08:39 - 2016-07-07 08:46 - 000450826 _____ C:\windows\system32\drivers\etc\hosts

127.0.0.1   www.abcnews.com.co
127.0.0.1   abcnews.com.co
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info

There are 15467 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\happy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{739D8E39-AC66-4445-A1F3-2F2365EF372A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{5FAEA3D0-04C4-48D8-B56A-804C62FC48FA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{216BA990-CB07-4A66-8C03-F73F788F8988}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{2732787A-81D8-45E2-B1BD-0DC4B57EF6EA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{D39AFA0C-1F5D-40D7-BE6A-51CDAE68901C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{5C3D228C-BDC9-451D-87CE-24C8C79C31B0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{907EEC08-83E6-4678-9CF7-1CF1320AFC64}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{582C1719-5669-487A-8344-11281C0C91BF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{73CFBD81-4061-4327-B98D-F853FC169BA8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{08BEBA5B-2D0E-4B40-80FF-E4CEACCAB908}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{35C97E34-A8DD-4D65-B3EA-F42EF1B59D8F}C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe] => (Block) C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe (GitHub, Inc.) [File not signed]
FirewallRules: [UDP Query User{49A5C5AC-A0BC-4713-A64C-C6B9B6E4A62D}C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe] => (Block) C:\users\happy\desktop\downloads here\lighttable-0.8.1-windows\lighttable-0.8.1-windows\lighttable.exe (GitHub, Inc.) [File not signed]
FirewallRules: [TCP Query User{9144930E-2B3E-4754-A873-23004A554908}D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe] => (Block) D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe No File
FirewallRules: [UDP Query User{59525DBB-179B-4D7F-8DA1-5E5C788C9C6A}D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe] => (Block) D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe No File
FirewallRules: [{9A87956E-EC1E-4178-80D4-F2BD6584AD4B}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{3DE216D4-2EA5-405A-A67C-31708B6D25E4}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{0AAC5364-72C7-4410-8800-0DD630AFAD19}] => (Allow) C:\Program Files (x86)\Basilisk\basilisk.exe No File
FirewallRules: [{D4A50239-F2E0-4E18-9790-A2F59CA4FAE2}] => (Allow) C:\Program Files (x86)\Basilisk\basilisk.exe No File
FirewallRules: [{CB54FF73-BD4C-49A8-A131-148FC97AFC38}] => (Allow) C:\Program Files\Opera\60.0.3255.27\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{B695984A-C329-4949-8EEE-E53157FEE342}C:\users\happy\desktop\tor browser\browser\firefox.exe] => (Block) C:\users\happy\desktop\tor browser\browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [UDP Query User{6E964137-062D-47E3-A4AF-BF74BFF6C6DA}C:\users\happy\desktop\tor browser\browser\firefox.exe] => (Block) C:\users\happy\desktop\tor browser\browser\firefox.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{BD670C61-E309-4862-AB75-AB4FA22FD4F6}] => (Allow) C:\Program Files\Basilisk\basilisk.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{6A647BD6-AADD-48C7-94A4-ADA762C360DF}] => (Allow) C:\Program Files\Basilisk\basilisk.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{302B85E0-7377-4027-9063-04478EEC56C5}] => (Allow) C:\Program Files\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CC670390-7F4E-42AF-A065-03C2F9BABB9C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9EBD2AF6-7B6A-4E49-AEEE-5184AAB11C7B}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Mozilla Corporation)
FirewallRules: [{3ABC81F6-5159-49A5-9A34-F6586A78FFAC}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Mozilla Corporation)
FirewallRules: [{9B21FF0D-3EDB-4D80-B710-66EA8E33B59B}] => (Allow) C:\Program Files\Opera\63.0.3368.53\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2019 11:34:23 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (09/02/2019 11:34:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.24000, time stamp: 0x5a499a8d
Exception code: 0xc0000006
Fault offset: 0x000000000001b7bd
Faulting process id: 0xce0
Faulting application start time: 0x01d561ac31ea4ca3
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 84e90ad8-cd9f-11e9-b2c5-3085a90a3db5

Error: (09/02/2019 11:32:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (09/02/2019 11:32:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.24000, time stamp: 0x5a499a8d
Exception code: 0xc0000006
Fault offset: 0x000000000001b7bd
Faulting process id: 0x1690
Faulting application start time: 0x01d561abe2c6ece7
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 3662c5ee-cd9f-11e9-b2c5-3085a90a3db5

Error: (09/02/2019 11:29:57 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1167706805-3652461753-1077729752-1000.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (09/02/2019 11:29:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.24000, time stamp: 0x5a499a8d
Exception code: 0xc0000006
Fault offset: 0x000000000001b7bd
Faulting process id: 0x500
Faulting application start time: 0x01d5617825ad3f68
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: e67c355b-cd9e-11e9-b2c5-3085a90a3db5

Error: (09/02/2019 05:32:14 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy16 - 00000000000000C8,0x0053c198,00000000002FF020,0,00000000002FE010,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (09/02/2019 04:36:22 AM) (Source: Firefox) (EventID: 52) (User: )
Description: Event-ID 52


System errors:
=============
Error: (09/03/2019 05:58:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/03/2019 05:43:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (09/03/2019 05:40:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/03/2019 05:37:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:33:34 AM on ‎9/‎3/‎2019 was unexpected.

Error: (09/03/2019 05:34:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/03/2019 05:33:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/02/2019 11:34:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 3 time(s).

Error: (09/02/2019 11:32:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================

Date: 2015-08-01 15:16:58.310
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:58.294
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:58.279
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:58.263
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.499
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.483
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.467
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-01 15:16:57.467
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

==================== Memory info ===========================

BIOS: American Megatrends Inc. K54C.207 04/18/2012
Motherboard: ASUSTeK Computer Inc. K54C
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 91%
Total physical RAM: 4000.13 MB
Available physical RAM: 356.11 MB
Total Virtual: 7998.39 MB
Available Virtual: 4022.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:37.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:147.96 GB) (Free:30.87 GB) NTFS

\\?\Volume{bef42f45-3ce8-11e3-8882-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0ED6495C)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=125 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19713
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Happy Labor Day, Here's my stuff
« Reply #3 on: September 03, 2019, 02:06:20 PM »
Thank you for the log,  In your original post you mentioned:

Quote
I noticed some out-of-date browser folder BUs show from my scans, if they're confusing, I can move them to another folder & redo. Lemme know.

Although Firefox is shown as your default browser, there are certainly quite a few browsers in the Addition.txt that you posted today.  There are definitely out-of-date browsers that need to be uninstalled:

Opera 12.16
Opera Stable 60.0.3255.70
Safari Version: 5.34.57.2
SeaMonkey 2.49.4


Out of curiosity, in addition to Internet Explorer and your primary FF, is there a special reason you have five additional browsers installed?  I can understand aving a backup but that many?  :)  (Basilisk 52.9.2019.03.27, Mozilla Firefox 68.0.2, Opera Stable 63.0.3368.53, Pale Moon 28.7.0, Vivaldi Version: 2.7.1628.30, Waterfox 56.2.12) as well as signs of Epic Privacy browser and Maxthon.

1.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {0AEFE3C1-0C25-4C8F-BD16-976785226767} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F1F666BA-3D7B-4274-8D95-4BB002002540} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F5255F09-864E-4907-B017-417DC2FA7DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\n8i1vt93.default-1565580858196 [not found] <==== ATTENTION
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\status4evar@caligonstudios.com.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\viewext@lissak.fr.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\zoompage@DW-dev.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\clickclean@hotcleaner.com [not found]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
C:\ProgramData\Temp:5C321E34 [125]
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
FirewallRules: [{739D8E39-AC66-4445-A1F3-2F2365EF372A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{5FAEA3D0-04C4-48D8-B56A-804C62FC48FA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{216BA990-CB07-4A66-8C03-F73F788F8988}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{2732787A-81D8-45E2-B1BD-0DC4B57EF6EA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{D39AFA0C-1F5D-40D7-BE6A-51CDAE68901C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{5C3D228C-BDC9-451D-87CE-24C8C79C31B0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{73CFBD81-4061-4327-B98D-F853FC169BA8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{08BEBA5B-2D0E-4B40-80FF-E4CEACCAB908}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{9144930E-2B3E-4754-A873-23004A554908}D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe] => (Block) D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe No File
FirewallRules: [UDP Query User{59525DBB-179B-4D7F-8DA1-5E5C788C9C6A}D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe] => (Block) D:\0000\0000-comp\archives\arch11 - sniffers\wireshark - win\win\winportable\wiresharkportable\app\wireshark\extcap\udpdump.exe No File
FirewallRules: [{0AAC5364-72C7-4410-8800-0DD630AFAD19}] => (Allow) C:\Program Files (x86)\Basilisk\basilisk.exe No File
FirewallRules: [{D4A50239-F2E0-4E18-9790-A2F59CA4FAE2}] => (Allow) C:\Program Files (x86)\Basilisk\basilisk.exe No File
C:\Program Files\Common Files\mcafee
C:\Program Files (x86)\Maxthon
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
2.  Please run the internal disk checker program: 
  • Click Start and select "Computer"
  • Right-click C:
  • Select the "Tools" tab
  • In the Error-checking area, click "Check Now"
  • Click "Start"
  • Check the option to "Automatically fix file system errors" and click Start.
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer.  Click "Schedule disk check" and then restart the computer, allowing disk check to run at startup.

3.  To find the disk check log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.
  • Double-click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Happy Labor Day, Here's my stuff
« Reply #4 on: September 05, 2019, 04:03:16 PM »
Hi there.
I use different browsers mainly to check that code I've written works in all of them.
Opera Stable 60 I don't understand. Opera updated itself from earlier versions & is now 63 when launched. 12.16 I never use.
Epic & Maxthon I uninstalled long ago, apparently there are still unwanted specks of them sitting around.
Blisk alerted me to an issue one of my websites had when viewed on a wide screen. *Thank you, Blisk!* I deleted it tho, the free version doesn't work long before shutting off.
SeaMonkey 2.49.4 is out-of-date, I see the newest build is SeaMonkey 2.49.5. Is this dangerous to use?
I have Vivaldi because some sites/code only plays nice with Google's Chrome, which I dislike for privacy reasons.
I use some browsers only to view HTML files locally. FF is a fantastic browser but they've made some decisions that screw me up. Googling, I found users who had the same problem who used about:config to change a security setting as a fix. (One of the newer builds starting killing some three.js code when run locally- it still runs in current builds of Vivaldi & Opera & Paper Moon.)
Also, when a website doesn't like one browser, after I've turned off addons etc, often I find simply find using another browser does the trick.
Each browser comes with strengths & limitations. I'll like one for privacy, but it's slow, or another for its large selection of addons but... etc etc.
 :D I also think it's kind of fun playing with browsers.
Anyway, thanks. I'll do FRST now.
Take care.


Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Happy Labor Day, Here's my stuff
« Reply #5 on: September 05, 2019, 04:23:34 PM »
I assume it's a false positive, but Microsoft Security Essentials just quarantined my copy of FRST64.exe
with this info:
Trojan:Win32/Occamy.B
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
  ##
Should I be concerned here?
  ##
- Corrine, your directions reference copying that code- but not pasting it. I assume that after I launch by right-clicking as admin, I paste the code into a box that opens? It's probably self-explanatory, once I launch the thing.
If this false positive is familiar to you, I'll retrieve and run the FRST64.exe app
Thanks! Hope all is well (& sorry I missed your birthday- Happy Birthday, 1 mo late!)  ;D

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19713
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Happy Labor Day, Here's my stuff
« Reply #6 on: September 05, 2019, 04:32:41 PM »
FIRST was changed so that all you need to do now is copy the code and after launching as Admin, merely click the Fix button. 

Yes, it is safe. I've had to do the same on Windows 10 when testing.

Thank you for the birthday wishes.  It just goes to show you haven't visited here in a while -- although that means you haven't had any problems in a while which is good.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Happy Labor Day, Here's my stuff
« Reply #7 on: September 17, 2019, 06:13:57 PM »
Hi,  Corrine.
As sys7 won't be maintained by Microsoft much longer, I'm trying to keep this computer alive until I can get a new one with sys10.
Since posting this, I've had some issues I've managed to fix- with one exception.
I create a System Restore point, it exists afterward- I know because I'll check- then as soon as I click "OK" & try to find it again, it says no System Restore Points exist.
I Googled & tried a few fixes, none have worked to solve this- is there anything you could advise trying?
 - I fixed severe crashing I was having during Sleep/Hiberate mode by setting to "HD never turns off"- & disabled Search entirely (which was maxing out memory & crashing me. I'd set Search to be quite thorough, this worked for yrs without any problems. I may be able to tweak Search settings as a fix, but, since I turned Search off, no crashing- So at least I've isolated that problem).

 ** Probably not safe to run the FIRST fix until I get System Restore working.
I have 37.5 GB free on my C drive & 28.3 GB free on D.
My Sys Restore is set to defaults, Max Use: 10% / 12.5 GB
I've had several crashes that may have corrupted a file somewhere.
I've run Tools-Error Checking ("automatically fix file system errors") on both C & D drives.
I *haven't* deleted & rebuild the pagefile.sys file, since it sounds like that problem occurs when a computer reboots.
https://neosmart.net/wiki/no-system-restore-points/
Thanks.
- Apologies that it's taken so long for me to get back to you. In addition to the computer issues noted, I'm in area where the electricity cuts out during rain/storms & currently I don't have a UPS battery backup.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19713
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Happy Labor Day, Here's my stuff
« Reply #8 on: September 17, 2019, 08:45:39 PM »
Take a look at the FRST script I posted and note that it is essentially removing leftovers.  Note the "no file" indication at the end of the lines.  That said, it is likely that you are not allotting enough space for System Restore.  The current usage of my primary device is 11.98 GB.  Open System Restore and click the button for "Configure".  See how much the Current Usage is as compared to the 12.5 GB you have allotted.  Try increasing it a small amount -- perhaps 12% instead of 10%.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Happy Labor Day, Here's my stuff
« Reply #9 on: September 19, 2019, 09:00:56 PM »
Hi Corrine.
that didn't work  >:(
i configured for 12% - 15 GB (which failed), and 15% - 18.75 GB (same thing).
 - i started getting this, which i think is new:
 "do you want to allow the following program from an unknown publisher to make changes to your computer?" - rstrui.exe
- i can create a restore point just fine, but it evaporates quickly.
- i got this error message once for some reason:
"The restore point could not be created for the following reason:
The specified object was not found (0x80042308)"


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19713
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Happy Labor Day, Here's my stuff
« Reply #10 on: September 19, 2019, 09:15:34 PM »
In searching the error message you received, the instructions provided in Error 0x80042308 when attempting to set a system restore point. - Microsoft Community worked for some but not others.  In other results, I've all seen it is a result of failing hardware.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Happy Labor Day, Here's my stuff
« Reply #11 on: September 19, 2019, 10:54:15 PM »
 :'(
i think this computer may be toast.
       ####           ####
- when i launch rstrui.exe, i get the following error in event viewer (i also generate the same error each time i try to create a restore point) :
Log Name:      Application
Source:        Microsoft-Windows-CAPI2
Date:          9/19/2019 6:34:56 PM
Event ID:      256
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      lappy
Description:
The Cryptographic Services service failed to initialize the Catalog Database. The error was: 1117 (0x45d) : The request could not be performed because of an I/O device error.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
    <EventID Qualifiers="0">256</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2019-09-19T23:34:56.068824100Z" />
    <EventRecordID>80884</EventRecordID>
    <Correlation />
    <Execution ProcessID="1176" ThreadID="3264" />
    <Channel>Application</Channel>
    <Computer>lappy</Computer>
    <Security />
  </System>
  <EventData>
    <Data>1117 (0x45d)</Data>
    <Data>The request could not be performed because of an I/O device error.
</Data>
  </EventData>
</Event>
       ####           ####
- Closing system restore results in a different error:

Log Name:      System
Source:        volsnap
Date:          9/19/2019 6:42:26 PM
Event ID:      14
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      lappy
Description:
The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="volsnap" />
    <EventID Qualifiers="49158">14</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2019-09-19T23:42:26.319417600Z" />
    <EventRecordID>622310</EventRecordID>
    <Channel>System</Channel>
    <Computer>lappy</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\HarddiskVolumeShadowCopy37</Data>
    <Data>C:</Data>
    <Data>C:</Data>
    <Binary>0000000003003000000000000E0006C00B000000850100C003000000000000000000000000000000</Binary>
  </EventData>
</Event>

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19713
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Happy Labor Day, Here's my stuff
« Reply #12 on: September 20, 2019, 12:40:06 AM »
Let's see if this helps.

1.  Run System File Checker:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
Code: [Select]
sfc /scannow
2.  Next, please run the internal disk checker program: 
  • Click Start and select "Computer"
  • Right-click C:
  • Select the "Tools" tab
  • In the Error-checking area, click "Check Now"
  • Click "Start"
  • Check the option to "Automatically fix file system errors" and click Start.
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer.  Click "Schedule disk check" and then restart the computer, allowing disk check to run at startup.

3.  To find the disk check log that is produced please download ListChkdskResult by SleepyDude to the desktop.
  • Double-click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Happy Labor Day, Here's my stuff
« Reply #13 on: September 20, 2019, 08:17:51 PM »
### Here goes :
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 9/20/2019 4:12:56 PM >------
Category: 0
Computer Name: lappy
Event Code: 26214
Record Number: 81041
Source Name: Chkdsk
Time Written: 09-20-2019 @ 04:47:08
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  966912 file records processed.                                         

File verification completed.
  19 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  1058206 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  966912 file SDs/SIDs processed.                                       

Security descriptor verification completed.
  45648 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35121304 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 124331224 KB in 882149 files.
    408168 KB in 45649 indexes.
   1072031 KB in use by the system.
     65536 KB occupied by the log file.
  29339936 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
   7334984 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 26212
Record Number: 81039
Source Name: Chkdsk
Time Written: 09-20-2019 @ 04:32:37
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  966912 file records processed.                                         

File verification completed.
  19 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  1058206 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  966912 file SDs/SIDs processed.                                       

Security descriptor verification completed.
  45648 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35120696 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 124736200 KB in 882149 files.
    408168 KB in 45649 indexes.
   1072031 KB in use by the system.
     65536 KB occupied by the log file.
  28934960 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
   7233740 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 1001
Record Number: 81008
Source Name: Microsoft-Windows-Wininit
Time Written: 09-20-2019 @ 04:09:54
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
Read failure with status 0xc00000b5 at offset 0x12bd0ca000 for 0x1000 bytes.
File record segment 223900 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0ca000 for 0x1000 bytes.
File record segment 223901 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0ca000 for 0x1000 bytes.
File record segment 223902 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0ca000 for 0x1000 bytes.
File record segment 223903 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e6000 for 0x1000 bytes.
File record segment 224012 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e6000 for 0x1000 bytes.
File record segment 224013 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e6000 for 0x1000 bytes.
File record segment 224014 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e6000 for 0x1000 bytes.
File record segment 224015 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e9000 for 0x1000 bytes.
File record segment 224024 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e9000 for 0x1000 bytes.
File record segment 224025 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e9000 for 0x1000 bytes.
File record segment 224026 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0e9000 for 0x1000 bytes.
File record segment 224027 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0ec000 for 0x1000 bytes.
File record segment 224036 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0ec000 for 0x1000 bytes.
File record segment 224037 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0ec000 for 0x1000 bytes.
File record segment 224038 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd0ec000 for 0x1000 bytes.
File record segment 224039 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd15c000 for 0x1000 bytes.
File record segment 224484 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd15c000 for 0x1000 bytes.
File record segment 224485 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd15c000 for 0x1000 bytes.
File record segment 224486 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bd15c000 for 0x1000 bytes.
File record segment 224487 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12be99d000 for 0x1000 bytes.
File record segment 249320 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12be99d000 for 0x1000 bytes.
File record segment 249321 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12be99d000 for 0x1000 bytes.
File record segment 249322 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12be99d000 for 0x1000 bytes.
File record segment 249323 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffb0000 for 0x1000 bytes.
File record segment 271924 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffb0000 for 0x1000 bytes.
File record segment 271925 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffb0000 for 0x1000 bytes.
File record segment 271926 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffb0000 for 0x1000 bytes.
File record segment 271927 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc5000 for 0x1000 bytes.
File record segment 272008 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc5000 for 0x1000 bytes.
File record segment 272009 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc5000 for 0x1000 bytes.
File record segment 272010 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc5000 for 0x1000 bytes.
File record segment 272011 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc6000 for 0x1000 bytes.
File record segment 272012 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc6000 for 0x1000 bytes.
File record segment 272013 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc6000 for 0x1000 bytes.
File record segment 272014 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffc6000 for 0x1000 bytes.
File record segment 272015 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffd1000 for 0x1000 bytes.
File record segment 272056 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffd1000 for 0x1000 bytes.
File record segment 272057 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffd1000 for 0x1000 bytes.
File record segment 272058 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12bffd1000 for 0x1000 bytes.
File record segment 272059 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12c107c000 for 0x1000 bytes.
Deleted corrupt attribute list entry
with type code 128 in file 288659.
Unable to find child frs 0x46964 with sequence number 0x3.
The attribute of type 0x80 and instance tag 0x0 in file 0x46793
has allocated length of 0xd190000 instead of 0xc830000.
Deleted corrupt attribute list entry
with type code 128 in file 288659.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x80000000001699.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 5785.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x78f00000000ad6c.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 44396.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x700000004650f.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288015.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xe000000046794.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288660.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xa000000046795.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288661.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6000000046796.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288662.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x9000000046797.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288663.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x7000000046798.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288664.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6000000046799.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288665.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x600000004679a.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288666.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x500000004679b.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288667.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x500000004679c.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288668.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x500000004679d.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288669.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x500000004679e.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288670.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467a1.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288673.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467a2.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288674.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467a4.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288676.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467a5.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288677.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467a6.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288678.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467a7.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288679.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467ab.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288683.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467b5.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288693.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467b6.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288694.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x60000000467b9.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288697.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467cb.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288715.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467cc.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288716.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x50000000467db.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288731.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x80000000467fc.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288764.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x40000000467fd.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288765.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4000000046801.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288769.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x7000000046803.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288771.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x5000000046813.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288787.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4000000046847.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 288839.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x3000000046901.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 289025.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x3000000046926.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 289062.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x3000000046928.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 289064.
Read failure with status 0xc00000b5 at offset 0x12c107c000 for 0x1000 bytes.
File record segment 289124 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12c107c000 for 0x1000 bytes.
File record segment 289125 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12c107c000 for 0x1000 bytes.
File record segment 289126 is unreadable.
Read failure with status 0xc00000b5 at offset 0x12c107c000 for 0x1000 bytes.
File record segment 289127 is unreadable.
  322560 file records processed.                                         

File verification completed.
Deleting orphan file record segment 5785.
Deleting orphan file record segment 44396.
Deleting orphan file record segment 288015.
  2954 large file records processed.                                   

Read failure with status 0xc00000b5 at offset 0x12bd0ca000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0ca400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0ca800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0cac00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e6000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e6400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e6800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e6c00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e9000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e9400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e9800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0e9c00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0ec000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0ec400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0ec800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd0ecc00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd15c000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd15c400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd15c800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bd15cc00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12be99d000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12be99d400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12be99d800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12be99dc00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffb0000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffb0400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffb0800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffb0c00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffc5000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffc5400 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffc5800 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffc5c00 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffc6000 for 0x400 bytes.
Read failure with status 0xc00000b5 at offset 0x12bffc6400 for 0x400 bytes.
Read failure with status 0xc00000b
-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 1001
Record Number: 80357
Source Name: Microsoft-Windows-Wininit
Time Written: 09-11-2019 @ 20:10:20
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  322560 file records processed.                                         

File verification completed.
  2983 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  419750 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  322560 file SDs/SIDs processed.                                       

Cleaning up 24 unused index entries from index $SII of file 0x9.
Cleaning up 24 unused index entries from index $SDH of file 0x9.
Cleaning up 24 unused security descriptors.
Security descriptor verification completed.
  48596 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36103472 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 131100671 KB total disk space.
  90760892 KB in 211421 files.
    165884 KB in 48597 indexes.
         4 KB in bad sectors.
    431863 KB in use by the system.
     65536 KB occupied by the log file.
  39742028 KB available on disk.

      4096 bytes in each allocation unit.
  32775167 total allocation units on disk.
   9935507 allocation units available on disk.

Internal Info:
00 ec 04 00 bd f7 03 00 b8 50 07 00 00 00 00 00  .........P......
72 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  r...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 26214
Record Number: 80347
Source Name: Chkdsk
Time Written: 09-11-2019 @ 19:45:41
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  966912 file records processed.                                         

File verification completed.
  19 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  1058202 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  966912 file SDs/SIDs processed.                                       

Cleaning up 2 unused index entries from index $SII of file 0x9.
Cleaning up 2 unused index entries from index $SDH of file 0x9.
Cleaning up 2 unused security descriptors.
Security descriptor verification completed.
  45646 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37634224 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 121953432 KB in 882090 files.
    408168 KB in 45647 indexes.
   1074911 KB in use by the system.
     65536 KB occupied by the log file.
  31714848 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
   7928712 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 26214
Record Number: 79939
Source Name: Chkdsk
Time Written: 09-02-2019 @ 10:30:06
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  966912 file records processed.                                         

File verification completed.
  19 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  1058404 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  966912 file SDs/SIDs processed.                                       

Security descriptor verification completed.
  45747 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34238304 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 121115288 KB in 920644 files.
    409620 KB in 45748 indexes.
   1071327 KB in use by the system.
     65536 KB occupied by the log file.
  32555124 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
   8138781 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 1001
Record Number: 79916
Source Name: Microsoft-Windows-Wininit
Time Written: 09-02-2019 @ 10:16:06
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  322560 file records processed.                                         

File verification completed.
  2983 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  420034 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  322560 file SDs/SIDs processed.                                       

Cleaning up 30 unused index entries from index $SII of file 0x9.
Cleaning up 30 unused index entries from index $SDH of file 0x9.
Cleaning up 30 unused security descriptors.
Security descriptor verification completed.
  48738 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34466240 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 131100671 KB total disk space.
  90781284 KB in 211387 files.
    165776 KB in 48739 indexes.
         4 KB in bad sectors.
    430067 KB in use by the system.
     65536 KB occupied by the log file.
  39723540 KB available on disk.

      4096 bytes in each allocation unit.
  32775167 total allocation units on disk.
   9930885 allocation units available on disk.

Internal Info:
00 ec 04 00 29 f8 03 00 cf 50 07 00 00 00 00 00  ....)....P......
75 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  u...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 26214
Record Number: 79415
Source Name: Chkdsk
Time Written: 08-24-2019 @ 16:58:57
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  966912 file records processed.                                         

File verification completed.
  19 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  1058354 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  966912 file SDs/SIDs processed.                                       

Security descriptor verification completed.
  45722 data files processed.                                           

CHKDSK is verifying Usn Journal...
  33903752 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 125344852 KB in 920501 files.
    409552 KB in 45723 indexes.
   1071327 KB in use by the system.
     65536 KB occupied by the log file.
  28325628 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
   7081407 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 1001
Record Number: 79392
Source Name: Microsoft-Windows-Wininit
Time Written: 08-24-2019 @ 16:42:30
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  322560 file records processed.                                         

File verification completed.
  2983 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  420352 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  322560 file SDs/SIDs processed.                                       

Cleaning up 38 unused index entries from index $SII of file 0x9.
Cleaning up 38 unused index entries from index $SDH of file 0x9.
Cleaning up 38 unused security descriptors.
Security descriptor verification completed.
  48897 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35993592 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 131100671 KB total disk space.
  91206208 KB in 213262 files.
    166532 KB in 48898 indexes.
         4 KB in bad sectors.
    431663 KB in use by the system.
     65536 KB occupied by the log file.
  39296264 KB available on disk.

      4096 bytes in each allocation unit.
  32775167 total allocation units on disk.
   9824066 allocation units available on disk.

Internal Info:
00 ec 04 00 1b 00 04 00 b1 5d 07 00 00 00 00 00  .........]......
77 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  w...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 1001
Record Number: 78739
Source Name: Microsoft-Windows-Wininit
Time Written: 08-10-2019 @ 17:16:30
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  322560 file records processed.                                         

File verification completed.
  2979 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  419794 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  322560 file SDs/SIDs processed.                                       

Cleaning up 22 unused index entries from index $SII of file 0x9.
Cleaning up 22 unused index entries from index $SDH of file 0x9.
Cleaning up 22 unused security descriptors.
Security descriptor verification completed.
  48618 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37736912 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 131100671 KB total disk space.
  91086092 KB in 214397 files.
    166596 KB in 48619 indexes.
         4 KB in bad sectors.
    433127 KB in use by the system.
     65536 KB occupied by the log file.
  39414852 KB available on disk.

      4096 bytes in each allocation unit.
  32775167 total allocation units on disk.
   9853713 allocation units available on disk.

Internal Info:
00 ec 04 00 73 03 04 00 65 64 07 00 00 00 00 00  ....s...ed......
76 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  v...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 26214
Record Number: 78712
Source Name: Chkdsk
Time Written: 08-10-2019 @ 02:52:37
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 5)...
  961280 file records processed.                                         

File verification completed.
  19 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 5)...
  1051218 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 5)...
  961280 file SDs/SIDs processed.                                       

Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
Security descriptor verification completed.
  44970 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35143400 USN bytes processed.                                           

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  961264 files processed.                                               

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  8067072 free clusters processed.                                       

Free space verification is complete.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 121409056 KB in 916059 files.
    407296 KB in 44971 indexes.
   1066719 KB in use by the system.
     65536 KB occupied by the log file.
  32268288 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
   8067072 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 1001
Record Number: 78065
Source Name: Microsoft-Windows-Wininit
Time Written: 07-28-2019 @ 05:21:48
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  322560 file records processed.                                         

File verification completed.
  2988 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  419668 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  322560 file SDs/SIDs processed.                                       

Cleaning up 153 unused index entries from index $SII of file 0x9.
Cleaning up 153 unused index entries from index $SDH of file 0x9.
Cleaning up 153 unused security descriptors.
Security descriptor verification completed.
  48555 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34361432 USN bytes processed.                                           

Usn Journal verification completed.
Read failure with status 0xc00000b5 at offset 0xbb9c5000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0xbb9cf000 for 0x1000 bytes.
Replacing bad clusters in logfile.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 131100671 KB total disk space.
  99049300 KB in 209943 files.
    164776 KB in 48556 indexes.
         4 KB in bad sectors.
    430119 KB in use by the system.
     65536 KB occupied by the log file.
  31456472 KB available on disk.

      4096 bytes in each allocation unit.
  32775167 total allocation units on disk.
   7864118 allocation units available on disk.

Internal Info:
00 ec 04 00 ce f1 03 00 9d 44 07 00 00 00 00 00  .........D......
4e 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  N...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 26214
Record Number: 78047
Source Name: Chkdsk
Time Written: 07-28-2019 @ 04:39:34
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  911360 file records processed.                                         

File verification completed.
  19 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  998488 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  911360 file SDs/SIDs processed.                                       

Cleaning up 2 unused index entries from index $SII of file 0x9.
Cleaning up 2 unused index entries from index $SDH of file 0x9.
Cleaning up 2 unused security descriptors.
Security descriptor verification completed.
  43565 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36568472 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 112404436 KB in 864533 files.
    384220 KB in 43566 indexes.
   1018327 KB in use by the system.
     65536 KB occupied by the log file.
  41344376 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
  10336094 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 26214
Record Number: 72146
Source Name: Chkdsk
Time Written: 03-03-2019 @ 03:59:06
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode. 

Checking file system on D:
Volume label is Data.

CHKDSK is verifying files (stage 1 of 3)...
  723200 file records processed.                                         

File verification completed.
  17 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  0 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  781560 index entries processed.                                       

Index verification completed.


CHKDSK is verifying security descriptors (stage 3 of 3)...
  723200 file SDs/SIDs processed.                                       

Cleaning up 5 unused index entries from index $SII of file 0x9.
Cleaning up 5 unused index entries from index $SDH of file 0x9.
Cleaning up 5 unused security descriptors.
Security descriptor verification completed.
  29181 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37665984 USN bytes processed.                                           

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 155151359 KB total disk space.
 105985956 KB in 660255 files.
    291860 KB in 29182 indexes.
    831103 KB in use by the system.
     65536 KB occupied by the log file.
  48042440 KB available on disk.

      4096 bytes in each allocation unit.
  38787839 total allocation units on disk.
  12010610 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: lappy
Event Code: 1001
Record Number: 72130
Source Name: Microsoft-Windows-Wininit
Time Written: 03-03-2019 @ 03:52:02
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (sta

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19713
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Happy Labor Day, Here's my stuff
« Reply #14 on: September 21, 2019, 04:54:54 PM »
Although the last of the logs were cut off due to the length, the log results show that ChkDsk has been run several times recently with the results from the last run showing "Read failure", "bad clusters" and "4 KB in bad sectors" which definitely indicates that the hard drive is failing.  I suggest that you run SeaTools.  It can test all brands of harddrives but only repairs SeaGate drives.

1.   Back up all important data.
2.   Download SeaTools from Software and Firmware Downloads | Seagate Support US SeaTools | Seagate
3.   There is a PDF tutorial here:  SeaTools for Windows Guide

Note:  The process with SeaTools can take a very long time.  I've suggested it because I've used it before.  However, there are other tools available that do run faster that you may wish to try instead.  For example, Hard Disk Sentinel has a free trial:  https://www.hdsentinel.com/


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.