Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - babyoh

Pages: [1] 2 3 ... 11
1
LandzDown Lounge / What's Everybody Using?
« on: September 02, 2019, 12:47:37 PM »
I use MS Security Essentials, Spyware Blaster, some various other tweaks like editing my HOSTS files, and that's about it.
My old vers of WinPatrol seems to work OK, although I know from posts I've seen, not to update it.
MBAM died on me a long time ago. I gave up & didn't upgrade because I could never get my questions answered in their forum.
Is AVAST FREE worth using? I just downloaded it.
Thanks.
Cheers, everybody.
 ;D

2
Analysis and Malware Removal / Happy Labor Day, Here's my stuff
« on: September 02, 2019, 12:17:38 PM »
 >:(
Mos ago, a regular Win update utterly trashed this computer (my win8 box updated just fine). Managed to get it working again by using System Restore.
A bunch of files had been deleted. I'd backed-up quite a bit & was able to put them back, at least the missing files I located. Interestingly, I noticed it took out a lot of .html files but would tend to leave others intact, including .BAK, .css etc.
Had various strange things happen since then. Slow start-ups, at times RAM use skyrockets, etc. Most recently, I noticed my MS Security app had "shut off"- "Microsoft Antimalware Service service terminated unexpectedly"- so, here I am!
(MS AV is working fine now, by the way. I simply rebooted.)
-- I noticed some out-of-date browser folder BUs show from my scans, if they're confusing, I can move them to another folder & redo. Lemme know.
Cheers. Thanks.
  ##
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by happy (administrator) on LAPPY (ASUSTeK Computer Inc. K54C) (02-09-2019 07:40:52)
Running from C:\Users\happy\Desktop\00000
Loaded Profiles: happy (Available Profiles: happy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) [File not signed]
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUSTeK Computer Inc. -> ASUS)
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios -> BillP Studios)
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2013-10-24]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe () [File not signed]
Startup: C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0000-Launch_BROWSERS.cmd [2019-08-15] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AEFE3C1-0C25-4C8F-BD16-976785226767} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {20851120-42F3-4C27-8020-70E8422C9E90} - System32\Tasks\Opera scheduled Autoupdate 1499952880 => C:\Program Files\Opera\launcher.exe [1520152 2019-08-27] (Opera Software AS -> Opera Software)
Task: {31C4EF86-EE62-488B-90E4-4438DDC78369} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4D5FACA0-B385-4511-9192-7C3BEB163646} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {87F619F3-E712-49E9-A5A5-80323CB92151} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1556640 2012-06-20] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {A741CCBC-CE0F-41FC-95B4-ECF9222B1F44} - System32\Tasks\{C95A24F3-5910-45DC-BF71-3DC579D2D404} => C:\windows\system32\pcalua.exe -a "C:\Users\happy\Desktop\DOWNLOADS HERE\irfanview_plugins_437_setup.exe" -d "C:\Users\happy\Desktop\DOWNLOADS HERE"
Task: {CDC6F1D0-992A-4B6A-9F14-FA9873939549} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [473728 2012-02-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F1F666BA-3D7B-4274-8D95-4BB002002540} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F5255F09-864E-4907-B017-417DC2FA7DC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7F5F0944-5C21-41EE-8BD6-BB8AB1089EB0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7A67B45-A19A-4987-8C05-DCF3D814347C}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1167706805-3652461753-1077729752-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1167706805-3652461753-1077729752-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1482688010082
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

FireFox:
========
FF DefaultProfile: 3vb57d2z.default
FF DefaultProfile: pmboff70.default
FF DefaultProfile: v0k5j5hr.default-1510011962003
FF DefaultProfile: n8i1vt93.default-1565580858196
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\n8i1vt93.default-1565580858196 [not found] <==== ATTENTION
FF DefaultProfile: 0h9ztolt.default
FF ProfilePath: C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default [2019-08-15]
FF Extension: (AdBlocker Ultimate) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\adblockultimate@adblockultimate.net.xpi [2019-08-12]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\clean-links@Cimbali.github.com.xpi [2019-08-12]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-08-12]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2019-08-12]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\uBlock0@raymondhill.net.xpi [2019-08-12]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\uMatrix@raymondhill.net.xpi [2019-08-12]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-08-12]
FF Extension: (Privacy Possum) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2019-08-12]
FF Extension: (Referrer Switch) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{033d950a-38b9-4976-b19e-5f9ed7d78daa}.xpi [2019-08-12]
FF Extension: (Download all Images) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2019-08-12]
FF Extension: (Disable JavaScript) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi [2019-08-12]
FF Extension: (Cookie Quick Manager) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2019-08-12]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2019-08-12]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-08-12]
FF Extension: (Markdown Viewer Webext) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2019-08-12]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2019-08-12]
FF Extension: (Random User-Agent) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{b43b974b-1d3a-4232-b226-eaa2ac6ebb69}.xpi [2019-08-12]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2019-08-12]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-12]
FF Extension: (javascript) - C:\Users\happy\AppData\Roaming\Waterfox\Profiles\3vb57d2z.default\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2019-08-12]
FF ProfilePath: C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default [2017-10-03]
FF NetworkProxy: WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-19] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (Screengrab (fix version)) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-07-21] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-13] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\SeaMonkey\Profiles\pmboff70.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-07-18] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-07-18] [Legacy]
FF Extension: (Screengrab (fix version)) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-01-01] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-03-30] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003 [2017-11-16]
FF DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
FF Homepage: WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003 -> hxxps://duckduckgo.com/
FF Extension: (Policy Control - JavaScript and Flash blocker) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\jid1-gHwvGmJ8Ii9oOq@jetpack.xpi [2017-11-16]
FF Extension: (Whitelist JavaScript) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\veto@myridia.com.xpi [2017-11-16]
FF Extension: (Javascript Control) - C:\Users\happy\AppData\Roaming\WAS_Mozilla_2017-11-6_CLEAN\Firefox\Profiles\v0k5j5hr.default-1510011962003\Extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi [2017-11-16]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default [2017-07-18]
FF NetworkProxy: MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\SeaMonkey\Profiles\pmboff70.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-17] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default [2017-07-18]
FF Homepage: MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default -> hxxps://duckduckgo.com/
FF Extension: (CanvasBlocker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2017-07-11] [Legacy]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\clickclean@hotcleaner.com [2017-07-18] [Legacy]
FF Extension: (colorPicker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\colorPicker@colorPicker.xpi [2017-02-20] [Legacy]
FF Extension: (Firebug) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (Valence) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\fxdevtools-adapters@mozilla.org [2017-07-18] [Legacy]
FF Extension: (Image Picker) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\ImagePicker@topolog.org [2017-07-18] [Legacy]
FF Extension: (DOM Inspector) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\inspector@mozilla.org [2017-07-18] [Legacy]
FF Extension: (Google search link fix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2017-01-31]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2016-09-21] [Legacy]
FF Extension: (Lightbeam) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-03-22] [Legacy]
FF Extension: (de-t-co) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-fJE7HYlCweigaA@jetpack.xpi [2016-09-14] [Legacy]
FF Extension: (SpeedView) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-MmDjnsjlez2Sdw@jetpack.xpi [2016-12-14] [Legacy]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-07-11]
FF Extension: (JavaScript View) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-u9RbFp9JcoEGGw@jetpack.xpi [2016-12-14] [Legacy]
FF Extension: (Google Redirects Fixer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2015-12-28] [Legacy]
FF Extension: (JavaScript Deobfuscator) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2016-12-06] [Legacy]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2017-07-08] [Legacy]
FF Extension: (Status-4-Evar) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\status4evar@caligonstudios.com.xpi [2016-11-26] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-12-14] [Legacy]
FF Extension: (ThumbsDown) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\thumbsdown@mozdev.org.xpi [2015-12-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-27] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Show external css/js files) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\viewext@lissak.fr.xpi [2016-12-14] [Legacy]
FF Extension: (NoSquint Plus) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\zoomlevelplus@zoomlevelplus.net.xpi [2017-04-24] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\zoompage@DW-dev.xpi [2017-03-03] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (FireShot) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-07-18] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2017-07-18] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-01] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-07-18] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-05-06] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-18] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-01] [Legacy]
FF Extension: (Default Full Zoom Level) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2017-07-18] [Legacy]
FF Extension: (DownThemAll!) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF Extension: (Theme Font & Size Changer) - C:\Users\happy\AppData\Roaming\MOZ_7.17.2017.BAK\Firefox\Profiles\6sbyeiyd.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-06-17] [Legacy]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\status4evar@caligonstudios.com.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\viewext@lissak.fr.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\zoompage@DW-dev.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [not found]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\6sbyeiyd.default\extensions\clickclean@hotcleaner.com [not found]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default [2019-07-30]
FF NetworkProxy: Mozilla\SeaMonkey\Profiles\pmboff70.default -> share_proxy_settings", true
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-19] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pmboff70.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-17] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release [2019-09-02]
FF Homepage: Mozilla\Firefox\Profiles\u6laa06p.default-release -> hxxps://start.duckduckgo.com/
FF Extension: (Firefox Multi-Account Containers) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\@testpilot-containers.xpi [2019-01-24]
FF Extension: (Firefox DevTools ADB Extension) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\adb@mozilla.org.xpi [2019-07-12] [UpdateUrl:hxxps://ftp.mozilla.org/pub/labs/devtools/adb-extension/win32/update.json]
FF Extension: (AdBlocker Ultimate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2019-08-12]
FF Extension: (CanvasBlocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\CanvasBlocker@kkapsner.de.xpi [2019-07-25]
FF Extension: (Clear Flash Cookies) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\clear-flash-cookies@cpeterso.com.xpi [2017-11-20]
FF Extension: (Cookie Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\cookie-manager@robwu.nl.xpi [2018-10-23]
FF Extension: (Cookie AutoDelete) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\CookieAutoDelete@kennydo.com.xpi [2019-04-29]
FF Extension: (Firebug) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
FF Extension: (Google search link fix) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2019-07-03]
FF Extension: (Firefox Lightbeam) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2018-02-18]
FF Extension: (Policy Control - JavaScript and Flash blocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-gHwvGmJ8Ii9oOq@jetpack.xpi [2018-02-08]
FF Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-07-10]
FF Extension: (Double-click Image Downloader) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-xgtdawe3yyUeBQ@jetpack.xpi [2018-05-16]
FF Extension: (google-no-tracking-url) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2017-08-22]
FF Extension: (Neat URL) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\neaturl@hugsmile.eu.xpi [2018-05-29]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2019-08-08]
FF Extension: (Skip Redirect) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\skipredirect@sblask.xpi [2019-06-15]
FF Extension: (Smart Referer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\smart-referer@meh.paranoid.pk.xpi [2018-09-21]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-07-27]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\uMatrix@raymondhill.net.xpi [2018-12-28]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2019-08-16]
FF Extension: (Whitelist JavaScript) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\veto@myridia.com.xpi [2018-04-26]
FF Extension: (NoSquint Plus) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\zoomlevelplus@zoomlevelplus.net.xpi [2017-11-11]
FF Extension: (Zoom Page WE) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\zoompage-we@DW-dev.xpi [2019-08-29]
FF Extension: (Download all Images) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2019-07-03]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (Javascript Control) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi [2017-11-20]
FF Extension: (Cookie Quick Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2019-08-12]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-08-20]
FF Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2019-07-03]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-07-11]
FF Extension: (Markdown Viewer Webext) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2019-07-14]
FF Extension: (Font Finder) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a658a273-612e-489e-b4f1-5344e672f4f5}.xpi [2019-04-07]
FF Extension: (EditThisCookie) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a6a5b521-62f8-48c1-ad86-702fd9f0e2c8}.xpi [2017-11-16]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2019-08-01]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-11-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-23]
FF Extension: (HTTP Header Live) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{ed102056-8b4f-43a9-99cd-6d1b25abe87e}.xpi [2019-08-20]
FF Extension: (Theme Font & Size Changer) - C:\Users\happy\AppData\Roaming\Mozilla\Firefox\Profiles\u6laa06p.default-release\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-11-15]
FF ProfilePath: C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default [2017-07-17]
FF Homepage: MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default -> hxxps://duckduckgo.com/
FF Extension: (Page Zoom Button) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-08-12] [Legacy]
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2017-02-17] [Legacy] [not signed]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\clickclean@hotcleaner.com [2017-07-17] [Legacy]
FF Extension: (Developer Tools) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\devtools@addons.palemoon.org.xpi [2016-12-14] [Legacy] [not signed]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2015-12-08] [Legacy]
FF Extension: (Proxy Privacy Ruler) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\pxruler@Off.JustOff.xpi [2017-07-15] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-28] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\zoompage@DW-dev.xpi [2017-03-03] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (FireShot) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-07-17] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2017-07-17] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2017-07-17] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-16] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-07-17] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-05-04] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-17] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-08-18] [Legacy]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\MOON_PROD.BAK\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF Extension: (Page Zoom Button) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-08-12] [Legacy]
FF Extension: (Zoom Page) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\zoompage@DW-dev.xpi [2017-08-17] [Legacy]
FF Extension: (Flashblock) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-08] [Legacy]
FF Extension: (HttpFox) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28] [Legacy]
FF Extension: (RefControl) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-28] [Legacy]
FF Extension: (ColorZilla) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05] [Legacy]
FF Extension: (NoScript) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-16] [Legacy]
FF Extension: (Live HTTP headers) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2016-04-28] [Legacy]
FF Extension: (Cookie Controller) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2017-08-06] [Legacy]
FF Extension: (Web Developer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-08-18] [Legacy]
FF Extension: (No Name) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (Click&Clean) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\clickclean@hotcleaner.com [2017-07-11] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-23] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default [2019-09-02]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default -> hxxps://start.duckduckgo.com/
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2018-04-10] [Legacy] [not signed]
FF Extension: (Block Content) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\blockcont@mdsy.xpi [2019-02-03] [Legacy] [not signed]
FF Extension: (Cookies Exterminator) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2019-04-16] [Legacy] [not signed]
FF Extension: (Developer Tools) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\devtools@addons.palemoon.org.xpi [2016-12-14] [Legacy] [not signed]
FF Extension: (Exif Viewer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\exif-viewer@asraskin.org.xpi [2019-04-26] [Legacy] [not signed]
FF Extension: (Random Agent Spoofer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2015-12-08] [Legacy]
FF Extension: (Proxy Privacy Ruler) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\pxruler@Off.JustOff.xpi [2019-04-16] [Legacy] [not signed]
FF Extension: (Save All Images) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\save-images-me@Off.JustOff.xpi [2019-04-24] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-20] [Legacy]
FF Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\uMatrix@raymondhill.net.xpi [2017-07-14] [Legacy]
FF Extension: (Unshorten.It!) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2016-04-28] [Legacy]
FF Extension: (Clean Links) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-09-11] [Legacy]
FF Extension: (Cookie Permissions Button) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{8e05f2af-03be-443e-a2b5-b4375a3a1930}.xpi [2018-08-14] [Legacy] [not signed]
FF Extension: (Cookie Masters) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{a04a71f3-ce74-4134-8f86-fae693b19e44}.xpi [2018-08-04] [Legacy] [not signed]
FF Extension: (Toggle JavaScript [Enabled/Disabled]) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{b5af16a6-105d-4a14-a5a6-c2b358b06a04}.xpi [2018-08-30] [Legacy] [not signed]
FF Extension: (User Agent Switcher) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\k1c3hz7u.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-28] [Legacy]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default [2019-07-12]
FF Extension: (Adblock Latitude) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Block Content) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\blockcont@mdsy.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (CanvasBlocker Legacy) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\CanvasBlocker@legacy.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Cookies Exterminator) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Exif Viewer) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\exif-viewer@asraskin.org.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (ScriptBlock) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\jsblock@4bebca82.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Calendate) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\{5b965352-430a-11e2-956a-13226188709b}.xpi [2019-06-02] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\happy\AppData\Roaming\Moonchild Productions\Basilisk\Profiles\0h9ztolt.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2019-06-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\happy\AppData\Roaming\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\oeytmn1z.default [2015-05-03]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1167706805-3652461753-1077729752-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\happy\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]

Opera:
=======
OPR DownloadDir: C:\Users\happy\Desktop\DOWNLOADS HERE
OPR Extension: (Zoom for Opera) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\agocngbnphnfdhpacecdpcpfphhdmoff [2019-07-11]
OPR Extension: (uMatrix) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\clblbeknmgobkgonndomehcjpckopfeh [2018-07-11]
OPR Extension: (Live HTTP Headers) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\djlgkpdankikgjpjmknpdabbegoaokli [2018-07-11]
OPR Extension: (Custom Style Script) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmnbfbgbgicodipenaajdcogalomcmph [2019-06-25]
OPR Extension: (YouTube High Definition) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2018-07-11]
OPR Extension: (User-Agent Switcher) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2018-07-11]
OPR Extension: (WebRTC Leak Prevent) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjabaljgaabcnmcoalhaldkmcfbojkkb [2018-07-11]
OPR Extension: (uBlock Origin) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2019-07-31]
OPR Extension: (Privacy Badger) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2019-07-09]
OPR Extension: (History Eraser) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2018-07-11]
OPR Extension: (User-Agent Switcher and Manager) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdhadkjmpbhfdmmoogneplmcpoelfggp [2019-08-17]
OPR Extension: (Magic Actions for YouTube™) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2019-04-15]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-08-17]
OPR Extension: (JavaScript Switcher) - C:\Users\happy\AppData\Roaming\Opera Software\Opera Stable\Extensions\pjljfckmhjnpbcgneijeeiimpkdjccob [2018-07-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUSTeK Computer Inc. -> ASUS)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AgereSoftModem; C:\windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (Microsoft Windows -> LSI Corp)
R3 asmthub3; C:\windows\System32\DRIVERS\asmthub3.sys [130024 2011-11-22] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R3 asmtxhci; C:\windows\System32\DRIVERS\asmtxhci.sys [395752 2011-11-22] (MCCI Internal Testing Software -> ASMedia Technology Inc)
S3 athr; C:\windows\System32\DRIVERS\athrx.sys [1394688 2009-06-19] (Microsoft Windows -> Atheros Communications, Inc.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] (ASUSTeK Computer Inc. ->  )
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 SiSGbeLH; C:\windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-02 07:08 - 2019-09-02 07:41 - 000000000 ____D C:\Users\happy\Desktop\00000
2019-09-02 05:14 - 2019-09-02 05:14 - 000003288 ____N C:\bootsqm.dat
2019-09-02 04:10 - 2019-09-02 07:40 - 000000000 ____D C:\FRST
2019-08-18 14:47 - 2019-08-18 14:48 - 000262144 _____ C:\windows\Minidump\081819-20217-01.dmp
2019-08-15 17:50 - 2019-08-15 17:50 - 000000773 _____ C:\Users\happy\Desktop\Start Tor Browser.lnk
2019-08-15 17:50 - 2019-08-15 17:50 - 000000000 ____D C:\Users\happy\Desktop\Tor Browser
2019-08-15 16:44 - 2019-08-17 18:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-12 03:45 - 2019-08-12 03:45 - 000000000 ____D C:\Users\happy\AppData\Roaming\WAS_FF_2019-8-11
2019-08-12 02:44 - 2019-08-17 18:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-12 02:44 - 2019-08-12 02:44 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-12 02:44 - 2019-08-12 02:44 - 000000926 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000884 _____ C:\Users\Public\Desktop\Waterfox.lnk
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Users\happy\AppData\Roaming\Waterfox
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Users\happy\AppData\Local\Waterfox
2019-08-12 00:59 - 2019-08-12 00:59 - 000000000 ____D C:\Program Files\Waterfox
2019-08-11 22:34 - 2019-08-11 22:34 - 000000000 ____D C:\Users\happy\Desktop\Old Firefox Data
2019-08-05 02:02 - 2019-08-05 02:02 - 000239398 _____ C:\Users\happy\AppData\Local\recently-used.xbel

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-02 07:08 - 2016-11-18 20:48 - 000000000 ____D C:\Users\happy\AppData\LocalLow\Mozilla
2019-09-02 06:53 - 2013-11-14 03:32 - 000003902 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4A7FB7E8-812B-4EFC-8112-5440817388C6}
2019-09-02 06:53 - 2013-11-11 11:40 - 000000000 ____D C:\Users\happy\AppData\Roaming\vlc
2019-09-02 06:10 - 2013-11-11 04:36 - 000000000 ____D C:\Users\happy\Desktop\DOWNLOADS HERE
2019-09-02 05:29 - 2009-07-13 23:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-02 05:29 - 2009-07-13 23:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-02 05:22 - 2013-11-11 03:44 - 000000380 _____ C:\Users\happy\AppData\Roaming\sp_data.sys
2019-09-02 05:22 - 2013-11-11 03:44 - 000000000 ___HD C:\ASUS.DAT
2019-09-02 05:21 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-09-02 05:06 - 2013-11-24 23:31 - 000000000 ____D C:\Users\happy\AppData\Roaming\BatteryBar
2019-09-02 05:04 - 2016-01-18 14:35 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-09-02 05:04 - 2013-10-24 15:29 - 000000000 ____D C:\ProgramData\Temp
2019-09-02 05:03 - 2019-05-13 06:27 - 000002298 _____ C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-09-02 05:03 - 2019-05-13 06:27 - 000002261 _____ C:\Users\happy\Desktop\Vivaldi.lnk
2019-09-02 05:03 - 2016-08-11 06:44 - 000000000 ____D C:\Users\happy\AppData\Local\Vivaldi
2019-09-02 04:36 - 2019-04-29 16:51 - 000000000 ____D C:\Users\happy\AppData\Local\Blisk
2019-08-30 16:54 - 2017-07-13 08:34 - 000003828 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1499952880
2019-08-30 16:54 - 2017-07-13 08:34 - 000000000 ____D C:\Program Files\Opera
2019-08-29 11:25 - 2015-04-25 01:12 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2019-08-18 14:47 - 2019-07-27 18:44 - 1096761027 _____ C:\windows\MEMORY.DMP
2019-08-18 14:47 - 2019-07-27 18:44 - 000000000 ____D C:\windows\Minidump
2019-08-18 05:35 - 2009-07-14 00:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2019-08-18 05:35 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2019-08-18 01:39 - 2015-04-25 01:12 - 000000000 ____D C:\Users\happy\AppData\Roaming\Moonchild Productions
2019-08-15 17:50 - 2017-06-06 00:34 - 000000821 _____ C:\Users\happy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2019-08-15 17:49 - 2013-11-11 05:47 - 000000000 ____D C:\Users\happy\Desktop\OLD
2019-08-12 03:42 - 2017-11-06 19:05 - 000000000 ____D C:\Users\happy\AppData\Roaming\Mozilla
2019-08-12 00:47 - 2013-11-11 10:19 - 000000000 ____D C:\ProgramData\Mozilla
2019-08-09 20:17 - 2018-12-20 12:36 - 000000000 ____D C:\Users\happy\Desktop\pat
2019-08-08 13:27 - 2009-07-13 23:45 - 000337648 _____ C:\windows\system32\FNTCACHE.DAT
2019-08-05 03:38 - 2018-07-04 05:25 - 000000000 ____D C:\Users\happy\.gimp-2.8
2019-08-04 06:58 - 2013-11-11 03:44 - 000072472 _____ C:\Users\happy\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories ================

2013-11-11 03:44 - 2019-09-02 05:22 - 000000380 _____ () C:\Users\happy\AppData\Roaming\sp_data.sys
2019-08-05 02:02 - 2019-08-05 02:02 - 000239398 _____ () C:\Users\happy\AppData\Local\recently-used.xbel
2016-01-23 18:43 - 2016-01-23 18:43 - 000007641 _____ () C:\Users\happy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-31 06:08
==================== End of FRST.txt ============================

  ##
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by happy (02-09-2019 07:42:31)
Running from C:\Users\happy\Desktop\00000
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-11 08:43:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1167706805-3652461753-1077729752-500 - Administrator - Disabled)
Guest (S-1-5-21-1167706805-3652461753-1077729752-501 - Limited - Disabled)
happy (S-1-5-21-1167706805-3652461753-1077729752-1000 - Administrator - Enabled) => C:\Users\happy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AkelPad 4.8.4 (HKLM-x32\...\AkelPad) (Version: 4.8.4 - )
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Packag

3
- i just had MSE alert me to the following:
Win32/ShellCode.gen!N
had been quarantined as 'very dangerous' - i deleted it.

- i hadn't been running a scan, as far as i know. was on Pinterest. i'd guess this was caught in Real-Time, but the 1st mention of this infection online is from *YESTERDAY* June 30th. (Microsoft are the only ones who've identified/mentioned it.)

i'm so careful regarding security, i'm really curious how i got infected.

 ** Anyway.
I couldn't get MSE to give me any further info then "Win32/ShellCode.gen!N"
-- Is there a way for me to find out THE PATH to where the infection was been found?

Also, are there any LOG FILES it generates? i can't find any.

i have some software that reportedly gets flagged (incorrectly) as malware; it'd be nice for me to have more info than on the "exploit"

-- i'm also curious *when* and HOW i got infected, as i'm so damn careful on here.
(any way to check on 'damage'- to see if exploit sent out passwords, etc?)

 ** More Details :
http://blogs.technet.com/b/mmpc/archive/2014/06/30/microsoft-digital-crimes-unit-disrupts-jenxcus-and-bladabindi-malware-families.aspx

4
Analysis and Malware Removal / mysterious crashes - here are logs
« on: June 27, 2014, 07:23:25 AM »
had freeze/crashes (win7 home) on the following dates:
6.1.2014, 6.14.2014, 6.19.2014, 6.25.2014

keyboard completely unresponsive (Ctrl-Alt-Delete)- had to hold down power button to turn off.

had multiple apps open each time. i *think* i was online with Firefox each crash.

nothing unusual shows in Event Viewer prior to crashes.
Firefox has been somewhat unstable- it crashes every 1-2 weeks, then recovers gracefully. it never causes system freeze.

all my scans are clean (MBAM, MSE).

ran sfc and Chkdsk- no problems reported.

-- used safe mode to set System Restore to go back to a point 5.14.2014; didn't help.

Oh: I had Process Explorer running during one crash, curious to see if any odd/rogue process turned on immediately prior to the problem.
both my screens froze upon crash; didn't notice anything unusual in PE.

- Anyway, here are my logs.
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by lappy5 at 2:42:04 on 2014-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16344.14045 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTlappy5k\WinHTTlappy5kIEBar.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{362F548B-D9B9-4190-9495-D9D9E1BDD8AE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6AFE652C-6D79-4464-96F5-B10F27E2D0A9} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lappy5\AppData\Roaming\Mozilla\Firefox\Profiles\bvvw60qn.default\
FF - prefs.js: browser.search.selectedEngine - SHODAN
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6457jj8f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-9 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-17 55856]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120]
R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe [2013-7-17 113840]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 FanChkService;Fan Filter Checker Service;C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [2012-1-20 45696]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-7-17 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-17 161560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-17 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-4-9 27760]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2013-7-17 17152]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-9 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-9 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-9 108656]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-4-9 22800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-4-9 2193008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-19 111616]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-27 02:43:41   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0A3FC53-5053-48FF-8AF6-BB99C3E9206A}\mpengine.dll
2014-06-25 10:53:14   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-24 22:59:46   1031560   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1AE4B994-0C3C-4A28-888A-01B466567101}\gapaengine.dll
2014-06-21 01:48:18   --------   d-----w-   C:\Users\lappy5\AppData\Roaming\WinPatrol
2014-06-21 01:47:54   --------   d-----w-   C:\ProgramData\InstallMate
2014-06-21 01:47:54   --------   d-----w-   C:\Program Files (x86)\BillP Studios
2014-06-21 00:33:14   122584   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-21 00:33:00   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-21 00:33:00   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-06-21 00:33:00   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 01:45:09   801280   ----a-w-   C:\Windows\System32\usp10.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2014-06-20 01:44:54   2002432   ----a-w-   C:\Windows\System32\msxml6.dll
2014-06-20 01:44:54   1882112   ----a-w-   C:\Windows\System32\msxml3.dll
2014-06-20 01:44:54   1389056   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2014-06-20 01:44:54   1237504   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2014-06-20 01:01:27   --------   d-----w-   C:\Windows\pss
2014-06-10 18:29:22   209408   ----a-w-   C:\Program Files\Internet Explorer\DiagnosticsTap.dll
.
==================== Find3M  ====================
.
2014-06-27 07:39:39   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-27 07:39:39   699056   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-27 07:22:06   380   ----a-w-   C:\Users\lappy5\AppData\Roaming\sp_data.sys
2014-05-30 10:02:37   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22   5782528   ----a-w-   C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22   2040832   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56   2266112   ----a-w-   C:\Windows\System32\wininet.dll
2014-05-30 07:56:50   4244992   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38   1964544   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10   1790976   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-05-12 12:25:56   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-04-25 02:06:17   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37   28160   ----a-w-   C:\Windows\System32\secur32.dll
2014-04-12 02:19:32   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05   31232   ----a-w-   C:\Windows\System32\lsass.exe
2014-04-12 02:12:06   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20   1903552   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09   288192   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH:  2:42:21.84 ===============

CHECKUP.txt
 Results of screen317's Security Check version 0.99.85 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 MVPS Hosts File 
 SpywareBlaster 5.0   
 Adobe Flash Player 14.0.0.125 
 Adobe Reader XI 
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

 ***
ATTACH.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2013 12:01:10 AM
System Uptime: 6/27/2014 2:21:18 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | G75VW
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz | SOCKET 0 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 348 GiB total, 142.787 GiB free.
D: is FIXED (NTFS) - 559 GiB total, 141.131 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP155: 5/5/2014 5:24:54 PM - Windows Update
RP156: 5/8/2014 5:27:54 PM - Windows Update
RP157: 5/8/2014 7:31:49 PM - beforebigupdateohboy
RP158: 5/8/2014 7:34:38 PM - Windows Update
RP159: 5/12/2014 7:55:12 AM - Windows Update
RP160: 5/13/2014 3:12:47 PM - Windows Update
RP161: 5/16/2014 6:14:38 PM - Windows Update
RP162: 5/20/2014 6:16:02 AM - Windows Update
RP163: 5/24/2014 11:35:51 AM - Windows Update
RP164: 5/27/2014 6:35:03 PM - Windows Update
RP165: 5/31/2014 5:44:56 PM - Windows Update
RP166: 6/2/2014 1:57:12 PM - june
RP167: 6/5/2014 3:59:36 PM - Windows Update
RP168: 6/8/2014 5:36:35 PM - Windows Update
RP169: 6/10/2014 1:29:40 PM - Windows Update
RP170: 6/14/2014 8:01:02 PM - Windows Update
RP171: 6/18/2014 5:11:47 PM - Windows Update
RP172: 6/19/2014 8:41:22 PM - Windows Update
RP173: 6/19/2014 8:45:13 PM - Windows Update
RP174: 6/20/2014 6:40:21 PM - beforespybotsandd
RP175: 6/24/2014 5:57:09 PM - Windows Update
RP176: 6/25/2014 5:46:45 AM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.03)
Aegisub 3.0.4
Aegisub 3.1.3
AkelPad 4.8.8
Alcor Micro USB Card Reader
Amaya
Apple Software Update
ASUS AI Recovery
ASUS Fan Filter Checker
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_G75 Series_ENG
AsusVibe2.0
Atheros Bluetooth Suite (64)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
ATK Package
Audacity 2.0.5
Avidemux 2.6 - 64bits
Bing Bar
Blender
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
DirectX 9 Runtime
Frescobaldi 2.0.13
GameFast
GIMP 2.8.10
Inkscape 0.48
InstantOn for NB
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IrfanView (remove only)
LilyPond
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Windows Debugging Symbols
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MuseScore 1.3
Notepad++
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.15.2
NVIDIA Update Components
Opera 12.14
Pale Moon 24.6.2 (x86 en-US)
Platform
Programmer's Notepad
Recuva
Rotation Desktop for G Series
Roxio AACS Certificate
Roxio CinePlayer
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
SpywareBlaster 5.0
STDU Viewer version 1.6.300.0
Subtitle Edit 3.3.9
Synaptics Pointing Device Driver
TrueCrypt
Unlocker 1.9.2
VIA Platform Device Manager
VLC media player 2.1.3
Windows Live
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
WinHasher 1.6.1
WinHTTrack Website Copier 3.46-1 (x64)
WinPatrol
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
6/26/2014 2:35:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.177.779.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10701.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/23/2014 7:19:34 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.177.460.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10701.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
6/22/2014 3:37:43 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.177.460.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10701.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================



5
Computer Problems, Questions and Solutions! / Happy with windows 8?
« on: March 09, 2014, 11:26:41 PM »
i've been a big fan of XP and win7. i've heard mixed, mostly negative, on win8 though (no start menu, navigation is difficult, etc).

i was curious if others are happy with it.
(i'm in the market for a new computer and wondered if win8 is something to avoid).

Thanks.

6
due to a MBAM scan, i just caught, quarantined and deleted Rootkit.Necurs.GO -- here was the path :
C:\eSupport\eDriver\I386\Aspr0b64.sys

i was shocked, since i'm so careful about security.
i went offline to run other scans (which were all clean), then went online and googled. looks like this may be a False Positive only MBAM shows:
http://ca.answers.yahoo.com/question/index?qid=20140307144208AATs890

apparently, it only affects ASUS machines.
hope i didn't hurt my computer by deleting it!

anyway, thought i'd post here, to see if anyone's heard about this, and to let others know about it.






7
Very irritating. After these last microsoft updates, i've been having explorer.exe freezes/crashes like mad.
i'm running scans, and will do a system restore -- altho, according to this article, that WON'T help these bugs introduced by microsoft.
(i'm guessing that's the likely culprit.)

LINK:
http://www.infoworld.com/t/microsoft-windows/3-more-botched-windows-patches-kb-2803821-kb-2840628-and-kb-2821895-222807

From the article:
"Microsoft's patching problems have hit a new low, with three botched patches now in desperate need of attention."

"I've been covering the vagaries of Windows patches for a decade, and I've never seen the situation deteriorate like this"


8
any recommendations on a good Password Manager? -
read that Browser's internal password handling isn't completely safe. (apparently none are, although i read specifically about Firefox & IE)

- are the external P Managers safer?
- looked at password gorilla and KeePass. (these are FREE, but i wouldn't mind spending on something really good.) - THNX

https://github.com/zdia/gorilla/wiki/
http://keepass.info/
http://en.wikipedia.org/wiki/KeePass


9
One of my computers BSOD'ed after a win7 windows update. Am dealing with that now.
 - i came across this:  it was posted about 30mins ago & is titled:  "new windows update causing bsod"
http://www.technibble.com/forums/showthread.php?p=299733

 - On this computer i'm running XP Pro. Can I STOP the winUpdate? it's downloaded, is showing me the yellow shield in the taskbar. Am concerned, if i RE-START or re-boot, the thing may update and nuke the computer i'm on now too...

thanx

10
LandzDown Lounge / Celebrating 1,000 Posts on Landzdown!
« on: June 01, 2012, 11:30:36 PM »
 :dance: :dance: :dance:
yay me!



lol- actually, i lost track and this makes 1,001 posts -but, Close Enough!




11
I bought a NEW computer- An ASUS g75v, win7 Home- no discount, paid full price. despite the packaging being opened, it had stickers/paperwork on it saying "never been opened."

Very 1st time i turned it on, i got the windows screen "computer wasn't shut down properly- data may have been damaged" or words to that effect.

Ran notebook for 2 days. i'm not familiar with win7, but there haven't been any problems of which i'm aware. EXCEPT...

Event Viewer shows LOTS of errors. since i had to re-set the clock, i'm not sure when these originally happened.


  ** QUESTION: should i return the computer? is it normal for so many errors to show on a new one?
(I Googled them- from what i found, win7 seems to inherently HAVE lots of warnings & errors that are "safe" to ignore- like Microsoft-Windows-Kernel-EventTracing/Admin. Weird.)

 - the Errors i'm most concerned about are:
Log Name:      System
Source:        Microsoft-Windows-Kernel-Power
Date:          5/31/2012 1:25:12 PM
Event ID:      41
Task Category: (63)
Level:         Critical
Keywords:      (2)
User:          SYSTEM
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
    <EventID>41</EventID>
    <Version>2</Version>
    <Level>1</Level>
    <Task>63</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000002</Keywords>
    <TimeCreated SystemTime="2012-05-31T20:25:12.852025200Z" />
    <EventRecordID>3001</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>lappy3</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="BugcheckCode">0</Data>
    <Data Name="BugcheckParameter1">0x0</Data>
    <Data Name="BugcheckParameter2">0x0</Data>
    <Data Name="BugcheckParameter3">0x0</Data>
    <Data Name="BugcheckParameter4">0x0</Data>
    <Data Name="SleepInProgress">false</Data>
    <Data Name="PowerButtonTimestamp">0</Data>

 AND:
Log Name:      Security
Source:        Microsoft-Windows-Eventlog
Date:          5/31/2012 1:27:57 PM
Event ID:      1101
Task Category: Event processing
Level:         Error
Keywords:      Audit Success
User:          N/A
Description:
Audit events have been dropped by the transport.  0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
    <EventID>1101</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>101</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4020000000000000</Keywords>
    <TimeCreated SystemTime="2012-05-31T20:27:57.447914300Z" />
    <EventRecordID>3514</EventRecordID>
    <Correlation />
    <Execution ProcessID="1064" ThreadID="1440" />
    <Channel>Security</Channel>
    <Security />
  </System>
  <UserData>
    <AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
      <Reason>0</Reason>
    </AuditEventsDropped>
  </UserData>
</Event>

  *** ALSO:
i haven't set up computer's access to wifi/internet / plugged in the printer yet - could *that* be responsible for some of the errors like the ones below?

Log Name:      Microsoft-Windows-Dhcp-Client/Admin
Source:        Microsoft-Windows-Dhcp-Client
Event ID:      1001
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x94DBC948C534.  The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

  AND
Log Name:      Microsoft-Windows-PrintService/Admin
Source:        Microsoft-Windows-PrintService
Event ID:      512
Task Category: Initializing a print provider
Level:         Error
Keywords:      Router,Classic Spooler Event
"InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources"

12
Computer Problems, Questions and Solutions! / win7 update question
« on: June 01, 2012, 02:13:28 AM »
i just got a new notebook, with win7 Home on it.
 - there are no recover disks, of course.

Question: if i buy the Microsoft disks to upgrade to win7 PRO- can i use those disks (the purchased ones), to do a "full" re-install, of the entire original OS?

 0h, btw: the 'puter is an ASUS g75v

thanx! if anybody knows...

13
i was on an local html file that launched firefox- and i got a request to allow a cookie for this thing:
safebrowsing.clients.google.com

(i have my browser set up to ask me, prior to allowing cookies.)

***
curious, i googled, and found info relating to google's "SafeBrowsing" - i'm not sure i like what i saw. seems like there are privacy considerations AND users report this feature can slow down Firefox tremendously (a problem i tend to have with that browser).

QUESTION: is this thing worth allowing? (which is the default in firefox)- is it a serious tool against malware? would dis-allowing it, put me at risk?

***
Here are a few links to info i found on safebrowsing:

http://www.freshbot.com/archives/2009/02/04/google-safe-browsing-slows-firefox-while-feeding-the-tiger
http://ha.ckers.org/blog/20090824/google-safe-browsing-and-chrome-privacy-leak

14
i was going to contact norton about this- i was sure it was a norton hiccup- but i'm posting here because it ocurred to me
1, i may be infected, or 2, norton is getting in the way of microsoft updates (which is pretty nasty, if that's what's going on)

** all scans i've done (norton, spybot, mbam) show i'm clean

norton's been "turning on" somewhat regularly in the background, cpu useage climbs Very High- and norton blocks:
explorer.exe
 And sometimes
msiexec.exe

See Screenshots-
http://i51.tinypic.com/242e8f9.jpg
http://i55.tinypic.com/2dbqwye.png
http://i53.tinypic.com/1z1wv8n.jpg

- Thoughts?

 ps- i have the ms firewall set to off, so there shouldn't be any cross-fire between ms & norton

15
Norton Is Not My Friend:
my situation- deleted restore points, funky event viewer alerts, etc- is virtually identical to this guy's:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-causing-a-System-Restore-Error/m-p/94109

- that's Event ID 1, The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.

* i'm really busy the next week, but i'm ready to make some changes & wanted some input from the 'Security Gurus' here.

i'm thinking of uninstalling Norton- & running Microsoft Essentials & turning on the Microsoft firewall.
ALSO: can someone please recommend a good router (that does its' job & is fairly easy to set up)?

does the setup i described sound 'sturdy'?
(my computers run XP, service pack 3)

thanks.

Pages: [1] 2 3 ... 11