Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2020 Ran by Tiffany (administrator) on TIFFANY-PC (Dell Inc. XPS 8300) (16-01-2020 00:04:56) Running from C:\Users\Tiffany\Desktop Loaded Profiles: Tiffany (Available Profiles: Tiffany & TiffanyK & DefaultAppPool) Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\AdobeNotificationManager\AdobeNotificationHelper.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Alcor Micro Corp.) [File not signed] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Carbonite -> Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite -> Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (CyberLink -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink -> cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Users\Tiffany\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Nero AG -> ) C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc. -> ) C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SoftThinks - Dell) [File not signed] C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Sonic Solutions -> ) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (WDC) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Western Digital Technologies Inc. -> WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.) [File not signed] HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.) [File not signed] HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) [File not signed] HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed] HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (CyberLink -> cyberlink) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> ) HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [75064 2011-07-07] (Nero AG -> ) HKLM-x32\...\Run: [IOGEAR Auto Printer Sharing Switch] => C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe [867328 2010-03-05] () [File not signed] HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.) [File not signed] HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278056 2019-04-30] (Carbonite -> Carbonite, Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Run: [Dropbox Update] => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Run: [AvastBrowserAutoLaunch_9A3106FE1D20BB9D97EDE96581AD3C79] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software) HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-16598370-1499477397-4195015670-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [152576 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-28] (AVAST Software s.r.o. -> AVAST Software) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorVisionStartup.lnk [2012-04-29] ShortcutTarget: ColorVisionStartup.lnk -> C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe (ColorVision Inc.) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-08-26] ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies Inc. -> WDC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2015-08-26] ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital Technologies Inc. -> Western Digital) Startup: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-05-01] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0477EBF3-4C00-4E88-BE60-AB5BBED8AE8D} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software) Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {06A7201B-3832-4369-B41E-F807ED69064B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-16598370-1499477397-4195015670-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.) Task: {06AC7877-9A74-447F-8774-F2E283EE474B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-07-24] (Apple Inc. -> Apple Inc.) Task: {06E5D9C6-D292-4E6C-BEA8-B0B28542135E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {0A077B24-D56D-40F8-8C8B-5146D021D9A4} - System32\Tasks\{86E5F0AB-44C4-4C00-867C-EBF53E9006AF} => C:\Windows\system32\pcalua.exe -a D:\win/GetThePictureInstaller.exe -d D:\ Task: {0C499099-919E-49BC-94C8-6B200A4E4E79} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {14D046B4-64C2-403F-8B90-5D8EBBE5B5B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {175060F2-ADF4-407F-9458-CEA832477653} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_314_Plugin.exe [1457720 2020-01-15] (Adobe Inc. -> Adobe) Task: {1BB39922-5885-4845-AB56-5263638E9BCC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {30E1DD7B-FC11-48E2-9326-8C503B8FEF63} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software) Task: {3285CDC2-60C7-4188-92FA-83136AF36F72} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {35fbe524-06e5-45e6-8927-db455bb9688e} - no filepath Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4B0620D6-C7BA-4069-A9BE-F3B05CD7FD98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {4C8C3467-1094-4553-AF0C-CB96A9991AD4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {54B3B75C-B3B4-4CA8-BAFE-46747871B6D7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1873288 2019-09-21] (AVAST Software s.r.o. -> AVAST Software) Task: {56C42933-0E1C-4792-B73B-D0D794094B18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {577A387D-FD7F-4F3C-AC8D-D8C0E6345E0E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {5889BDA8-F4E9-4CF0-8661-5864BE5514B3} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {61235504-6481-4085-BDD2-B0702D3C78A1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {61961F83-1A8B-442F-BE23-8CAEE1551D8E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {686D4CB4-2686-4A26-B795-2C12E1004D93} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software) Task: {699C39E5-9C5A-4EC6-AB9A-790EA3474EF2} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask => C:\WINDOWS\System32\GWX\GWXUXWorker.exe Task: {6AED44DC-5223-468E-83B3-B0BE6C3A3429} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {78440926-E24D-4692-94E9-EF5E30783F29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {78D06E72-D478-4CBF-995C-AC2E3ABE06EB} - System32\Tasks\{24E2DEF5-BB76-4294-B0CD-202B2AFD3F3F} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9E0OBVS6\ps902.exe" -d C:\Users\Tiffany\Desktop Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7FECB7B7-D64D-40A6-8840-5BEE785D0036} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software) Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8E403532-BCFC-4F91-96FE-460C1CF6D427} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {98CDC4FC-71C0-4B04-B5E5-B5B9802684B5} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {9BEDF6ED-986D-4A83-BF42-5DE0ABE3AC5B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9F88F1E4-9C97-479E-A78F-68BAE7921EAC} - System32\Tasks\AdobeAAMUpdater-1.0-Tiffany-PC-Tiffany => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {9FE74352-1A66-4B56-959F-E9E8ED486DAC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) Task: {A06642A6-4C1F-4FD2-A577-308574BCAB59} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B78A5639-A97A-447E-A39F-CE11B8101E20} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{70582524-6EFD-4735-B033-A638AA21E2F6}.exe Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B9E90093-41A6-4579-A385-B57354835428} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath = $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1818 more characters). Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {C2E0743A-91C2-45C5-A2A6-A5D1D1F30E9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-15] (Adobe Inc. -> Adobe) Task: {C45D8063-5256-4488-9A74-D0E267BFB99F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-16598370-1499477397-4195015670-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.) Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CAC5E496-A932-4773-916A-92F092EF7D52} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000UA1d24022a0bd14eb => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {CBB728B1-A148-43A7-B705-E4038F0C25CD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {CCDE340A-FD40-4004-8C9B-404652FC91B3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000Core1d240229f14afdd => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {CE333435-5488-4467-B51A-14B40FD26D36} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D7021525-D739-42D6-8F1E-70CF6B8E0A38} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-16598370-1499477397-4195015670-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.) Task: {D901DD0C-EC27-49D9-8B6D-E34FE4716212} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {E114051E-1F41-4718-83AB-91E927BC813C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {E82DD4E6-B0A5-47F2-AB47-10D143D97727} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {ECAC882D-8459-48D6-BC4B-61B46D58A957} - System32\Tasks\{BB8EF683-E171-4F57-8FB4-5BE00B9C776C} => C:\Windows\system32\pcalua.exe -a "D:\Nik\Color Efex Pro 3.1\ColorEfexPro3Cpl-rev3.101EN.exe" -d "D:\Nik\Color Efex Pro 3.1" Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F29147B7-A909-4993-A988-209B54944DCF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F6574DAA-55C7-4A4B-9BFD-6D363FE68B4B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {F9608979-743F-4487-9C15-A6F7676BD678} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{70582524-6EFD-4735-B033-A638AA21E2F6}.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000Core1d240229f14afdd.job => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000UA1d24022a0bd14eb.job => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{37ef24cf-62bb-4f6b-b274-2e8996d27f33}: [NameServer] 8.26.56.26,156.154.70.22 Tcpip\..\Interfaces\{37ef24cf-62bb-4f6b-b274-2e8996d27f33}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{b1347ba8-b255-43ca-9188-c5cfa2650ddc}: [NameServer] 8.26.56.26,156.154.70.22 Tcpip\..\Interfaces\{b1347ba8-b255-43ca-9188-c5cfa2650ddc}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-16598370-1499477397-4195015670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> DefaultScope {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms} SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms} SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://mysearch.avg.com/search?cid={AE070354-6493-49D0-9256-55BBAFBD06BA}&mid=1e9e7d76c69b47d382f7c94a35379396-85116faf5f6267821ce8bd8b6ae342ca2bc2311a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615tb&pr=fr&d=2014-02-06 20:21:08&v=19.0.0.10&pid=safeguard&sg=0&sap=dsp&q={searchTerms} BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.) Edge: ====== DownloadDir: C:\Users\Tiffany\Downloads FireFox: ======== FF DefaultProfile: cm5j4z02.default FF ProfilePath: C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default [2020-01-11] FF Homepage: Mozilla\Firefox\Profiles\cm5j4z02.default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-b8dee14f FF Notifications: Mozilla\Firefox\Profiles\cm5j4z02.default -> hxxps://www.facebook.com FF HomepageOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: _65Members_@download.fromdoctopdf.com FF NewTabOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: _65Members_@download.fromdoctopdf.com FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\sp@avast.com.xpi [2019-12-26] FF Extension: (Avast Online Security) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\wrc@avast.com.xpi [2020-01-09] FF Extension: (FromDocToPDF) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\_65Members_@download.fromdoctopdf.com.xpi [2019-11-19] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=207743773&version=8.924.16.54486&track=TTAB02&trackRevision=1&fromId=_65Members_%40download.fromdoctopdf.com&isBridgeExtension=false] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-29] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_314.dll [2020-01-15] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-15] (Adobe Inc. -> ) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-09-29] (RealNetworks, Inc. -> RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-09-29] (RealNetworks, Inc. -> RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc. -> Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink -> CyberLink) S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [253528 2015-07-09] (Canon Inc. -> ) R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [4375880 2014-11-18] (Symantec Corporation -> Dell, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] (RealNetworks, Inc. -> ) R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-09-22] (Dell Inc -> SoftThinks SAS) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-22] (Microsoft Windows Publisher -> Microsoft Corporation) S2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed] S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-22] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-17] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-06] (AVAST Software s.r.o. -> AVAST Software) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvlddmkm.sys [13754928 2016-08-26] (NVIDIA Corporation -> NVIDIA Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-08-22] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-22] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; no ImagePath U5 REALPLAYERUPDATESVC; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-16 00:04 - 2020-01-16 00:10 - 000044817 _____ C:\Users\Tiffany\Desktop\FRST.txt 2020-01-16 00:04 - 2020-01-16 00:04 - 000003582 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-16598370-1499477397-4195015670-1000 2020-01-16 00:04 - 2020-01-16 00:04 - 000003518 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-16598370-1499477397-4195015670-1000 2020-01-09 23:24 - 2020-01-09 23:27 - 000056666 _____ C:\Users\Tiffany\Desktop\Addition-Old (1).txt 2020-01-09 23:21 - 2020-01-16 00:04 - 000000000 ____D C:\Users\Tiffany\Desktop\FRST-OlderVersion 2020-01-09 23:19 - 2020-01-09 23:19 - 000025503 _____ C:\Users\Tiffany\Desktop\ckfiles.txt 2020-01-09 21:53 - 2020-01-09 21:52 - 000129080 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll 2020-01-09 21:49 - 2020-01-09 21:49 - 000468480 _____ () C:\Users\Tiffany\Desktop\CKScanner.exe 2020-01-09 13:15 - 2020-01-09 13:15 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-01-05 23:18 - 2020-01-05 23:18 - 000001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk 2020-01-05 23:18 - 2020-01-05 23:18 - 000000000 ____D C:\Users\Tiffany\Documents\Adobe 2020-01-05 23:18 - 2020-01-05 23:18 - 000000000 ____D C:\Users\Tiffany\AppData\Local\UXP 2020-01-05 23:06 - 2020-01-05 23:06 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk 2020-01-05 23:06 - 2020-01-05 23:06 - 000001040 _____ C:\Users\Tiffany\Desktop\Lightroom.lnk 2020-01-05 23:04 - 2020-01-16 00:05 - 000000000 ___RD C:\Users\Tiffany\Creative Cloud Files 2020-01-05 23:00 - 2020-01-13 01:21 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-01-05 23:00 - 2020-01-13 01:21 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-01-05 23:00 - 2020-01-05 23:00 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2020-01-05 22:59 - 2020-01-05 22:59 - 000001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2020-01-05 22:59 - 2020-01-05 22:59 - 000001354 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2020-01-05 22:59 - 2020-01-05 22:59 - 000001354 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk 2019-12-30 22:26 - 2020-01-09 23:27 - 000041209 _____ C:\Users\Tiffany\Desktop\Addition-Old (2).txt 2019-12-30 22:25 - 2020-01-16 00:09 - 000000000 ____D C:\FRST 2019-12-30 22:23 - 2020-01-16 00:04 - 002573312 _____ (Farbar) C:\Users\Tiffany\Desktop\FRST64.exe 2019-12-30 22:18 - 2019-12-30 22:18 - 002272256 _____ (Farbar) C:\Users\Tiffany\Downloads\FRST64.exe 2019-12-19 15:25 - 2019-12-19 15:26 - 000000000 ____D C:\ProgramData\SWRoes 2019-12-19 15:25 - 2019-12-19 15:25 - 000002455 _____ C:\Users\Public\Desktop\WHCC ROES.lnk 2019-12-19 15:25 - 2019-12-19 15:25 - 000002455 _____ C:\ProgramData\Desktop\WHCC ROES.lnk 2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\ROES 2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WHCC ROES 2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\Program Files (x86)\ROES 2019-12-19 15:15 - 2019-12-19 15:15 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\java 2019-12-19 15:14 - 2020-01-09 21:53 - 000002557 _____ C:\Users\Tiffany\Desktop\WHCC ROES.lnk 2019-12-19 15:14 - 2019-12-19 22:39 - 000000000 ____D C:\Users\Tiffany\.WHCCROES 2019-12-19 15:14 - 2019-12-19 15:14 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES 2019-12-19 15:14 - 2019-12-19 15:14 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Sun ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-16 00:09 - 2013-11-06 19:42 - 000000000 ____D C:\ProgramData\boost_interprocess 2020-01-16 00:04 - 2018-08-23 17:19 - 000000000 ____D C:\Users\Tiffany\AppData\Local\AVAST Software 2020-01-16 00:01 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-16 00:00 - 2016-09-30 03:05 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2020-01-16 00:00 - 2016-09-30 03:05 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2020-01-16 00:00 - 2011-12-01 22:14 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2020-01-15 23:59 - 2019-08-21 00:45 - 000000000 ____D C:\Users\Tiffany 2020-01-15 23:58 - 2016-05-05 00:08 - 000153072 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys 2020-01-15 23:57 - 2019-08-21 01:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-15 23:57 - 2019-08-21 00:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-15 23:56 - 2019-12-06 01:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-01-15 23:56 - 2013-06-08 17:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-01-15 01:13 - 2019-08-21 01:09 - 000004582 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-01-15 01:13 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-01-15 01:13 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-01-14 22:03 - 2019-08-21 01:09 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{326376A5-4C85-4AC2-A8E5-C1782EE661E3} 2020-01-14 01:20 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-14 01:20 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-14 01:13 - 2019-08-21 01:09 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2020-01-11 10:09 - 2016-11-23 11:48 - 000000000 ____D C:\Users\Tiffany\AppData\LocalLow\Mozilla 2020-01-11 04:07 - 2012-01-22 11:37 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Nero 2020-01-11 03:50 - 2013-06-08 17:21 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-01-09 23:16 - 2012-01-28 10:38 - 000000000 ____D C:\Users\Tiffany\AppData\Local\ElevatedDiagnostics 2020-01-09 22:57 - 2012-01-15 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto FX Software 2020-01-09 21:53 - 2013-09-29 15:43 - 000000000 ____D C:\Program Files\Java 2020-01-09 21:53 - 2013-09-29 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2020-01-09 21:53 - 2013-09-29 15:42 - 000000000 ____D C:\Program Files (x86)\Java 2020-01-09 21:52 - 2013-09-29 15:43 - 000129080 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2020-01-09 21:51 - 2013-09-29 15:42 - 000114232 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2020-01-09 21:40 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-01-09 21:33 - 2011-12-01 22:26 - 000000000 ____D C:\ProgramData\Adobe 2020-01-09 21:33 - 2011-12-01 22:25 - 000000000 ____D C:\Program Files (x86)\Adobe 2020-01-09 21:32 - 2016-02-20 13:27 - 000000000 ____D C:\Program Files\Common Files\Adobe 2020-01-09 21:21 - 2014-08-01 17:54 - 000000000 ____D C:\Users\Tiffany\Desktop\PhotoshopPrograms 2020-01-09 21:17 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-01-09 21:12 - 2012-01-15 22:29 - 000000000 ____D C:\Program Files (x86)\Jasc Software Inc 2020-01-09 21:09 - 2012-01-15 16:55 - 000000000 ____D C:\Program Files\Adobe 2020-01-09 16:20 - 2016-02-20 16:08 - 000000000 ____D C:\ProgramData\AVAST Software 2020-01-09 13:16 - 2014-01-08 16:47 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Dropbox 2020-01-09 12:45 - 2019-05-06 11:22 - 000000000 ____D C:\Users\Tiffany\AppData\Local\CrashDumps 2020-01-07 23:10 - 2018-07-27 16:29 - 000000000 ____D C:\Users\Tiffany\AppData\Local\D3DSCache 2020-01-05 23:18 - 2012-01-09 21:11 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Adobe 2020-01-05 23:07 - 2012-01-15 17:00 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Adobe 2020-01-05 23:02 - 2018-06-25 15:42 - 000000000 ____D C:\ProgramData\Packages 2020-01-05 23:02 - 2017-12-29 02:17 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Packages 2020-01-05 22:58 - 2017-07-14 22:24 - 000000000 ____D C:\ProgramData\Package Cache 2019-12-30 22:32 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF 2019-12-30 22:15 - 2016-01-10 21:24 - 000000000 ____D C:\ProgramData\CanonIJPLM 2019-12-22 23:30 - 2012-01-15 22:29 - 000000000 ____D C:\Users\Tiffany\Documents\My PSP8 Files 2019-12-19 15:14 - 2012-01-29 02:04 - 000000000 ____D C:\Users\Tiffany\.roescache 2019-12-19 09:34 - 2016-08-07 08:12 - 000000000 ____D C:\Users\Tiffany\Documents\Outlook Files ==================== Files in the root of some directories ======== 2009-07-19 20:42 - 2009-07-19 20:42 - 000000000 _____ () C:\Users\Tiffany\settings.dat 2013-08-26 11:40 - 2014-06-02 15:32 - 000003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2006-12-14 21:40 - 2008-01-08 19:21 - 000000426 _____ () C:\Users\Tiffany\AppData\Roaming\wklnhst.dat 2018-05-24 20:15 - 2006-08-19 17:00 - 000000136 _____ () C:\Users\Tiffany\AppData\Local\fusioncache.dat 2020-01-05 23:07 - 2020-01-05 23:07 - 000000000 _____ () C:\Users\Tiffany\AppData\Local\oobelibMkey.log 2012-04-25 09:37 - 2012-04-25 09:37 - 000000017 _____ () C:\Users\Tiffany\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================