Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running slowly and possibly infected with MalWare and/or Viru

Started by ekstatman , Dec 30 2019 09:45 PM

  • Please log in to reply

#1
ekstatman
Posted 30 December 2019 - 09:45 PM

ekstatman

    Member

  • Member
  • PipPip
  • 65 posts

Hello,

 

    We have a computer running Windows 10 and is 64-bit. The computer has suddenly become slow and we think it may be infected. Keystrokes in applications like PhotoShop take up to 60 seconds to work on the screen at random times. I read the Malware Cleaning Guide and the logs below are the result of the Farbar Scan. Please help and thank you!

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by Tiffany (administrator) on TIFFANY-PC (Dell Inc. XPS 8300) (30-12-2019 22:26:21)
Running from C:\Users\Tiffany\Desktop
Loaded Profiles: Tiffany (Available Profiles: Tiffany & TiffanyK & DefaultAppPool)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Alcor Micro Corp.) [File not signed] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Carbonite -> Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(CyberLink -> cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Tiffany\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SoftThinks - Dell) [File not signed] C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Sonic Solutions -> ) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Symantec Corporation -> Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation -> Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(WDC) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Western Digital Technologies Inc. -> WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital Technologies Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.) [File not signed]
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (CyberLink -> cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> )
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [75064 2011-07-07] (Nero AG -> )
HKLM-x32\...\Run: [IOGEAR Auto Printer Sharing Switch] => C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe [867328 2010-03-05] () [File not signed]
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.) [File not signed]
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278056 2019-04-30] (Carbonite -> Carbonite, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Run: [Dropbox Update] => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Run: [AvastBrowserAutoLaunch_9A3106FE1D20BB9D97EDE96581AD3C79] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-16598370-1499477397-4195015670-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [152576 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorVisionStartup.lnk [2012-04-29]
ShortcutTarget: ColorVisionStartup.lnk -> C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe (ColorVision Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-08-26]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies Inc. -> WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2015-08-26]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital Technologies Inc. -> Western Digital)
Startup: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-05-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0477EBF3-4C00-4E88-BE60-AB5BBED8AE8D} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {06AC7877-9A74-447F-8774-F2E283EE474B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-07-24] (Apple Inc. -> Apple Inc.)
Task: {06E5D9C6-D292-4E6C-BEA8-B0B28542135E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0A077B24-D56D-40F8-8C8B-5146D021D9A4} - System32\Tasks\{86E5F0AB-44C4-4C00-867C-EBF53E9006AF} => C:\Windows\system32\pcalua.exe -a D:\win/GetThePictureInstaller.exe -d D:\
Task: {0C499099-919E-49BC-94C8-6B200A4E4E79} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {14D046B4-64C2-403F-8B90-5D8EBBE5B5B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {152A7E09-987D-4E5B-86C1-F3226AA67A1B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-16598370-1499477397-4195015670-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {175060F2-ADF4-407F-9458-CEA832477653} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-11] (Adobe Inc. -> Adobe)
Task: {1BB39922-5885-4845-AB56-5263638E9BCC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EBB73F9-72DB-400A-A8BC-58496FE8DEAB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-16598370-1499477397-4195015670-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [187984 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {30E1DD7B-FC11-48E2-9326-8C503B8FEF63} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {3285CDC2-60C7-4188-92FA-83136AF36F72} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {35fbe524-06e5-45e6-8927-db455bb9688e} - no filepath
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4B0620D6-C7BA-4069-A9BE-F3B05CD7FD98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4C8C3467-1094-4553-AF0C-CB96A9991AD4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54B3B75C-B3B4-4CA8-BAFE-46747871B6D7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1873288 2019-09-21] (AVAST Software s.r.o. -> AVAST Software)
Task: {56C42933-0E1C-4792-B73B-D0D794094B18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {577A387D-FD7F-4F3C-AC8D-D8C0E6345E0E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {5889BDA8-F4E9-4CF0-8661-5864BE5514B3} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61235504-6481-4085-BDD2-B0702D3C78A1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {61961F83-1A8B-442F-BE23-8CAEE1551D8E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {686D4CB4-2686-4A26-B795-2C12E1004D93} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {699C39E5-9C5A-4EC6-AB9A-790EA3474EF2} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask => C:\WINDOWS\System32\GWX\GWXUXWorker.exe
Task: {6AED44DC-5223-468E-83B3-B0BE6C3A3429} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {78440926-E24D-4692-94E9-EF5E30783F29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {78D06E72-D478-4CBF-995C-AC2E3ABE06EB} - System32\Tasks\{24E2DEF5-BB76-4294-B0CD-202B2AFD3F3F} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9E0OBVS6\ps902.exe" -d C:\Users\Tiffany\Desktop
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7FECB7B7-D64D-40A6-8840-5BEE785D0036} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8E403532-BCFC-4F91-96FE-460C1CF6D427} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9BEDF6ED-986D-4A83-BF42-5DE0ABE3AC5B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9F88F1E4-9C97-479E-A78F-68BAE7921EAC} - System32\Tasks\AdobeAAMUpdater-1.0-Tiffany-PC-Tiffany => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {9FE74352-1A66-4B56-959F-E9E8ED486DAC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {A06642A6-4C1F-4FD2-A577-308574BCAB59} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B78A5639-A97A-447E-A39F-CE11B8101E20} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{70582524-6EFD-4735-B033-A638AA21E2F6}.exe
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B9E90093-41A6-4579-A385-B57354835428} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath =  $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1818 more characters).
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {C2E0743A-91C2-45C5-A2A6-A5D1D1F30E9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-17] (Adobe Inc. -> Adobe)
Task: {C45D8063-5256-4488-9A74-D0E267BFB99F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-16598370-1499477397-4195015670-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048 2013-08-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CAC5E496-A932-4773-916A-92F092EF7D52} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000UA1d24022a0bd14eb => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CBB728B1-A148-43A7-B705-E4038F0C25CD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {CCDE340A-FD40-4004-8C9B-404652FC91B3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000Core1d240229f14afdd => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CE333435-5488-4467-B51A-14B40FD26D36} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D901DD0C-EC27-49D9-8B6D-E34FE4716212} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E114051E-1F41-4718-83AB-91E927BC813C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E82DD4E6-B0A5-47F2-AB47-10D143D97727} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {ECAC882D-8459-48D6-BC4B-61B46D58A957} - System32\Tasks\{BB8EF683-E171-4F57-8FB4-5BE00B9C776C} => C:\Windows\system32\pcalua.exe -a "D:\Nik\Color Efex Pro 3.1\ColorEfexPro3Cpl-rev3.101EN.exe" -d "D:\Nik\Color Efex Pro 3.1"
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F29147B7-A909-4993-A988-209B54944DCF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F6574DAA-55C7-4A4B-9BFD-6D363FE68B4B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F9608979-743F-4487-9C15-A6F7676BD678} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{70582524-6EFD-4735-B033-A638AA21E2F6}.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000Core1d240229f14afdd.job => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-16598370-1499477397-4195015670-1000UA1d24022a0bd14eb.job => C:\Users\Tiffany\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{37ef24cf-62bb-4f6b-b274-2e8996d27f33}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{37ef24cf-62bb-4f6b-b274-2e8996d27f33}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b1347ba8-b255-43ca-9188-c5cfa2650ddc}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{b1347ba8-b255-43ca-9188-c5cfa2650ddc}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-16598370-1499477397-4195015670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> DefaultScope {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://mysearch.avg.com/search?cid={AE070354-6493-49D0-9256-55BBAFBD06BA}&mid=1e9e7d76c69b47d382f7c94a35379396-85116faf5f6267821ce8bd8b6ae342ca2bc2311a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615tb&pr=fr&d=2014-02-06 20:21:08&v=19.0.0.10&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-08] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Edge:
======
DownloadDir: C:\Users\Tiffany\Downloads
FireFox:
========
FF DefaultProfile: cm5j4z02.default
FF ProfilePath: C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default [2019-12-30]
FF Homepage: Mozilla\Firefox\Profiles\cm5j4z02.default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-b8dee14f
FF Notifications: Mozilla\Firefox\Profiles\cm5j4z02.default -> hxxps://www.facebook.com
FF HomepageOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: [email protected]
FF Extension: (Mozilla add-on that supports the roll-out of DoH) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-11-30]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-12-26]
FF Extension: (Avast Online Security) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-12-26]
FF Extension: (FromDocToPDF) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-11-19] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=207743773&version=8.924.16.54486&track=TTAB02&trackRevision=1&fromId=_65Members_%40download.fromdoctopdf.com&isBridgeExtension=false]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-09-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-11] (Adobe Inc. -> )
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWoW64\npDeployJava1.dll [2013-09-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-09-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-09-29] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink -> CyberLink)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [253528 2015-07-09] (Canon Inc. -> )
R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [4375880 2014-11-18] (Symantec Corporation -> Dell, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] (RealNetworks, Inc. -> )
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-09-22] (Dell Inc -> SoftThinks SAS)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-22] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvlddmkm.sys [13754928 2016-08-26] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-22] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-30 22:26 - 2019-12-30 22:28 - 000043726 _____ C:\Users\Tiffany\Desktop\FRST.txt
2019-12-30 22:25 - 2019-12-30 22:27 - 000000000 ____D C:\FRST
2019-12-30 22:23 - 2019-12-30 22:23 - 002272256 _____ (Farbar) C:\Users\Tiffany\Desktop\FRST64.exe
2019-12-30 22:18 - 2019-12-30 22:18 - 002272256 _____ (Farbar) C:\Users\Tiffany\Downloads\FRST64.exe
2019-12-19 15:25 - 2019-12-19 15:26 - 000000000 ____D C:\ProgramData\SWRoes
2019-12-19 15:25 - 2019-12-19 15:25 - 000002455 _____ C:\Users\Public\Desktop\WHCC ROES.lnk
2019-12-19 15:25 - 2019-12-19 15:25 - 000002455 _____ C:\ProgramData\Desktop\WHCC ROES.lnk
2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\ROES
2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WHCC ROES
2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\Program Files (x86)\ROES
2019-12-19 15:15 - 2019-12-19 15:15 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\java
2019-12-19 15:14 - 2019-12-19 22:39 - 000000000 ____D C:\Users\Tiffany\.WHCCROES
2019-12-19 15:14 - 2019-12-19 15:14 - 000002557 _____ C:\Users\Tiffany\Desktop\WHCC ROES.lnk
2019-12-19 15:14 - 2019-12-19 15:14 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES
2019-12-19 15:14 - 2019-12-19 15:14 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Sun
2019-12-19 10:19 - 2019-12-19 10:19 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-12-12 22:38 - 2019-12-12 22:38 - 003580468 _____ C:\Users\Tiffany\Downloads\132444881.jpeg
2019-12-12 22:38 - 2019-12-12 22:38 - 003578842 _____ C:\Users\Tiffany\Downloads\132444864.jpeg
2019-12-12 22:38 - 2019-12-12 22:38 - 003576603 _____ C:\Users\Tiffany\Downloads\132444874.jpeg
2019-12-12 22:38 - 2019-12-12 22:38 - 003510904 _____ C:\Users\Tiffany\Downloads\132444862.jpeg
2019-12-12 22:37 - 2019-12-12 22:37 - 003548364 _____ C:\Users\Tiffany\Downloads\132444878.jpeg
2019-12-11 17:24 - 2019-12-11 17:24 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-11 17:24 - 2019-12-11 17:24 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-11 17:24 - 2019-12-11 17:24 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-11 16:33 - 2019-12-11 16:33 - 002579467 _____ C:\Users\Tiffany\Desktop\AdultSizeEarTemplate.pdf
2019-12-11 16:32 - 2019-12-11 16:32 - 001094469 _____ C:\Users\Tiffany\Desktop\SpacingTemplate.pdf
2019-12-06 01:13 - 2019-12-11 16:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-30 22:24 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-30 22:20 - 2019-11-25 00:14 - 000003582 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-16598370-1499477397-4195015670-1000
2019-12-30 22:20 - 2019-11-25 00:14 - 000003518 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-16598370-1499477397-4195015670-1000
2019-12-30 22:15 - 2019-08-21 00:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-30 22:15 - 2016-01-10 21:24 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-12-30 21:29 - 2016-11-23 11:48 - 000000000 ____D C:\Users\Tiffany\AppData\LocalLow\Mozilla
2019-12-30 21:08 - 2019-08-21 01:09 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{326376A5-4C85-4AC2-A8E5-C1782EE661E3}
2019-12-30 21:07 - 2019-08-21 01:09 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2019-12-30 21:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-12-28 11:20 - 2019-05-06 11:22 - 000000000 ____D C:\Users\Tiffany\AppData\Local\CrashDumps
2019-12-28 01:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-22 23:35 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-22 23:30 - 2012-01-15 22:29 - 000000000 ____D C:\Users\Tiffany\Documents\My PSP8 Files
2019-12-19 15:14 - 2019-08-21 00:45 - 000000000 ____D C:\Users\Tiffany
2019-12-19 15:14 - 2012-01-29 02:04 - 000000000 ____D C:\Users\Tiffany\.roescache
2019-12-19 10:20 - 2014-01-08 16:47 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Dropbox
2019-12-19 09:34 - 2016-08-07 08:12 - 000000000 ____D C:\Users\Tiffany\Documents\Outlook Files
2019-12-11 19:32 - 2012-01-22 11:37 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Nero
2019-12-11 19:19 - 2013-11-06 19:42 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-12-11 19:18 - 2018-08-23 17:19 - 000000000 ____D C:\Users\Tiffany\AppData\Local\AVAST Software
2019-12-11 19:17 - 2019-08-21 00:57 - 000972220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-11 19:17 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-11 19:13 - 2018-01-03 14:56 - 000000000 ___RD C:\Users\Tiffany\3D Objects
2019-12-11 19:13 - 2016-09-30 03:05 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2019-12-11 19:13 - 2016-09-30 03:05 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2019-12-11 19:13 - 2016-05-05 21:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-11 19:13 - 2011-12-01 22:14 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2019-12-11 19:12 - 2019-08-21 00:34 - 005712024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-11 19:10 - 2016-05-05 00:08 - 000153072 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys
2019-12-11 19:09 - 2019-08-21 01:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-11 19:08 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-12-11 19:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-11 19:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-11 19:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-11 17:52 - 2013-07-29 02:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-11 17:31 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-11 17:31 - 2012-01-09 22:27 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 16:26 - 2019-08-21 00:45 - 000000000 ____D C:\Users\DefaultAppPool
2019-12-11 16:26 - 2019-08-21 00:44 - 000000000 ____D C:\Users\TiffanyK
2019-12-11 16:12 - 2013-06-08 17:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-11 01:13 - 2019-08-21 01:09 - 000004582 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-11 01:13 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-11 01:13 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-12-06 21:48 - 2013-06-08 17:21 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
==================== Files in the root of some directories ========
2009-07-19 20:42 - 2009-07-19 20:42 - 000000000 _____ () C:\Users\Tiffany\settings.dat
2013-08-26 11:40 - 2014-06-02 15:32 - 000003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2006-12-14 21:40 - 2008-01-08 19:21 - 000000426 _____ () C:\Users\Tiffany\AppData\Roaming\wklnhst.dat
2018-05-24 20:15 - 2006-08-19 17:00 - 000000136 _____ () C:\Users\Tiffany\AppData\Local\fusioncache.dat
2012-04-25 09:37 - 2012-04-25 09:37 - 000000017 _____ () C:\Users\Tiffany\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Tiffany (30-12-2019 22:29:52)
Running from C:\Users\Tiffany\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-08-21 06:10:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-16598370-1499477397-4195015670-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-16598370-1499477397-4195015670-503 - Limited - Disabled)
Guest (S-1-5-21-16598370-1499477397-4195015670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-16598370-1499477397-4195015670-1002 - Limited - Enabled)
Tiffany (S-1-5-21-16598370-1499477397-4195015670-1000 - Administrator - Enabled) => C:\Users\Tiffany
TiffanyK (S-1-5-21-16598370-1499477397-4195015670-1003 - Limited - Enabled) => C:\Users\TiffanyK
WDAGUtilityAccount (S-1-5-21-16598370-1499477397-4195015670-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 2.3 64-bit (HKLM\...\{AA45E50C-1447-48CD-9B49-61B82ED1F95C}) (Version: 2.3.1 - Adobe)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.2.2153.120 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.0.0 - Canon Inc.)
Canon MG6800 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6800_series) (Version: 1.00 - Canon Inc.)
Canon MG6800 series On-screen Manual (HKLM-x32\...\Canon MG6800 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG6800 series User Registration (HKLM-x32\...\Canon MG6800 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Carbonite (HKLM-x32\...\{9C78C26C-C5B3-4B1C-8B13-802223B2614D}) (Version: 6.3.5 build 8094 (Apr-30-2019) - Carbonite)
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete) (Version: 3.1.0.0 - Nik Software, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}) (Version: 2.2.3000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell System Detect - 1  (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell System Detect (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell VideoStage  (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Dropbox) (Version: 87.4.138 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Get the Picture! (HKLM-x32\...\{E34064E2-9056-C148-8957-2FD78464F743}) (Version: 2.3.4 - Image Holdings) Hidden
Get the Picture! (HKLM-x32\...\com.image.getthepicture) (Version: 2.3.4 - Image Holdings)
High-Definition Video Playback (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.3.10000.0.0 - Nero AG) Hidden
IOGEAR Auto Printer Sharing Switch 2.0 (HKLM-x32\...\IOGEAR Auto Printer Sharing Switch_is1) (Version:  - IOGEAR, Inc.)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.01.0000 - Jasc Software Inc)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak DIGITAL GEM Airbrush Professional Plug-In 2.0.0 (HKLM-x32\...\{E33350DF-0A12-4387-B6E8-128C08C0F1FF}) (Version: 2.0.0 - Kodak's Austin Development Center)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MasterCook Deluxe 9 (HKLM-x32\...\{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft) Hidden
MasterCook Deluxe 9 (HKLM-x32\...\InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 71.0.0.7275 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Paradiskus (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Paradiskus) (Version: 6.1.0.0 - TerserTude Ltd.)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PdfPro100 (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\PdfPro100) (Version: 3.0.0 - TerserTude Ltd.)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (HKLM-x32\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Silver Efex Pro (HKLM-x32\...\Silver Efex Pro) (Version: 1.001 - Nik Software, Inc.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Spyder2express (HKLM-x32\...\Spyder2express) (Version:  - )
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Uninstall DreamSuite (HKLM-x32\...\DreamSuite) (Version:  - )
Uninstall Mystical (HKLM-x32\...\Mystical) (Version:  - )
Uninstall MysticalTTC (HKLM-x32\...\MysticalTTC) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WHCC ROES (HKLM-x32\...\{4D255E77-854D-4FBC-BE87-1596F917AB3E}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
WHCC's Digital Studio v5 5 (HKLM-x32\...\WHCC's Digital Studio v5 5) (Version:  - LabPrints)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-24] (Canon Inc.)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.6.0.10_x86__h6adky7gbf63m [2019-12-22] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-14] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-12] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-05-25] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [dropbox-NamespaceExtensionRole.Personal] => C:\Users\Tiffany\Dropbox [2014-01-08 16:48]
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (Sonic Solutions -> TODO: <Company name>)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-16598370-1499477397-4195015670-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-16598370-1499477397-4195015670-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-16598370-1499477397-4195015670-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Tiffany\Desktop\ROES.whcc.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/launch.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\56a6f58e-78a5f5d1"
ShortcutWithArgument: C:\Users\Tiffany\Desktop\WHCC ROES.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-54ae76ec"
ShortcutWithArgument: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES\WHCC ROES.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-54ae76ec"
ShortcutWithArgument: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROES.whcc\ROES.whcc.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/launch.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\56a6f58e-78a5f5d1"
==================== Loaded Modules (Whitelisted) =============
2009-08-19 14:49 - 2009-08-19 14:49 - 000049152 _____ () [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 13:18 - 2009-02-25 13:18 - 001196032 _____ () [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2003-06-06 08:01 - 2003-06-06 08:01 - 000331776 ____R (Accusoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\fpxig.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001830912 ____R (AccuSoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\gear12d.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000856064 ____R (AccuSoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\IGCAD.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000036864 ____R (AccuSoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\IGDGN.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000122880 ____R (AccuSoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\IGFPX.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000090112 ____R (AccuSoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\IGHPGL.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000241664 ____R (AccuSoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\IGJPEG2K.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000110592 ____R (AccuSoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\IGLZW.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000086016 ____R (Accusoft Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JPEGACC.dll
2016-01-10 21:29 - 2015-01-09 08:46 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2016-01-10 21:29 - 2015-01-09 08:44 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2016-01-10 21:28 - 2015-03-17 08:51 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2011-12-01 22:17 - 2009-10-15 14:32 - 000021504 _____ (Creative Technology Ltd.) [File not signed] C:\Windows\system32\EptMon64.dll
2011-12-01 22:17 - 2009-10-15 14:38 - 000017920 _____ (Creative Technology Ltd.) [File not signed] C:\Windows\system32\THXCfg64.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000913408 ____R (Dinkumware, Ltd.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\sxlrt308.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000212480 ____R (Eastman Kodak) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\PCDLIB32.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000069632 _____ (Finisar Corporation) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001163264 ____R (Jasc Software, Inc. & BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascWorkspace.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000950272 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdGeometry.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000180224 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdJGL.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001789952 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdLayers.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000221184 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdLighting.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 004530176 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdNonGraphic.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 002600960 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdPhoto.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000294912 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdPluginHost.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000299008 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdPrint.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000598016 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdPyScript.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001306624 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdSelections.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001351680 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdStandard.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000671744 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdTexture.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000036864 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdUI.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000647168 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdVector.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000593920 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascCmdWeb.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001945600 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascToolObject.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 002834432 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascToolPaint.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000483328 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascToolSelect.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000880640 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascToolStandard.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000524288 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascToolText.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000864256 _____ (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Commands\JascToolWarp.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000466944 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascBrowser.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000135168 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascBrowserUtil.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000036864 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascCapture.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000323584 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascCmdProc.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000110592 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascCMYK.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000094208 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascColorMgr.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001576960 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascCommandBase.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000999424 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascControls.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000131072 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascDebugTools.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000077824 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascErrorCodes.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 002789376 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascFileFormats.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000901120 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascFileUtil.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000053248 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascLanguage.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000212992 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascLayerPalette.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000081920 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascLearningCenter.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000491520 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascMaterialPalette.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000045056 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascMemory.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000323584 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascMIP.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000131072 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascPreferences.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 001028096 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascRender.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000040960 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascSingletonMgr.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000733184 ____R (Jasc Software, Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\JascToolBase.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000069632 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000061440 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 001404928 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000290816 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 001069056 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000049152 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000020480 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.Third-party.Security.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000901120 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000258048 ____R (MGH Software Inc.) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\CMyDB.dll
2012-01-09 22:58 - 2003-06-25 20:00 - 000018192 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\HID.DLL
2019-08-21 04:09 - 2019-08-21 04:09 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
2019-08-21 04:28 - 2019-08-21 04:28 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790\MFC80ENU.DLL
2003-06-06 08:01 - 2003-06-06 08:01 - 000839760 ____R (PythonLabs at Zope Corporation) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\python22.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000015360 _____ (Stan Schultes, VBNetExpert.com) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll
2003-06-06 08:01 - 2003-06-06 08:01 - 000299008 ____R (The University of New South Wales) [File not signed] C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\kdu_v32R.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [104]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\100sexlinks.com -> 100sexlinks.com
There are 5108 more sites.

==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2019-01-04 19:57 - 000000922 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Dell\DW WLAN Card\Driver;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-16598370-1499477397-4195015670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Themes\012.jpg
DNS Servers: 8.26.56.26 - 156.154.70.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{2A313E1C-EC48-46B3-B389-4FD903DAC261}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D450EB3B-8A39-40E7-9F62-69B2D206ED35}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86C55DA3-F14E-4CB5-BC8C-E2218EEEACB2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8367DF95-177E-4374-A495-B4F6F74E3272}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{1519A895-8B97-48C2-BD64-0D05A5D6D8CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{ED99F961-8491-4B6F-839F-EDD013060B3F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{50D26C06-EBBF-4924-8157-AAE87825BB32}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F57ED7B-EBEA-4C76-AFD9-52A0CB120443}] => (Allow) LPort=2869
FirewallRules: [{168F7C84-611D-4BEF-8FB6-BCE361B11B53}] => (Allow) LPort=1900
FirewallRules: [{24FB71C2-EF14-47CA-9F51-0B8D35331E78}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{897B406C-1D72-4A2E-9E2C-C9FE677599B7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59E92472-E628-41F6-922F-293FCF96CB83}] => (Allow) LPort=9700
FirewallRules: [{B0039859-31F9-4292-A0AF-4BA42122AA63}] => (Allow) LPort=9701
FirewallRules: [{87282E68-5C50-45EB-A7DB-DF2BA6353935}] => (Allow) LPort=9702
FirewallRules: [{7FB290AF-02E9-4F8A-85AA-97957CB06E25}] => (Allow) LPort=9700
FirewallRules: [{B5DC518A-3B40-41A7-9810-9358C91F8C6B}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe No File
FirewallRules: [{38FB9E44-0D81-4F60-9948-4350BB9ABA52}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe No File
FirewallRules: [{E6305EF4-17AB-4CDA-8857-6F88B798A10C}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe No File
FirewallRules: [{2AFCCD07-CC03-432E-A62B-DD4C08A8D20F}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe No File
FirewallRules: [{4B13E285-EE86-44D6-A175-6E147073C4A3}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe No File
FirewallRules: [{5EB49D7E-6670-4512-9102-5B165ACB7DF7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{442EC602-A069-4E35-8B43-BE7764F04B1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{65561E5D-EEC0-4FE9-940A-20F0078D59E5}] => (Allow) C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{3DCB6EF5-E517-4C3C-8C41-65ED7262CF25}] => (Allow) C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{7A35B31F-AA6A-4D7F-843A-AE3BECA62D97}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C9D99E0E-D267-42F9-B59B-BFE0AEE57649}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D8B2F572-B153-49FF-B303-3E3CA5246E4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{839EFB08-5041-4067-ACED-05CFA710E8B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FC0E6569-9009-4F34-81DA-DC50120CA12E}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe (Symantec Corporation -> Dell, Inc.)
FirewallRules: [UDP Query User{4CAF471B-29F4-4639-9279-438F375FF45C}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe (Symantec Corporation -> Dell, Inc.)
FirewallRules: [{459080FA-9889-41F3-AF89-2994A6B2D02E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{66588857-8F53-4333-96A0-D0876EB906BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E398ADC7-F41B-42EC-8D55-4B09A2F889EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4F0ACEB3-B111-4EB5-8C93-7CD0E2DA80D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D044261-A5EF-491D-B9F0-A9A5578A6582}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BE35FEA-827C-435C-BAFD-2F1AB32E9167}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6CE5D7C0-D2C0-4946-8B4E-E7E469887F5C}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
==================== Restore Points =========================
30-12-2019 12:19:40 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (12/30/2019 05:08:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11993438
Error: (12/30/2019 05:08:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11993438
Error: (12/30/2019 05:08:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2019 05:08:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11986797
Error: (12/30/2019 05:08:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11986797
Error: (12/30/2019 05:08:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2019 10:46:59 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (12/30/2019 10:46:57 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 11304 and the required size was 38008.

System errors:
=============
Error: (12/20/2019 01:11:06 AM) (Source: DCOM) (EventID: 10010) (User: Tiffany-PC)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXx19q0gyvntjc9d3jsjsfaertqgy617se.mca did not register with DCOM within the required timeout.
Error: (12/16/2019 01:10:05 AM) (Source: DCOM) (EventID: 10010) (User: Tiffany-PC)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXx19q0gyvntjc9d3jsjsfaertqgy617se.mca did not register with DCOM within the required timeout.
Error: (12/11/2019 07:20:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell DataSafe Online service hung on starting.
Error: (12/11/2019 07:17:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
Error: (12/11/2019 07:15:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Error: (12/11/2019 07:14:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (12/11/2019 07:13:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (12/11/2019 07:11:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server Windows.Internal.StateRepository.ApplicationExtension did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2019-08-22 02:18:42.634
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.293.2683.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2019-12-30 13:21:56.034
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2019-12-30 13:21:56.023
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2019-12-30 13:21:56.009
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2019-12-30 13:21:55.999
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2019-12-30 13:21:55.971
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2019-12-30 10:41:12.806
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-30 10:41:12.794
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-30 10:41:12.780
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A06 10/17/2011
Motherboard: Dell Inc. 0Y2MRG
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 12270.41 MB
Available physical RAM: 7651.7 MB
Total Virtual: 24558.41 MB
Available Virtual: 12502.44 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.23 GB) (Free:284.47 GB) NTFS
\\?\Volume{a8cac944-1ca1-11e1-ab06-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.25 GB) (Free:4.91 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 4C82798D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
iMacg3
Posted 30 December 2019 - 10:55 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Welcome. :)

Please give me some time to go over your logs and I'll get back to you as soon as possible.
  • 0

#3
iMacg3
Posted 02 January 2020 - 08:57 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi ekstatman, welcome to the Geeks to Go malware removal forum, and sorry for the delay.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
---------------------------------------------------

It looks like you may have pirated/cracked software on your computer. Not only is this type of software illegal in many places, it is a significant security risk. Viruses, malware, and spyware are often packaged with illegal software.
Please remove any pirated software from your computer, then do the following:

---------------------------------------------------
CKScanner

Download CKScanner by askey127 from here

Important : Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------------
Re-scan with FRST
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • CKFiles.txt
  • FRST.txt
  • Addition.txt

  • 0

#4
ekstatman
Posted 09 January 2020 - 10:33 PM

ekstatman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Hi iMacg3,

 

 CKFiles.txt is below:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 1.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 1.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 2.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 2.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 3.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 3.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 4.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 4.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 5.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 5.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 6.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 6.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 7.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 7.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 8.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\mud cracks 8.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 1.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 1.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 2.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 2.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 3.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 3.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 4.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 4.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 5.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 5.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 6.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 6.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 7.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 7.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 8.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\crackle\paint cracks 8.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\ds1-crackle.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\ds1-crackle.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 1.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 1.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 10.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 10.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 11.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 11.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 12.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 12.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 2.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 2.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 3.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 3.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 4.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 4.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 5.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 5.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 6.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 6.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 7.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 7.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 8.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 8.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 9.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 9.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 1.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 1.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 10.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 10.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 11.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 11.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 12.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 12.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 2.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 2.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 3.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 3.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 4.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 4.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 5.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 5.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 6.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 6.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 7.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 7.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 8.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 8.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 9.iqp
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 9.thm
c:\program files\adobe\adobe photoshop cs5 (64 bit)\plug-ins\dreamsuite\effects\crackle
c:\program files\adobe\adobe photoshop cs5 (64 bit)\presets\brushes\crack_decay_peel_brush_sampler_by_frozenstarro.abr
c:\program files\adobe\adobe photoshop cs5 (64 bit)\presets\brushes\ss-cracks.abr
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 1.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 1.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 2.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 2.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 3.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 3.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 4.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 4.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 5.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 5.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 6.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 6.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 7.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 7.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 8.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\mud cracks 8.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 1.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 1.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 2.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 2.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 3.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 3.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 4.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 4.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 5.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 5.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 6.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 6.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 7.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 7.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 8.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\crackle\paint cracks 8.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\ds1-crackle.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\ds1-crackle.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 1.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 1.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 10.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 10.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 11.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 11.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 12.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 12.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 2.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 2.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 3.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 3.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 4.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 4.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 5.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 5.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 6.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 6.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 7.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 7.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 8.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 8.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 9.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\flower 9.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 1.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 1.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 10.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 10.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 11.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 11.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 12.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 12.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 2.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 2.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 3.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 3.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 4.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 4.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 5.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 5.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 6.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 6.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 7.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 7.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 8.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 8.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 9.iqp
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effect presets\layers\series one\crackle\sunflower 9.thm
c:\program files (x86)\adobe\adobe photoshop cs5\plug-ins\dreamsuite\effects\crackle
c:\program files (x86)\adobe\adobe photoshop cs5\presets\brushes\crack_decay_peel_brush_sampler_by_frozenstarro.abr
c:\program files (x86)\adobe\adobe photoshop cs5\presets\brushes\ss-cracks.abr
c:\program files (x86)\cyberlink\powerdvd9\navfilter\kmsvc.exe
c:\users\tiffany\desktop\mystical tint tone & color\keygen.exe
c:\users\tiffany\music\itunes\itunes music\alberto lizzio_ london festival orchestr\ballet classics_ nutcracker suite - swan\08 tchaikovsky_ the nutcracker suite.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\09 introduction.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\10 l'oiseau de feu et sa danse.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\11 variation de l'oiseau de feu.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\13 danse infernale du roi kaschtei.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\14 berceuse.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\15 final.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\16 polonaise.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\17 pas de quarte.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\18 krakowiak.m4a
c:\users\tiffany\music\itunes\itunes music\ballet classics\ballet classics_ nutcracker suite - swan\20 march.m4a
c:\users\tiffany\music\itunes\itunes music\boston pops orchestra\salute to disney\08 the nutcracker (suite).m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\01 khachaturian_ gayaneh - sabre dan.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\02 introduction_ the lilac fairy.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\03 pas d'action.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\04 tchaikovsky_ sleeping beauty suit.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\05 tchaikovsky_ sleeping beauty suit.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\06 tchaikovsky_ sleeping beauty, op..m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\07 1st picture_ fete populaire de la.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\08 danse russe.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\09 2nd picture_ chez petrouchka.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\10 3rd picture_ chez le maure. danse.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\11 valse. la ballerine et le maure.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\12 4th picture_ fete populaire de la.m4a
c:\users\tiffany\music\itunes\itunes music\compilations\ballet classics_ nutcracker suite - swan\13 ravel_ boléro.m4a
c:\users\tiffany\music\itunes\itunes music\neil diamond\the greatest hits 1966-1992 [disc 1]\1-14 cracklin' rosie.m4a
c:\users\tiffany\music\itunes\itunes music\paris radio symphony orchestra\ballet classics_ nutcracker suite - swan\19 debussy_ prélude À l'après-midi d.m4a
c:\users\tiffany\music\itunes\itunes music\peter ilyich tchaikovsky\ballet classics_ nutcracker suite - swan\01 tchaikovsky_ the nutcracker suite.m4a
c:\users\tiffany\music\itunes\itunes music\peter ilyich tchaikovsky\ballet classics_ nutcracker suite - swan\02 tchaikovsky_ the nutcracker suite.m4a
c:\users\tiffany\music\itunes\itunes music\peter ilyich tchaikovsky\ballet classics_ nutcracker suite - swan\03 tchaikovsky_ the nutcracker suite.m4a
c:\users\tiffany\music\itunes\itunes music\peter ilyich tchaikovsky\ballet classics_ nutcracker suite - swan\04 tchaikovsky_ the nutcracker suite.m4a
c:\users\tiffany\music\itunes\itunes music\peter ilyich tchaikovsky\ballet classics_ nutcracker suite - swan\05 tchaikovsky_ the nutcracker suite.m4a
c:\users\tiffany\music\itunes\itunes music\peter ilyich tchaikovsky\ballet classics_ nutcracker suite - swan\06 tchaikovsky_ the nutcracker suite.m4a
c:\users\tiffany\music\itunes\itunes music\peter ilyich tchaikovsky\ballet classics_ nutcracker suite - swan\07 tchaikovsky_ the nutcracker suite.m4a
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.18362.1_none_8f03ecc82cf7c75c\ssh-keygen.exe
hosts 127.0.0.1                   activate.adobe.com
hosts 127.0.0.1                   practivate.adobe.com
scanner sequence 3.ZZ.11.RSABH0
 ----- EOF -----
 

Next is the FRST.txt file:

 

 

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{37ef24cf-62bb-4f6b-b274-2e8996d27f33}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{37ef24cf-62bb-4f6b-b274-2e8996d27f33}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b1347ba8-b255-43ca-9188-c5cfa2650ddc}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{b1347ba8-b255-43ca-9188-c5cfa2650ddc}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-16598370-1499477397-4195015670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> DefaultScope {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://mysearch.avg.com/search?cid={AE070354-6493-49D0-9256-55BBAFBD06BA}&mid=1e9e7d76c69b47d382f7c94a35379396-85116faf5f6267821ce8bd8b6ae342ca2bc2311a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615tb&pr=fr&d=2014-02-06 20:21:08&v=19.0.0.10&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Edge:
======
DownloadDir: C:\Users\Tiffany\Downloads
FireFox:
========
FF DefaultProfile: cm5j4z02.default
FF ProfilePath: C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default [2020-01-09]
FF Homepage: Mozilla\Firefox\Profiles\cm5j4z02.default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-b8dee14f
FF Notifications: Mozilla\Firefox\Profiles\cm5j4z02.default -> hxxps://www.facebook.com
FF HomepageOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: [email protected]
FF Extension: (Mozilla add-on that supports the roll-out of DoH) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-11-30]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-12-26]
FF Extension: (Avast Online Security) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2020-01-09]
FF Extension: (FromDocToPDF) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-11-19] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=207743773&version=8.924.16.54486&track=TTAB02&trackRevision=1&fromId=_65Members_%40download.fromdoctopdf.com&isBridgeExtension=false]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-11] (Adobe Inc. -> )
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-09-29] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-09-29] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-23] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink -> CyberLink)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [253528 2015-07-09] (Canon Inc. -> )
R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [4375880 2014-11-18] (Symantec Corporation -> Dell, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] (RealNetworks, Inc. -> )
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-09-22] (Dell Inc -> SoftThinks SAS)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-22] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvlddmkm.sys [13754928 2016-08-26] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-22] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-09 23:21 - 2020-01-09 23:21 - 000000000 ____D C:\Users\Tiffany\Desktop\FRST-OlderVersion
2020-01-09 23:19 - 2020-01-09 23:19 - 000025503 _____ C:\Users\Tiffany\Desktop\ckfiles.txt
2020-01-09 21:53 - 2020-01-09 21:52 - 000129080 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2020-01-09 21:49 - 2020-01-09 21:49 - 000468480 _____ () C:\Users\Tiffany\Desktop\CKScanner.exe
2020-01-09 21:47 - 2020-01-09 21:47 - 000003582 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-16598370-1499477397-4195015670-1000
2020-01-09 21:47 - 2020-01-09 21:47 - 000003518 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-16598370-1499477397-4195015670-1000
2020-01-09 13:15 - 2020-01-09 13:15 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-01-05 23:18 - 2020-01-05 23:18 - 000001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2020-01-05 23:18 - 2020-01-05 23:18 - 000000000 ____D C:\Users\Tiffany\Documents\Adobe
2020-01-05 23:18 - 2020-01-05 23:18 - 000000000 ____D C:\Users\Tiffany\AppData\Local\UXP
2020-01-05 23:06 - 2020-01-05 23:06 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2020-01-05 23:06 - 2020-01-05 23:06 - 000001040 _____ C:\Users\Tiffany\Desktop\Lightroom.lnk
2020-01-05 23:04 - 2020-01-09 21:50 - 000000000 ___RD C:\Users\Tiffany\Creative Cloud Files
2020-01-05 23:00 - 2020-01-09 21:23 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-01-05 23:00 - 2020-01-09 21:23 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-01-05 23:00 - 2020-01-05 23:00 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-01-05 22:59 - 2020-01-05 22:59 - 000001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2020-01-05 22:59 - 2020-01-05 22:59 - 000001354 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2020-01-05 22:59 - 2020-01-05 22:59 - 000001354 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
2019-12-30 22:26 - 2020-01-09 23:23 - 000017788 _____ C:\Users\Tiffany\Desktop\FRST.txt
2019-12-30 22:25 - 2020-01-09 23:22 - 000000000 ____D C:\FRST
2019-12-30 22:23 - 2020-01-09 23:21 - 002573312 _____ (Farbar) C:\Users\Tiffany\Desktop\FRST64.exe
2019-12-30 22:18 - 2019-12-30 22:18 - 002272256 _____ (Farbar) C:\Users\Tiffany\Downloads\FRST64.exe
2019-12-19 15:25 - 2019-12-19 15:26 - 000000000 ____D C:\ProgramData\SWRoes
2019-12-19 15:25 - 2019-12-19 15:25 - 000002455 _____ C:\Users\Public\Desktop\WHCC ROES.lnk
2019-12-19 15:25 - 2019-12-19 15:25 - 000002455 _____ C:\ProgramData\Desktop\WHCC ROES.lnk
2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\ROES
2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WHCC ROES
2019-12-19 15:25 - 2019-12-19 15:25 - 000000000 ____D C:\Program Files (x86)\ROES
2019-12-19 15:15 - 2019-12-19 15:15 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\java
2019-12-19 15:14 - 2020-01-09 21:53 - 000002557 _____ C:\Users\Tiffany\Desktop\WHCC ROES.lnk
2019-12-19 15:14 - 2019-12-19 22:39 - 000000000 ____D C:\Users\Tiffany\.WHCCROES
2019-12-19 15:14 - 2019-12-19 15:14 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES
2019-12-19 15:14 - 2019-12-19 15:14 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Sun
2019-12-12 22:38 - 2019-12-12 22:38 - 003580468 _____ C:\Users\Tiffany\Downloads\132444881.jpeg
2019-12-12 22:38 - 2019-12-12 22:38 - 003578842 _____ C:\Users\Tiffany\Downloads\132444864.jpeg
2019-12-12 22:38 - 2019-12-12 22:38 - 003576603 _____ C:\Users\Tiffany\Downloads\132444874.jpeg
2019-12-12 22:38 - 2019-12-12 22:38 - 003510904 _____ C:\Users\Tiffany\Downloads\132444862.jpeg
2019-12-12 22:37 - 2019-12-12 22:37 - 003548364 _____ C:\Users\Tiffany\Downloads\132444878.jpeg
2019-12-11 17:24 - 2019-12-11 17:24 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-11 17:24 - 2019-12-11 17:24 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-11 17:24 - 2019-12-11 17:24 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-11 17:24 - 2019-12-11 17:24 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-11 17:24 - 2019-12-11 17:24 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-11 17:24 - 2019-12-11 17:24 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-11 16:33 - 2019-12-11 16:33 - 002579467 _____ C:\Users\Tiffany\Desktop\AdultSizeEarTemplate.pdf
2019-12-11 16:32 - 2019-12-11 16:32 - 001094469 _____ C:\Users\Tiffany\Desktop\SpacingTemplate.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-09 23:16 - 2012-01-28 10:38 - 000000000 ____D C:\Users\Tiffany\AppData\Local\ElevatedDiagnostics
2020-01-09 23:08 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-09 22:57 - 2012-01-15 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto FX Software
2020-01-09 22:03 - 2012-01-22 11:37 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Nero
2020-01-09 21:53 - 2013-09-29 15:43 - 000000000 ____D C:\Program Files\Java
2020-01-09 21:53 - 2013-09-29 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-01-09 21:53 - 2013-09-29 15:42 - 000000000 ____D C:\Program Files (x86)\Java
2020-01-09 21:52 - 2013-09-29 15:43 - 000129080 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-01-09 21:51 - 2013-11-06 19:42 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-01-09 21:51 - 2013-09-29 15:42 - 000114232 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2020-01-09 21:49 - 2018-08-23 17:19 - 000000000 ____D C:\Users\Tiffany\AppData\Local\AVAST Software
2020-01-09 21:44 - 2016-09-30 03:05 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2020-01-09 21:44 - 2016-09-30 03:05 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2020-01-09 21:43 - 2011-12-01 22:14 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2020-01-09 21:42 - 2016-05-05 00:08 - 000153072 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys
2020-01-09 21:41 - 2019-08-21 01:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-09 21:40 - 2019-08-21 00:45 - 000000000 ____D C:\Users\Tiffany
2020-01-09 21:40 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-01-09 21:33 - 2011-12-01 22:26 - 000000000 ____D C:\ProgramData\Adobe
2020-01-09 21:33 - 2011-12-01 22:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-01-09 21:32 - 2016-02-20 13:27 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-01-09 21:21 - 2014-08-01 17:54 - 000000000 ____D C:\Users\Tiffany\Desktop\PhotoshopPrograms
2020-01-09 21:18 - 2019-08-21 01:09 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{326376A5-4C85-4AC2-A8E5-C1782EE661E3}
2020-01-09 21:17 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-09 21:12 - 2012-01-15 22:29 - 000000000 ____D C:\Program Files (x86)\Jasc Software Inc
2020-01-09 21:09 - 2012-01-15 16:55 - 000000000 ____D C:\Program Files\Adobe
2020-01-09 21:00 - 2019-08-21 01:09 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-09 20:59 - 2019-08-21 00:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-09 17:13 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-09 17:13 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-09 16:20 - 2016-02-20 16:08 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-09 13:16 - 2014-01-08 16:47 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Dropbox
2020-01-09 12:48 - 2016-11-23 11:48 - 000000000 ____D C:\Users\Tiffany\AppData\LocalLow\Mozilla
2020-01-09 12:45 - 2019-05-06 11:22 - 000000000 ____D C:\Users\Tiffany\AppData\Local\CrashDumps
2020-01-07 23:10 - 2018-07-27 16:29 - 000000000 ____D C:\Users\Tiffany\AppData\Local\D3DSCache
2020-01-05 23:18 - 2012-01-09 21:11 - 000000000 ____D C:\Users\Tiffany\AppData\Roaming\Adobe
2020-01-05 23:07 - 2012-01-15 17:00 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Adobe
2020-01-05 23:02 - 2018-06-25 15:42 - 000000000 ____D C:\ProgramData\Packages
2020-01-05 23:02 - 2017-12-29 02:17 - 000000000 ____D C:\Users\Tiffany\AppData\Local\Packages
2020-01-05 22:58 - 2017-07-14 22:24 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-30 22:32 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-30 22:15 - 2016-01-10 21:24 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-12-22 23:30 - 2012-01-15 22:29 - 000000000 ____D C:\Users\Tiffany\Documents\My PSP8 Files
2019-12-19 15:14 - 2012-01-29 02:04 - 000000000 ____D C:\Users\Tiffany\.roescache
2019-12-19 09:34 - 2016-08-07 08:12 - 000000000 ____D C:\Users\Tiffany\Documents\Outlook Files
2019-12-11 19:17 - 2019-08-21 00:57 - 000972220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-11 19:13 - 2018-01-03 14:56 - 000000000 ___RD C:\Users\Tiffany\3D Objects
2019-12-11 19:13 - 2016-05-05 21:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-11 19:12 - 2019-08-21 00:34 - 005712024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-11 19:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-11 19:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-11 19:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-11 17:52 - 2013-07-29 02:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-11 17:31 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-11 17:31 - 2012-01-09 22:27 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 16:26 - 2019-08-21 00:45 - 000000000 ____D C:\Users\DefaultAppPool
2019-12-11 16:26 - 2019-08-21 00:44 - 000000000 ____D C:\Users\TiffanyK
2019-12-11 16:12 - 2019-12-06 01:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-12-11 16:12 - 2013-06-08 17:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-11 01:13 - 2019-08-21 01:09 - 000004582 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-11 01:13 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-11 01:13 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
==================== Files in the root of some directories ========
2009-07-19 20:42 - 2009-07-19 20:42 - 000000000 _____ () C:\Users\Tiffany\settings.dat
2013-08-26 11:40 - 2014-06-02 15:32 - 000003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2006-12-14 21:40 - 2008-01-08 19:21 - 000000426 _____ () C:\Users\Tiffany\AppData\Roaming\wklnhst.dat
2018-05-24 20:15 - 2006-08-19 17:00 - 000000136 _____ () C:\Users\Tiffany\AppData\Local\fusioncache.dat
2020-01-05 23:07 - 2020-01-05 23:07 - 000000000 _____ () C:\Users\Tiffany\AppData\Local\oobelibMkey.log
2012-04-25 09:37 - 2012-04-25 09:37 - 000000017 _____ () C:\Users\Tiffany\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
 

 

Finally, the Addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by Tiffany (09-01-2020 23:24:55)
Running from C:\Users\Tiffany\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-08-21 06:10:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-16598370-1499477397-4195015670-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-16598370-1499477397-4195015670-503 - Limited - Disabled)
Guest (S-1-5-21-16598370-1499477397-4195015670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-16598370-1499477397-4195015670-1002 - Limited - Enabled)
Tiffany (S-1-5-21-16598370-1499477397-4195015670-1000 - Administrator - Enabled) => C:\Users\Tiffany
TiffanyK (S-1-5-21-16598370-1499477397-4195015670-1003 - Limited - Enabled) => C:\Users\TiffanyK
WDAGUtilityAccount (S-1-5-21-16598370-1499477397-4195015670-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Lightroom (HKLM-x32\...\LRCC_3_1) (Version: 3.1 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.2.2153.120 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.0.0 - Canon Inc.)
Canon MG6800 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6800_series) (Version: 1.00 - Canon Inc.)
Canon MG6800 series On-screen Manual (HKLM-x32\...\Canon MG6800 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG6800 series User Registration (HKLM-x32\...\Canon MG6800 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Carbonite (HKLM-x32\...\{9C78C26C-C5B3-4B1C-8B13-802223B2614D}) (Version: 6.3.5 build 8094 (Apr-30-2019) - Carbonite)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}) (Version: 2.2.3000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell System Detect - 1  (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell System Detect (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell VideoStage  (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Dropbox) (Version: 88.4.172 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Get the Picture! (HKLM-x32\...\{E34064E2-9056-C148-8957-2FD78464F743}) (Version: 2.3.4 - Image Holdings) Hidden
Get the Picture! (HKLM-x32\...\com.image.getthepicture) (Version: 2.3.4 - Image Holdings)
High-Definition Video Playback (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.3.10000.0.0 - Nero AG) Hidden
IOGEAR Auto Printer Sharing Switch 2.0 (HKLM-x32\...\IOGEAR Auto Printer Sharing Switch_is1) (Version:  - IOGEAR, Inc.)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak DIGITAL GEM Airbrush Professional Plug-In 2.0.0 (HKLM-x32\...\{E33350DF-0A12-4387-B6E8-128C08C0F1FF}) (Version: 2.0.0 - Kodak's Austin Development Center)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MasterCook Deluxe 9 (HKLM-x32\...\{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft) Hidden
MasterCook Deluxe 9 (HKLM-x32\...\InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 71.0.0.7275 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Paradiskus (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\Paradiskus) (Version: 6.1.0.0 - TerserTude Ltd.)
PdfPro100 (HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\PdfPro100) (Version: 3.0.0 - TerserTude Ltd.)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (HKLM-x32\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Spyder2express (HKLM-x32\...\Spyder2express) (Version:  - )
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Uninstall DreamSuite (HKLM-x32\...\DreamSuite) (Version:  - )
Uninstall Mystical (HKLM-x32\...\Mystical) (Version:  - )
Uninstall MysticalTTC (HKLM-x32\...\MysticalTTC) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WHCC ROES (HKLM-x32\...\{4D255E77-854D-4FBC-BE87-1596F917AB3E}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
WHCC's Digital Studio v5 5 (HKLM-x32\...\WHCC's Digital Studio v5 5) (Version:  - LabPrints)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-01-05] (Adobe Systems Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.7.0_x86__kgqvnymyfvs32 [2020-01-09] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-24] (Canon Inc.)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.6.0.10_x86__h6adky7gbf63m [2019-12-22] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-14] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-12] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-05-25] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-51D2F8E4CAE7} -> [Creative Cloud Files] => C:\Users\Tiffany\Creative Cloud Files [2020-01-05 23:04]
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [dropbox-NamespaceExtensionRole.Personal] => C:\Users\Tiffany\Dropbox [2014-01-08 16:48]
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16598370-1499477397-4195015670-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (Sonic Solutions -> TODO: <Company name>)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-04-30] (Carbonite -> Carbonite, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-16598370-1499477397-4195015670-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-16598370-1499477397-4195015670-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-16598370-1499477397-4195015670-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Tiffany\Desktop\ROES.whcc.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/launch.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\56a6f58e-78a5f5d1"
ShortcutWithArgument: C:\Users\Tiffany\Desktop\WHCC ROES.lnk -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-54ae76ec"
ShortcutWithArgument: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES\WHCC ROES.lnk -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-54ae76ec"
ShortcutWithArgument: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROES.whcc\ROES.whcc.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.roeslaunch.com/ROES/labs/WHCC/launch.jnlp "C:\Users\Tiffany\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\56a6f58e-78a5f5d1"
==================== Loaded Modules (Whitelisted) =============
2009-08-19 14:49 - 2009-08-19 14:49 - 000049152 _____ () [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 13:18 - 2009-02-25 13:18 - 001196032 _____ () [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2016-01-10 21:39 - 2014-02-17 14:35 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2016-01-10 21:29 - 2015-01-09 08:46 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2016-01-10 21:29 - 2015-01-09 08:44 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2016-01-10 21:39 - 2015-04-20 18:06 - 000588800 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2016-01-10 21:28 - 2015-03-17 08:51 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2011-12-01 22:17 - 2009-10-15 14:32 - 000021504 _____ (Creative Technology Ltd.) [File not signed] C:\Windows\system32\EptMon64.dll
2011-12-01 22:17 - 2009-10-15 14:38 - 000017920 _____ (Creative Technology Ltd.) [File not signed] C:\Windows\system32\THXCfg64.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000069632 _____ (Finisar Corporation) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000069632 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000061440 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 001404928 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000290816 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 001069056 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000049152 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000020480 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.Third-party.Security.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 000901120 _____ (Memeo Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll
2012-01-09 22:58 - 2003-06-25 20:00 - 000018192 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\IOGEAR Auto Printer Sharing Switch\HID.DLL
2019-08-21 04:09 - 2019-08-21 04:09 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
2019-08-21 04:28 - 2019-08-21 04:28 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790\MFC80ENU.DLL
2009-08-19 14:49 - 2009-08-19 14:49 - 000015360 _____ (Stan Schultes, VBNetExpert.com) [File not signed] C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [104]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-16598370-1499477397-4195015670-1000\...\100sexlinks.com -> 100sexlinks.com
There are 5108 more sites.

==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2019-01-04 19:57 - 000000922 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Dell\DW WLAN Card\Driver;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-16598370-1499477397-4195015670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Themes\012.jpg
DNS Servers: 8.26.56.26 - 156.154.70.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{2A313E1C-EC48-46B3-B389-4FD903DAC261}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D450EB3B-8A39-40E7-9F62-69B2D206ED35}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86C55DA3-F14E-4CB5-BC8C-E2218EEEACB2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8367DF95-177E-4374-A495-B4F6F74E3272}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{1519A895-8B97-48C2-BD64-0D05A5D6D8CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{ED99F961-8491-4B6F-839F-EDD013060B3F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{50D26C06-EBBF-4924-8157-AAE87825BB32}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F57ED7B-EBEA-4C76-AFD9-52A0CB120443}] => (Allow) LPort=2869
FirewallRules: [{168F7C84-611D-4BEF-8FB6-BCE361B11B53}] => (Allow) LPort=1900
FirewallRules: [{24FB71C2-EF14-47CA-9F51-0B8D35331E78}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{897B406C-1D72-4A2E-9E2C-C9FE677599B7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59E92472-E628-41F6-922F-293FCF96CB83}] => (Allow) LPort=9700
FirewallRules: [{B0039859-31F9-4292-A0AF-4BA42122AA63}] => (Allow) LPort=9701
FirewallRules: [{87282E68-5C50-45EB-A7DB-DF2BA6353935}] => (Allow) LPort=9702
FirewallRules: [{7FB290AF-02E9-4F8A-85AA-97957CB06E25}] => (Allow) LPort=9700
FirewallRules: [{B5DC518A-3B40-41A7-9810-9358C91F8C6B}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe No File
FirewallRules: [{38FB9E44-0D81-4F60-9948-4350BB9ABA52}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe No File
FirewallRules: [{E6305EF4-17AB-4CDA-8857-6F88B798A10C}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe No File
FirewallRules: [{2AFCCD07-CC03-432E-A62B-DD4C08A8D20F}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe No File
FirewallRules: [{4B13E285-EE86-44D6-A175-6E147073C4A3}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe No File
FirewallRules: [{5EB49D7E-6670-4512-9102-5B165ACB7DF7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{442EC602-A069-4E35-8B43-BE7764F04B1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{65561E5D-EEC0-4FE9-940A-20F0078D59E5}] => (Allow) C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{3DCB6EF5-E517-4C3C-8C41-65ED7262CF25}] => (Allow) C:\Users\Tiffany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{7A35B31F-AA6A-4D7F-843A-AE3BECA62D97}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C9D99E0E-D267-42F9-B59B-BFE0AEE57649}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D8B2F572-B153-49FF-B303-3E3CA5246E4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{839EFB08-5041-4067-ACED-05CFA710E8B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FC0E6569-9009-4F34-81DA-DC50120CA12E}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe (Symantec Corporation -> Dell, Inc.)
FirewallRules: [UDP Query User{4CAF471B-29F4-4639-9279-438F375FF45C}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe (Symantec Corporation -> Dell, Inc.)
FirewallRules: [{459080FA-9889-41F3-AF89-2994A6B2D02E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{66588857-8F53-4333-96A0-D0876EB906BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E398ADC7-F41B-42EC-8D55-4B09A2F889EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4F0ACEB3-B111-4EB5-8C93-7CD0E2DA80D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D044261-A5EF-491D-B9F0-A9A5578A6582}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BE35FEA-827C-435C-BAFD-2F1AB32E9167}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6CE5D7C0-D2C0-4946-8B4E-E7E469887F5C}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (01/09/2020 11:22:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (264,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/09/2020 11:08:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5892,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/09/2020 10:38:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15152,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/09/2020 10:04:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3836,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/09/2020 09:39:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
Error: (01/09/2020 09:39:50 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (01/09/2020 09:23:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (21096,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/09/2020 09:17:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (21076,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (01/09/2020 09:49:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
Error: (01/09/2020 09:47:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Error: (01/09/2020 09:45:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/09/2020 09:43:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server Windows.Internal.StateRepository.ApplicationExtension did not register with DCOM within the required timeout.
Error: (01/09/2020 09:43:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the WDSmartWareBackgroundService service to connect.
Error: (01/09/2020 09:40:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.
Error: (12/20/2019 01:11:06 AM) (Source: DCOM) (EventID: 10010) (User: Tiffany-PC)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXx19q0gyvntjc9d3jsjsfaertqgy617se.mca did not register with DCOM within the required timeout.
Error: (12/16/2019 01:10:05 AM) (Source: DCOM) (EventID: 10010) (User: Tiffany-PC)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXx19q0gyvntjc9d3jsjsfaertqgy617se.mca did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2019-08-22 02:18:42.634
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.293.2683.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2020-01-09 21:50:39.011
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2020-01-09 21:50:38.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2020-01-09 21:50:38.967
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2020-01-09 21:45:51.363
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-09 21:45:51.348
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-09 21:45:51.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-09 21:45:51.312
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-09 21:45:51.291
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A06 10/17/2011
Motherboard: Dell Inc. 0Y2MRG
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 12270.41 MB
Available physical RAM: 7287.46 MB
Total Virtual: 24558.41 MB
Available Virtual: 17608.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.23 GB) (Free:286.17 GB) NTFS
\\?\Volume{a8cac944-1ca1-11e1-ab06-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.25 GB) (Free:4.91 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 4C82798D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)

  • 0

#5
iMacg3
Posted 12 January 2020 - 11:44 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi ekstatman,

Sorry for the delay.

The FRST.txt log is incomplete. Try attaching it. (Click More Reply Options > Attach Files.)
  • 0

#6
ekstatman
Posted 14 January 2020 - 09:02 PM

ekstatman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Hi,

 

   I have attached the FRST.txt file and the Addition.txt file just in case. :)

 

Thanks,

Ekstatman

Attached Files


  • 0

#7
iMacg3
Posted 15 January 2020 - 09:15 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi ekstatman,

It looks like FRST may have ran into a problem during the scan, as the log header is incomplete. Please run a new scan with FRST and copy/paste the contents of FRST.txt to your reply.
  • 0

#8
ekstatman
Posted 15 January 2020 - 11:23 PM

ekstatman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Hi,

 

   FRST.txt is attached after the rerun.

 

Thanks,

Ekstatman

Attached Files

  • Attached File  FRST.txt   53.28KB   154 downloads

Edited by ekstatman, 15 January 2020 - 11:24 PM.

  • 0

#9
iMacg3
Posted 20 January 2020 - 11:08 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Are the Adobe programs on your computer properly activated and have a valid license?
  • 0

#10
ekstatman
Posted 21 January 2020 - 04:54 AM

ekstatman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Yes. We had an older version that I uninstalled and we are running the subscription service from Adobe for the Creative Cloud.
  • 0

Advertisements

#11
iMacg3
Posted 22 January 2020 - 10:09 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi ekstatman,

Did you set the following Firewall Rules to block Firefox from connecting to the Internet?
 

FirewallRules: [UDP Query User{2A313E1C-EC48-46B3-B389-4FD903DAC261}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D450EB3B-8A39-40E7-9F62-69B2D206ED35}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)


---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Task: {06E5D9C6-D292-4E6C-BEA8-B0B28542135E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0A077B24-D56D-40F8-8C8B-5146D021D9A4} - System32\Tasks\{86E5F0AB-44C4-4C00-867C-EBF53E9006AF} => C:\Windows\system32\pcalua.exe -a D:\win/GetThePictureInstaller.exe -d D:\
Task: {0C499099-919E-49BC-94C8-6B200A4E4E79} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {14D046B4-64C2-403F-8B90-5D8EBBE5B5B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3285CDC2-60C7-4188-92FA-83136AF36F72} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {35fbe524-06e5-45e6-8927-db455bb9688e} - no filepath
Task: {4B0620D6-C7BA-4069-A9BE-F3B05CD7FD98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4C8C3467-1094-4553-AF0C-CB96A9991AD4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {56C42933-0E1C-4792-B73B-D0D794094B18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5889BDA8-F4E9-4CF0-8661-5864BE5514B3} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {61235504-6481-4085-BDD2-B0702D3C78A1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {61961F83-1A8B-442F-BE23-8CAEE1551D8E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6AED44DC-5223-468E-83B3-B0BE6C3A3429} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {78440926-E24D-4692-94E9-EF5E30783F29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {78D06E72-D478-4CBF-995C-AC2E3ABE06EB} - System32\Tasks\{24E2DEF5-BB76-4294-B0CD-202B2AFD3F3F} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tiffany\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9E0OBVS6\ps902.exe" -d C:\Users\Tiffany\Desktop
Task: {9BEDF6ED-986D-4A83-BF42-5DE0ABE3AC5B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A06642A6-4C1F-4FD2-A577-308574BCAB59} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CBB728B1-A148-43A7-B705-E4038F0C25CD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D901DD0C-EC27-49D9-8B6D-E34FE4716212} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E114051E-1F41-4718-83AB-91E927BC813C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ECAC882D-8459-48D6-BC4B-61B46D58A957} - System32\Tasks\{BB8EF683-E171-4F57-8FB4-5BE00B9C776C} => C:\Windows\system32\pcalua.exe -a "D:\Nik\Color Efex Pro 3.1\ColorEfexPro3Cpl-rev3.101EN.exe" -d "D:\Nik\Color Efex Pro 3.1"
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = 
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> DefaultScope {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {740D10C0-1120-4DB2-8337-83413B8FBEB3} URL = hxxp://go.paradiskus.com/?B9371EE09A8FF0128D28715DBFE6196F=H1xAXFBDXlxZUVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LUyknNy4nNikoW1FCXlFCLllaWTdfWEVfWF1VRV5WQCsrWSMxKFNCV1k&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-16598370-1499477397-4195015670-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://mysearch.avg.com/search?cid={AE070354-6493-49D0-9256-55BBAFBD06BA}&mid=1e9e7d76c69b47d382f7c94a35379396-85116faf5f6267821ce8bd8b6ae342ca2bc2311a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615tb&pr=fr&d=2014-02-06 20:21:08&v=19.0.0.10&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF HomepageOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\cm5j4z02.default -> Disabled: [email protected]
FF Extension: (FromDocToPDF) - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\cm5j4z02.default\Extensions\[email protected] [2019-11-19] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=207743773&version=8.924.16.54486&track=TTAB02&trackRevision=1&fromId=_65Members_%40download.fromdoctopdf.com&isBridgeExtension=false]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2013-08-26 11:40 - 2014-06-02 15:32 - 000003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [104]
Hosts:
FirewallRules: [{B5DC518A-3B40-41A7-9810-9358C91F8C6B}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe No File
FirewallRules: [{38FB9E44-0D81-4F60-9948-4350BB9ABA52}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe No File
FirewallRules: [{E6305EF4-17AB-4CDA-8857-6F88B798A10C}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe No File
FirewallRules: [{2AFCCD07-CC03-432E-A62B-DD4C08A8D20F}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe No File
FirewallRules: [{4B13E285-EE86-44D6-A175-6E147073C4A3}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe No File
FirewallRules: [{5EB49D7E-6670-4512-9102-5B165ACB7DF7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{442EC602-A069-4E35-8B43-BE7764F04B1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
EmptyTemp:
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner log.

  • 0

#12
ekstatman
Posted 23 January 2020 - 07:40 PM

ekstatman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Hi,

 

   No, we did not intentionally set any firewall rules for Firefox. Attached are the Fixlog.txt and AdwCleaner.log files.

 

Thanks,

Ekstatman 

Attached Files


  • 0

#13
iMacg3
Posted 25 January 2020 - 11:53 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi ekstatman,

---------------------------------------------------
AdwCleaner - Clean

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Ensure all boxes are checked and then click Quarantine
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start AdwCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include:

  • AdwCleaner log
  • ESET log

  • 0

#14
ekstatman
Posted 26 January 2020 - 09:45 PM

ekstatman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Hi,

 

   Attached are the AdCleaner log and eset.txt.

 

Thanks,

 

Ekstatman

Attached Files


  • 0

#15
iMacg3
Posted 27 January 2020 - 11:33 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi ekstatman,

Please run a new scan with FRST and post both reports to your reply. (FRST.txt and Addition.txt)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP