Jump to content

neiljacobson

Members
  • Content Count

    13
  • Joined

  • Last visited

About neiljacobson

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. the problem recurred today. Malware found 5 threats. I reran FRST. The logs are attached Addition.txt FRST.txt Malware 2019-08-13.txt
  2. See attached, by the way, I think the problem is not all fixed. Although the virus is gone, firefox is using abnormally high memory and cpu FRST.txt
  3. I think that worked? I reran the Adwcleaner after I ran the 'fix'. No threats were found. Thank you!
  4. I can't find Yahoo Powered., There is no 'fix button' in fixlist.txt, Should I just run https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx
  5. see attached AdwCleaner[C24].txt AdwCleaner[S24].txt AdwCleaner[S23].txt AdwCleaner[C22].txt
  6. AdwCleaner[C24].txt AdwCleaner[S24].txt Addition.txt FRST.txt
  7. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019 Ran by Neil (11-08-2019 08:28:42) Running from C:\Users\Neil\Dropbox\Apps Windows 10 Home Version 1903 18362.239 (X64) (2019-06-23 06:23:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2600175624-1016130486-685330733-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2600175624-1016130486-685330733-503 - Limited - Disabled) defaultuser0 (S-1-5-21-2600175624-1016130486-685330733-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-2600175624-1016130486-685330733-501 - Limited - Disabled) Neil (S-1-5-21-2600175624-1016130486-685330733-1001 - Administrator - Enabled) => C:\Users\Neil WDAGUtilityAccount (S-1-5-21-2600175624-1016130486-685330733-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActiveWords (HKLM-x32\...\ActiveWords) (Version: Version 3 - ActiveWord Systems, Inc.) ActiveWords 4 (HKLM-x32\...\{863A6595-B249-4BBA-8CCE-1A7AF46DA597}) (Version: 4.0.12146.810 - ActiveWords Systems, Inc.) Hidden ActiveWords 4 (HKLM-x32\...\{db48dcec-9249-42a6-87d6-ec9ed3b4b10b}) (Version: 4.0.12146.810 - ActiveWords Systems, Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated) Adobe Connect (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Adobe Connect App) (Version: 11.9.982.478 - Adobe Systems Inc.) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Amazon Kindle (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.2.2 - philandro Software GmbH) Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: - ArcSoft) Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Cisco Webex Meetings (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\ActiveTouchMeetingClient) (Version: - Cisco Webex LLC) Citrix Receiver 4.10 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.10.1.22 - Citrix Systems, Inc.) DriverUpdate (HKLM\...\{2B19EF69-E2EF-4847-A741-41E7A2ABC2EE}) (Version: 4.3.0 - Slimware Utilities Holdings, Inc.) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden ezcap Video Grabber (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.1.1 - Somagic) FCC (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\FCC) (Version: 2.6.16901.1001 - FreeConferenceCall LLC) FCC 2.25.5004.1001 (current user) (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\FreeConferenceCall (current user)) (Version: 2.25.5004.1001 - FreeConferenceCall LLC) GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 10.6.5.5 - Siber Systems) Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 32.0.11.0 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.) GoToMeeting 8.46.0.13761 (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\GoToMeeting) (Version: 8.46.0.13761 - LogMeIn, Inc.) Grammarly (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\GrammarlyForWindows) (Version: 1.5.52 - Grammarly) iCloud (HKLM\...\{2C05E99A-94F0-4F95-B602-CD2D2682D6C3}) (Version: 7.13.0.14 - Apple Inc.) Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation) LibreOffice 5.3.2.2 (HKLM\...\{682C33C0-5D61-48F0-B0A2-1A504F4C5905}) (Version: 5.3.2.2 - The Document Foundation) MailList Controller 12.91 (HKLM-x32\...\MailList Controller_is1) (Version: 12.91 - Arclab Software GbR) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.1137.1 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.) McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R20 - McAfee, Inc.) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation) NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation) NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Online Plug-in (HKLM-x32\...\{B1EEA0C1-6B1C-4A55-8893-4EC10C8217D2}) (Version: 14.10.1.22 - Citrix Systems, Inc.) Hidden OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation) OpenOffice 4.1.6 Language Pack (English) (HKLM-x32\...\{DC6D71DB-4717-4599-8606-7D10D47EA69B}) (Version: 4.16.9790 - Apache Software Foundation) Pulse Configuration Changer Tool (HKLM\...\{94E77B83-1B51-45DC-A82D-598B87495345}) (Version: 1.8.5.4 - Wells Fargo) Pulse Secure (HKLM\...\{BCA8F252-3DA1-4578-B5A0-FC75197FAF0B}) (Version: 5.3.1183 - Pulse Secure, LLC) Hidden Pulse Secure 5.3 (HKLM-x32\...\Pulse Secure 5.3) (Version: 5.3.1183 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Pulse_Setup_Client) (Version: 8.3.4.1183 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version: 28.0.4012.2806 - Intuit Inc.) Hidden QuickBooks Premier Edition 2018 (HKLM-x32\...\{7A626F39-A185-4566-9982-9995287CED26}) (Version: 28.0.4004.2806 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0014 - REALTEK Semiconductor Corp.) Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.) RRRummy version 7.3.4 (HKLM-x32\...\{48488FC0-6B1F-4746-84FD-74C5A716A6A2}_is1) (Version: 7.3.4 - YPR Software B.V.) Self-service Plug-in (HKLM-x32\...\{AF80F541-ED94-48B3-9D93-5C3F105D89CF}) (Version: 4.10.1.7 - Citrix Systems, Inc.) Hidden Signal 1.14.4 (only current user) (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.14.4 - Open Whisper Systems) Skype version 8.49 (HKLM-x32\...\Skype_is1) (Version: 8.49 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) VMLite Android App Controller (HKLM-x32\...\{0571031A-F7C3-4E96-AFB2-8509D66AC636}) (Version: 2.0.0 - VMLite) VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd) VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation) WordPress.com 3.6.0 (HKLM\...\ed4e3354-70d4-58f5-8f6d-7420253356e2) (Version: 3.6.0 - Automattic Inc.) Yahoo! Powered (HKLM-x32\...\{0CA5E465-5C25-35E5-EDA5-45653D2596E5}) (Version: - ) <==== ATTENTION YoutubeMovieMaker (HKLM\...\{543D2D61-3E3D-4CAD-A39A-B40D7E0911DB}) (Version: 18.16 - Youtube Movie Maker) Zoom (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\ZoomUMX) (Version: 4.4 - Zoom Video Communications, Inc.) Packages: ========= Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2 [2019-06-26] (Audible Inc) Backgrounds Wallpapers Pack -> C:\Program Files\WindowsApps\46614NiceView.BackgroundsWallpapersPack_1.2.52.0_x64__mbkqqar0c2q2m [2019-05-21] (Amaze Studio) [MS Ad] Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.145.301.0_x86__kgqvnymyfvs32 [2019-08-08] (king.com) Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-23] (Canon Inc.) Convert Text to Speech -> C:\Program Files\WindowsApps\27877Yunus.ConvertTexttoSpeech_3.28.185.0_x64__2s1d2erncfhrw [2018-07-13] (Yunus.inc) [MS Ad] Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.2.0.8_x86__h6adky7gbf63m [2019-08-07] (Gameloft.) Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-03-28] (Facebook Inc) Good For Enterprise -> C:\Program Files\WindowsApps\93977D5B.GoodforEnterprise_1.5.0.201_x86__c2kpdedfqwkyp [2017-09-05] (Good Technology Corporation) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-24] (Apple Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.2.1.1_x86__h6adky7gbf63m [2019-08-08] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-11] (Microsoft Studios) Movie Maker 10 - Tell Your Story -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_2.8.40.0_x64__bzg06mxvgh4fa [2019-07-05] (V3TApps) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-03-16] (Microsoft Corporation) MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x64__c9d6r4qvva5x8 [2019-03-06] (Up to Eleven Digital Solutions GmbH) PdfToJpg -> C:\Program Files\WindowsApps\35640TWyTec.PdfToJpg_1.1.65.0_x64__8e2hdjak06jkr [2019-07-03] (TWyTec) [MS Ad] Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-12-22] (Adobe Systems Incorporated) Sling TV -> C:\Program Files\WindowsApps\SlingTVLLC.SlingTV_7.0.8.0_x86__vgszm6stshdqy [2019-01-09] (Sling TV LLC) TextToSpeech 10 -> C:\Program Files\WindowsApps\17259ESXsystems.TextToSpeech10_1.0.3.0_x64__tp9a36syt15k6 [2018-11-21] (ESXsystems) Text-to-Voice -> C:\Program Files\WindowsApps\21724Alexander-Bielecki.d.Text-to-Voice_1.4.4.0_x64__ahjyqznyj4z5y [2019-05-06] (www.Alexander-Bielecki.de) [MS Ad] Tubecast for YouTube -> C:\Program Files\WindowsApps\Webrox.Tubecast_5.7.0.0_neutral__0dmhevbabqz82 [2019-07-01] (Webrox) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.) Verizon Messages -> C:\Program Files\WindowsApps\VerizonWireless.VerizonMessages_2.0.2.0_x86__40sg4y5zd4vfj [2017-08-18] (Verizon Wireless) Video Converter - FREE -> C:\Program Files\WindowsApps\21336V3TApps.VideoConverter-FREE_1.0.2.0_x64__bzg06mxvgh4fa [2019-03-16] (V3TApps) Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-06-10] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {185855A1-9468-D082-F7C5-29E985889A47} => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Neil\AppData\Local\GoToMeeting\11282\G2MOutlookAddin64.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC) CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{96836CC1-31EA-4F1C-A7F4-D67863D5D4FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55CD638B-9468-D082-DDF3-BCA485889A47} => No File CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Neil\Dropbox [2017-05-08 18:12] CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC) CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-05-08] (Apple Inc. -> Apple Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.) ContextMenuHandlers1_S-1-5-21-2600175624-1016130486-685330733-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll -> No File ContextMenuHandlers4_S-1-5-21-2600175624-1016130486-685330733-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll -> No File ContextMenuHandlers5_S-1-5-21-2600175624-1016130486-685330733-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll -> No File ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Neil\Desktop\Chrome.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -json "{""app_icon_url"": """", ""app_name"": ""Chrome"", ""app_url"": """", ""app_pkg"": ""com.android.chrome""}" ==================== Loaded Modules (Whitelisted) ============== 2018-10-24 03:50 - 2018-10-24 03:50 - 001010688 _____ () [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000178176 _____ () [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll 2019-06-26 20:57 - 2019-06-26 20:57 - 041113088 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.dll 2019-06-26 20:57 - 2019-06-26 20:57 - 000019968 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe 2019-06-21 18:56 - 2019-06-21 18:56 - 000052224 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleSystemFileWrapperRT.dll 2018-06-01 20:52 - 2018-06-01 20:52 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\e_sqlite3.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 000113664 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_ctypes.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000173568 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_elementtree.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 001800192 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_hashlib.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000032256 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_multiprocessing.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000046080 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_psutil_windows.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000047616 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_socket.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 002230784 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_ssl.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000026112 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_yappi.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000080896 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\bz2.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 006277632 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\cello.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000014848 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\common.time34.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000007680 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\hashobjs_ext.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000301568 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\PIL._imaging.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000169472 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pyexpat.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 001084416 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pysqlite2._sqlite.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000548864 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pythoncom27.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 000137728 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pywintypes27.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 000010752 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\select.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000020992 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\thumbnails_ext.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000689664 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\unicodedata.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000118784 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\usb_ext.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000128512 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32api.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000438784 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32com.shell.shell.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000011776 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32crypt.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000023040 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32event.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000149504 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32file.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000223232 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32gui.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000048128 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32inet.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000029696 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32pdh.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000027648 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32pipe.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000044032 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32process.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000020480 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32profile.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000136192 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32security.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000026624 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32ts.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000034304 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.conditional.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000038400 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.connectivity.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000073216 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.device_monitor.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000110592 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.volumes.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000020480 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.winwrap.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 001325056 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._controls_.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 001489408 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._core_.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 001007104 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._gdi_.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000103424 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._html2.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 000916992 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._misc_.pyd 2019-08-11 07:47 - 2019-08-11 07:47 - 001039872 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._windows_.pyd 2018-10-24 03:50 - 2018-10-24 03:50 - 000164352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\apr-util.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000297472 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\avmedia.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001143808 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\basegfx.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000596992 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\bootstrap.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001175552 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\comphelpMSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000487936 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\configmgr.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000238080 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\cppu3.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000587776 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\cppuhelper3MSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 003026944 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\dbtools.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000652800 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\deployment.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000353792 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\deploymentgui.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000151040 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\deploymentmisc.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000126464 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\dnd.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000887296 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\drawinglayer.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001580544 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\editeng.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000160768 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\emser.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000046592 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\evtatt.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000051712 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fileacc.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000226304 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\filterconfig1.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000132608 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\for.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000202240 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\forui.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001814528 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\frm.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000091648 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fsstorage.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000055808 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ftransl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000485888 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwe.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000210432 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwi.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 002193920 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwk.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000313344 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000187392 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\helplinker.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000070656 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\hyphen.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18nisolang1MSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000029696 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18npaper.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001333760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18npool.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000067072 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18nutilMSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000136192 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\introspection.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\jvmaccess3MSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000107008 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\jvmfwk3.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000134144 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libapr-1.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001257472 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\lng.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000068608 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\lnth.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000024064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\localebe1.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000104448 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\localedata_en.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000038912 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\mcnttype.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000083456 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\msci_uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000812032 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\msfilter.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000344576 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\oleautobridge.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000008704 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\onlinecheck.DLL 2018-10-24 03:50 - 2018-10-24 03:50 - 002456064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ootk.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 004801536 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\oox.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000368640 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\package2.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000097280 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\passwordcontainer.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000121344 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\reflection.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000107008 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\reg3.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001792512 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sal3.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000013824 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\salhelper3MSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000093184 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sax.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000168448 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sax.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 002291200 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sb.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 007617536 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sc.dll 2018-10-24 05:28 - 2018-10-24 05:28 - 000307200 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\scalc.exe 2018-10-24 03:50 - 2018-10-24 03:50 - 000041984 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\scd.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 002201088 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\scfilt.DLL 2018-10-24 03:50 - 2018-10-24 03:50 - 000082944 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\serf.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 003658240 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sfx.dll 2018-10-24 05:28 - 2018-10-24 05:28 - 011045376 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.bin 2018-10-24 05:28 - 2018-10-24 05:28 - 011053568 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.exe 2018-10-24 03:50 - 2018-10-24 03:50 - 000290304 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sofficeapp.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000279040 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sot.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000183296 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\spell.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000205824 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\spl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000096768 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\stocservices.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000053760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\store3.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000901120 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 003373056 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svt.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 003235328 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svx.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 006034432 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svxcore.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000117760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sysdtrans.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000620544 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\tl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000231936 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucb1.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000388608 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucbhelper4MSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000344576 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpchelp1.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000412160 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpdav1.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000024576 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpexpand1.uno.dll 2018-10-23 15:51 - 2018-10-23 15:51 - 000309248 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpfile1.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000367616 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\unoxml.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000053248 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\updatefeed.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000186880 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\updchk.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001104384 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\utl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000254976 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\uui.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000085504 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\uwinapi.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000662528 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\vbahelper.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 004172800 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\vcl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000099328 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\vos3MSC.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000028672 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\wininetbe1.uno.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000791040 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xcr.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000045056 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xmlreader.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 003469312 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xo.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000396288 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xstor.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 013914112 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\icudt40.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001072128 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\icuin40.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000951808 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\icuuc40.dll 2006-01-19 05:36 - 2006-01-19 05:36 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll 2019-06-22 23:09 - 2017-10-27 09:06 - 000760032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll 2019-06-22 23:09 - 2017-10-27 09:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll 2019-06-22 23:09 - 2017-10-27 09:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\python27.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000355840 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libcurl.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 001020928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\LIBEAY32.dll 2018-10-24 03:50 - 2018-10-24 03:50 - 000218624 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\SSLEAY32.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxbase30u_net_vc90_x64.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxbase30u_vc90_x64.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_adv_vc90_x64.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_core_vc90_x64.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_html_vc90_x64.dll 2019-08-11 07:47 - 2019-08-11 07:47 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 04:47 - 2019-08-10 14:52 - 000000915 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2600175624-1016130486-685330733-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\StartupApproved\StartupFolder: => "Google Chrome.lnk" HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\StartupApproved\Run: => "GoogleDriveFS" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{C511E4AC-C55E-4DC1-A957-714167CAE057}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{483CC7A8-94AB-45CC-A22F-AF14F6A256A6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{E79C7523-F183-4295-B482-26CDF5C659A6}] => (Allow) C:\Users\Neil\AppData\Roaming\Zoom\bin\airhost.exe No File FirewallRules: [{9DEC3A52-F071-4304-B040-C1B439C20745}] => (Allow) C:\Users\Neil\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{E1AED6F6-74BF-442D-88BF-D19380A67458}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{6080694A-455E-4849-8C91-8CCB30BA3036}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{6CF91C6B-6C17-40FA-8087-B4C2F5C195D1}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{F0F7B845-4A36-4785-970E-2D2F334B4ACA}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{DEDB1621-0D7A-4BD9-91C7-C0F96BAD050D}] => (Allow) LPort=53 FirewallRules: [{C2AE67F5-53CD-4AFE-B21F-9BF0B2A21A1D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{55C87CEF-BC9A-4FDA-9E83-16A5D1EA3401}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{AF78D70A-6991-46F5-B389-C5E4676C06A2}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\Rtldhcp.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{AF3D2030-7FA0-4E55-BA4B-23FD811CC2CE}] => (Allow) LPort=53 FirewallRules: [{FD36D81C-9097-45D9-BC3B-06FFD02744E3}] => (Allow) LPort=1542 FirewallRules: [{D1D70879-4817-449B-B9C5-4217447DAF08}] => (Allow) LPort=1542 FirewallRules: [{16D69D76-E635-45DA-B8DB-4DAD79B8134F}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\RtWlan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) FirewallRules: [UDP Query User{E86F3E80-CD3D-4EB4-9EC8-86DD7085F5D5}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{B5C0FFB4-5B35-49B1-A9A4-BCBC1B8D1984}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CD2AF2C6-BA0D-489C-8610-245BEAA54FD3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3F1DEA53-9383-441D-BEFE-B16077336605}] => (Allow) C:\Users\Neil\AppData\Local\Temp\RemoveTemp.exe No File FirewallRules: [{570E3141-5553-4F21-A7C4-BE6580629988}] => (Allow) C:\Users\Neil\AppData\Local\Temp\RemoveTemp.exe No File FirewallRules: [{25A7EBFB-C5F8-455E-BBF2-0EA75E2975FC}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File FirewallRules: [{1BF4792E-F256-4DF4-81BE-F3ABFFCDC525}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File FirewallRules: [{8501BB80-FB56-41CB-B221-81060F627D80}] => (Allow) C:\Users\Neil\AppData\Local\Temp\andy-x64\Setup.exe No File FirewallRules: [{F4421F45-A5C8-4078-B3D8-46A475F32F55}] => (Allow) C:\Users\Neil\AppData\Local\Temp\andy-x64\Setup.exe No File FirewallRules: [{6D5E3BF9-265D-47FE-AFB2-21D2A88B6C02}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> ) FirewallRules: [{4A3F2D83-8F4B-418A-BA3C-74EDCE925638}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.) FirewallRules: [{A9A7A701-4F31-497A-9218-259F177D61E0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.) FirewallRules: [{E3B99C4D-9BC5-4D16-9570-F988AD4CE015}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E4BC62F3-5345-4B70-8DDC-E08AD5201C5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{FB8A1840-ACCA-47EF-9608-A0C21DBE013A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{CEB0E267-02A9-4842-8240-DADE68B8AEF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F8508B25-8708-457E-B6F6-394959FBE75E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EA5D883C-A006-486A-9D06-CEB791EC649C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{32A259AC-96CA-4CE1-AD64-5DF6AF035BC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D636E237-5D0A-4BD9-83DB-70ABE12E943E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File FirewallRules: [{A1FDEFE8-559B-4571-9EEE-04C372789A1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{77830CA9-0957-4435-9FA6-BA3F79B8AF92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [UDP Query User{9927EDCC-CA82-4923-8C2A-774FA0D0630E}C:\users\neil\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\neil\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{CA92CD4D-8E9A-4DA8-8855-B577ED473931}C:\users\neil\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\neil\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{3AC26215-9FA7-4C9D-9CBF-A5943084B02A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{458D081A-2028-482B-9EF3-4DE88D7E754F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{1AAACA3D-C299-416F-AE18-068F16CFFF3A}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{C29DF3BB-E52A-4066-A5C1-A68B89E22B20}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5EDFA498-5B29-4D9E-8122-53FB96EEE2E3}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd) FirewallRules: [{0744E5B5-40B4-49FA-9B53-37C8AFF4281E}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd) FirewallRules: [{A06C4EE7-FDD5-49F4-A803-D0C6C21F2126}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E7928A85-62E3-48A4-8F50-07CD1C707974}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7B4F253B-5D0F-4119-AF23-A6D22E55396B}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{73C73A62-C600-4A17-85F1-87C249FE88DA}] => (Allow) C:\Program Files\iTunes\iTunes.exe No File FirewallRules: [{A761F121-819F-4247-ACA6-645E6202322A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B39328D7-A7CA-4D8C-83E6-8544BD781A73}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DA366CF2-8D2F-4903-AD84-EC5F7DB00A4D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{A3D29AE2-744B-4D27-98C8-B59428C79E8F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{9F45E794-3ED5-4B05-8EC2-3701F1448EFF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{64D8CF80-0E4C-4A0C-87E3-C24034DA5728}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{98649725-5DB5-4BD4-848E-A24A3474BD0D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DBFEF4B6-CDAA-465D-A2AA-64FE62C81FFB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DA3DC1AE-78E9-4A7C-9D62-1C76F3B468BB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4DC8DA1C-4324-4926-9CC1-897480063432}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F1EE67CB-8DEA-4812-90B3-433A2E57E26B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F85000D2-9AFC-47DC-B2AF-8E3FCA5CED3D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B9ED48DC-BD9C-47F4-B02F-96C9B1217E52}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{5915A619-701A-4668-B81C-8E346314F315}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A2C35757-1767-4A8D-B4D1-855D6A960549}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.) FirewallRules: [{C3F3C2F4-DDA7-4605-AB35-617B16131F04}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{9A5296D6-C0B1-4D28-B578-C72545AAE08F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{4624F11B-FB9D-4A9A-918C-985F8D10992D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{B1DE5339-CC24-4E50-AC50-0578CD3AE3C3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) ==================== Restore Points ========================= 29-07-2019 07:49:03 ActiveWords 4 30-07-2019 08:26:33 ActiveWords 4 03-08-2019 07:56:02 ActiveWords 4 09-08-2019 09:14:42 Installed OpenOffice 4.1.6 Language Pack (English) 10-08-2019 19:55:40 ActiveWords 4 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2019 08:18:14 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (15248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/11/2019 07:57:51 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10076,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/11/2019 07:48:12 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. Error: (08/10/2019 09:50:33 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10744,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/10/2019 08:50:33 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1844,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/10/2019 08:35:17 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12768,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/10/2019 08:19:13 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6732,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/10/2019 08:05:00 PM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. System errors: ============= Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2019-08-10 13:26:16.123 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {0E629D48-A747-435D-BE5B-D093A8FF9A9D} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-10 13:00:05.281 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F42DD48B-3289-49C7-AD26-AC3509485589} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-10 09:33:27.342 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {8974F32A-28F5-4380-BFF0-742A56ED3785} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-10 08:03:00.669 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {774BA212-4F54-4122-B1E9-83E24F00044E} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-09 22:34:48.358 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C121AF12-3BA7-4C71-A03A-9382376ADE5A} Scan Type: Antimalware Scan Parameters: Quick Scan CodeIntegrity: =================================== Date: 2019-08-11 07:50:37.278 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-11 07:50:37.270 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-11 07:50:37.258 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-11 07:50:37.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-11 07:47:40.784 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-11 07:47:40.748 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-11 07:47:40.699 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-11 07:47:40.629 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P1.40 11/26/2009 Motherboard: ASRock M3A770DE Processor: AMD Phenom(tm) II X4 925 Processor Percentage of memory in use: 71% Total physical RAM: 8191.3 MB Available physical RAM: 2364.59 MB Total Virtual: 9727.3 MB Available Virtual: 2515.11 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:231.94 GB) (Free:94.74 GB) NTFS Drive e: (The Spirit of Alaska) (CDROM) (Total:4.25 GB) (Free:0 GB) UDF \\?\Volume{c67f46b2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS \\?\Volume{c67f46b2-0000-0000-0000-501b3a000000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: C67F46B2) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=231.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=468 MB) - (Type=27) ==================== End of Addition.txt ============================
  8. Malaware finds it but doesn't remove it. I deleted the Chrome Browser. What should I do?
  9. I'm sorry, which link should I follow? The 1st link you sent assumes Chrome is in the system.
  10. How do I delete Edge? Settings won't allow it to be uninstalled
  11. I had deleted chrome and the problem persists. I noticed that after Malaware quarantines pup.optional.legacy and I reboot the system and run the scan again, it is still there.
  12. Every afternoon the sound system gets lots of static and i use ADWCleaner 7.4. It finds 1 pup.optional.legacy. It gets quarantined and I restart the system. I've deleted the Chrome browser. That didn't help. What should I do? AdwCleaner[S20].txt AdwCleaner[C19].txt AdwCleaner[S19].txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.