Jump to content
neiljacobson

pup.optional.legacy returns daily

Recommended Posts

Hello neiljacobson and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by Neil (11-08-2019 08:28:42)
Running from C:\Users\Neil\Dropbox\Apps
Windows 10 Home Version 1903 18362.239 (X64) (2019-06-23 06:23:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2600175624-1016130486-685330733-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2600175624-1016130486-685330733-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2600175624-1016130486-685330733-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2600175624-1016130486-685330733-501 - Limited - Disabled)
Neil (S-1-5-21-2600175624-1016130486-685330733-1001 - Administrator - Enabled) => C:\Users\Neil
WDAGUtilityAccount (S-1-5-21-2600175624-1016130486-685330733-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveWords (HKLM-x32\...\ActiveWords) (Version: Version 3 - ActiveWord Systems, Inc.)
ActiveWords 4 (HKLM-x32\...\{863A6595-B249-4BBA-8CCE-1A7AF46DA597}) (Version: 4.0.12146.810 - ActiveWords Systems, Inc.) Hidden
ActiveWords 4 (HKLM-x32\...\{db48dcec-9249-42a6-87d6-ec9ed3b4b10b}) (Version: 4.0.12146.810 - ActiveWords Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Adobe Connect App) (Version: 11.9.982.478 - Adobe Systems Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Amazon Kindle (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.2.2 - philandro Software GmbH)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco Webex LLC)
Citrix Receiver 4.10 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.10.1.22 - Citrix Systems, Inc.)
DriverUpdate (HKLM\...\{2B19EF69-E2EF-4847-A741-41E7A2ABC2EE}) (Version: 4.3.0 - Slimware Utilities Holdings, Inc.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
ezcap Video Grabber (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.1.1 - Somagic)
FCC (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\FCC) (Version: 2.6.16901.1001 - FreeConferenceCall LLC)
FCC 2.25.5004.1001 (current user) (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\FreeConferenceCall (current user)) (Version: 2.25.5004.1001 - FreeConferenceCall LLC)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 10.6.5.5 - Siber Systems)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 32.0.11.0 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
GoToMeeting 8.46.0.13761 (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\GoToMeeting) (Version: 8.46.0.13761 - LogMeIn, Inc.)
Grammarly (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\GrammarlyForWindows) (Version: 1.5.52 - Grammarly)
iCloud (HKLM\...\{2C05E99A-94F0-4F95-B602-CD2D2682D6C3}) (Version: 7.13.0.14 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
LibreOffice 5.3.2.2 (HKLM\...\{682C33C0-5D61-48F0-B0A2-1A504F4C5905}) (Version: 5.3.2.2 - The Document Foundation)
MailList Controller 12.91 (HKLM-x32\...\MailList Controller_is1) (Version: 12.91 - Arclab Software GbR)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.1137.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R20 - McAfee, Inc.)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{B1EEA0C1-6B1C-4A55-8893-4EC10C8217D2}) (Version: 14.10.1.22 - Citrix Systems, Inc.) Hidden
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
OpenOffice 4.1.6 Language Pack (English) (HKLM-x32\...\{DC6D71DB-4717-4599-8606-7D10D47EA69B}) (Version: 4.16.9790 - Apache Software Foundation)
Pulse Configuration Changer Tool (HKLM\...\{94E77B83-1B51-45DC-A82D-598B87495345}) (Version: 1.8.5.4 - Wells Fargo)
Pulse Secure (HKLM\...\{BCA8F252-3DA1-4578-B5A0-FC75197FAF0B}) (Version: 5.3.1183 - Pulse Secure, LLC) Hidden
Pulse Secure 5.3 (HKLM-x32\...\Pulse Secure 5.3) (Version: 5.3.1183 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Pulse_Setup_Client) (Version: 8.3.4.1183 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Setup Client Activex Control (HKLM-x32\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version: 28.0.4012.2806 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2018 (HKLM-x32\...\{7A626F39-A185-4566-9982-9995287CED26}) (Version: 28.0.4004.2806 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0014 - REALTEK Semiconductor Corp.)
Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.)
RRRummy version 7.3.4 (HKLM-x32\...\{48488FC0-6B1F-4746-84FD-74C5A716A6A2}_is1) (Version: 7.3.4 - YPR Software B.V.)
Self-service Plug-in (HKLM-x32\...\{AF80F541-ED94-48B3-9D93-5C3F105D89CF}) (Version: 4.10.1.7 - Citrix Systems, Inc.) Hidden
Signal 1.14.4 (only current user) (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.14.4 - Open Whisper Systems)
Skype version 8.49 (HKLM-x32\...\Skype_is1) (Version: 8.49 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
VMLite Android App Controller (HKLM-x32\...\{0571031A-F7C3-4E96-AFB2-8509D66AC636}) (Version: 2.0.0 - VMLite)
VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd)
VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WordPress.com 3.6.0 (HKLM\...\ed4e3354-70d4-58f5-8f6d-7420253356e2) (Version: 3.6.0 - Automattic Inc.)
Yahoo! Powered (HKLM-x32\...\{0CA5E465-5C25-35E5-EDA5-45653D2596E5}) (Version:  - ) <==== ATTENTION
YoutubeMovieMaker (HKLM\...\{543D2D61-3E3D-4CAD-A39A-B40D7E0911DB}) (Version: 18.16 - Youtube Movie Maker)
Zoom (HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\ZoomUMX) (Version: 4.4 - Zoom Video Communications, Inc.)

Packages:
=========
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2 [2019-06-26] (Audible Inc)
Backgrounds Wallpapers Pack -> C:\Program Files\WindowsApps\46614NiceView.BackgroundsWallpapersPack_1.2.52.0_x64__mbkqqar0c2q2m [2019-05-21] (Amaze Studio) [MS Ad]
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.145.301.0_x86__kgqvnymyfvs32 [2019-08-08] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-23] (Canon Inc.)
Convert Text to Speech -> C:\Program Files\WindowsApps\27877Yunus.ConvertTexttoSpeech_3.28.185.0_x64__2s1d2erncfhrw [2018-07-13] (Yunus.inc) [MS Ad]
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.2.0.8_x86__h6adky7gbf63m [2019-08-07] (Gameloft.)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-03-28] (Facebook Inc)
Good For Enterprise -> C:\Program Files\WindowsApps\93977D5B.GoodforEnterprise_1.5.0.201_x86__c2kpdedfqwkyp [2017-09-05] (Good Technology Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-24] (Apple Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.2.1.1_x86__h6adky7gbf63m [2019-08-08] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-11] (Microsoft Studios)
Movie Maker 10 - Tell Your Story -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_2.8.40.0_x64__bzg06mxvgh4fa [2019-07-05] (V3TApps) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-03-16] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x64__c9d6r4qvva5x8 [2019-03-06] (Up to Eleven Digital Solutions GmbH)
PdfToJpg -> C:\Program Files\WindowsApps\35640TWyTec.PdfToJpg_1.1.65.0_x64__8e2hdjak06jkr [2019-07-03] (TWyTec) [MS Ad]
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-12-22] (Adobe Systems Incorporated)
Sling TV -> C:\Program Files\WindowsApps\SlingTVLLC.SlingTV_7.0.8.0_x86__vgszm6stshdqy [2019-01-09] (Sling TV LLC)
TextToSpeech 10 -> C:\Program Files\WindowsApps\17259ESXsystems.TextToSpeech10_1.0.3.0_x64__tp9a36syt15k6 [2018-11-21] (ESXsystems)
Text-to-Voice -> C:\Program Files\WindowsApps\21724Alexander-Bielecki.d.Text-to-Voice_1.4.4.0_x64__ahjyqznyj4z5y [2019-05-06] (www.Alexander-Bielecki.de) [MS Ad]
Tubecast for YouTube -> C:\Program Files\WindowsApps\Webrox.Tubecast_5.7.0.0_neutral__0dmhevbabqz82 [2019-07-01] (Webrox)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Verizon Messages -> C:\Program Files\WindowsApps\VerizonWireless.VerizonMessages_2.0.2.0_x86__40sg4y5zd4vfj [2017-08-18] (Verizon Wireless)
Video Converter - FREE -> C:\Program Files\WindowsApps\21336V3TApps.VideoConverter-FREE_1.0.2.0_x64__bzg06mxvgh4fa [2019-03-16] (V3TApps)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-06-10] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {185855A1-9468-D082-F7C5-29E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Neil\AppData\Local\GoToMeeting\11282\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{96836CC1-31EA-4F1C-A7F4-D67863D5D4FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55CD638B-9468-D082-DDF3-BCA485889A47} => No File
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Neil\Dropbox [2017-05-08 18:12]
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2600175624-1016130486-685330733-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Neil\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-05-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers1_S-1-5-21-2600175624-1016130486-685330733-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll -> No File
ContextMenuHandlers4_S-1-5-21-2600175624-1016130486-685330733-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll -> No File
ContextMenuHandlers5_S-1-5-21-2600175624-1016130486-685330733-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.1.85.1653\drivefsext.dll -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Neil\Desktop\Chrome.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -json "{""app_icon_url"": """", ""app_name"": ""Chrome"", ""app_url"": """", ""app_pkg"": ""com.android.chrome""}"

==================== Loaded Modules (Whitelisted) ==============

2018-10-24 03:50 - 2018-10-24 03:50 - 001010688 _____ () [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000178176 _____ () [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2019-06-26 20:57 - 2019-06-26 20:57 - 041113088 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.dll
2019-06-26 20:57 - 2019-06-26 20:57 - 000019968 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
2019-06-21 18:56 - 2019-06-21 18:56 - 000052224 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleSystemFileWrapperRT.dll
2018-06-01 20:52 - 2018-06-01 20:52 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\e_sqlite3.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 000113664 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_ctypes.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000173568 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_elementtree.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 001800192 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_hashlib.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000032256 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_multiprocessing.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000046080 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_psutil_windows.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000047616 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_socket.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 002230784 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_ssl.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000026112 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\_yappi.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000080896 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\bz2.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 006277632 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\cello.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000014848 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\common.time34.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000007680 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\hashobjs_ext.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000301568 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\PIL._imaging.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000169472 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pyexpat.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 001084416 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pysqlite2._sqlite.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000548864 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pythoncom27.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 000137728 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\pywintypes27.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 000010752 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\select.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000020992 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\thumbnails_ext.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000689664 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\unicodedata.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000118784 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\usb_ext.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000128512 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32api.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000438784 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32com.shell.shell.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000011776 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32crypt.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000023040 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32event.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000149504 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32file.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000223232 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32gui.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000048128 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32inet.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000029696 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32pdh.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000027648 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32pipe.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000044032 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32process.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000020480 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32profile.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000136192 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32security.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000026624 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\win32ts.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000034304 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.conditional.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000038400 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.connectivity.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000073216 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.device_monitor.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000110592 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.volumes.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000020480 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\windows.winwrap.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 001325056 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._controls_.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 001489408 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._core_.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 001007104 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._gdi_.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000103424 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._html2.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 000916992 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._misc_.pyd
2019-08-11 07:47 - 2019-08-11 07:47 - 001039872 _____ () [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wx._windows_.pyd
2018-10-24 03:50 - 2018-10-24 03:50 - 000164352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\apr-util.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000297472 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\avmedia.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001143808 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\basegfx.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000596992 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\bootstrap.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001175552 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\comphelpMSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000487936 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\configmgr.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000238080 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\cppu3.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000587776 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\cppuhelper3MSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 003026944 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\dbtools.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000652800 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\deployment.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000353792 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\deploymentgui.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000151040 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\deploymentmisc.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000126464 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\dnd.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000887296 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\drawinglayer.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001580544 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\editeng.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000160768 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\emser.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000046592 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\evtatt.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000051712 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fileacc.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000226304 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\filterconfig1.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000132608 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\for.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000202240 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\forui.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001814528 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\frm.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000091648 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fsstorage.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000055808 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ftransl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000485888 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwe.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000210432 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwi.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 002193920 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwk.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000313344 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\fwl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000187392 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\helplinker.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000070656 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\hyphen.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18nisolang1MSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000029696 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18npaper.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001333760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18npool.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000067072 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\i18nutilMSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000136192 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\introspection.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\jvmaccess3MSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000107008 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\jvmfwk3.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000134144 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libapr-1.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001257472 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\lng.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000068608 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\lnth.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000024064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\localebe1.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000104448 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\localedata_en.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000038912 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\mcnttype.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000083456 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\msci_uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000812032 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\msfilter.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000344576 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\oleautobridge.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000008704 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\onlinecheck.DLL
2018-10-24 03:50 - 2018-10-24 03:50 - 002456064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ootk.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 004801536 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\oox.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000368640 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\package2.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000097280 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\passwordcontainer.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000121344 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\reflection.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000107008 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\reg3.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001792512 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sal3.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000013824 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\salhelper3MSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000093184 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sax.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000168448 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sax.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 002291200 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sb.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 007617536 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sc.dll
2018-10-24 05:28 - 2018-10-24 05:28 - 000307200 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
2018-10-24 03:50 - 2018-10-24 03:50 - 000041984 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\scd.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 002201088 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\scfilt.DLL
2018-10-24 03:50 - 2018-10-24 03:50 - 000082944 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\serf.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 003658240 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sfx.dll
2018-10-24 05:28 - 2018-10-24 05:28 - 011045376 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
2018-10-24 05:28 - 2018-10-24 05:28 - 011053568 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
2018-10-24 03:50 - 2018-10-24 03:50 - 000290304 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sofficeapp.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000279040 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sot.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000183296 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\spell.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000205824 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\spl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000096768 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\stocservices.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000053760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\store3.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000901120 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 003373056 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svt.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 003235328 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svx.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 006034432 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\svxcore.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000117760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\sysdtrans.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000620544 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\tl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000231936 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucb1.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000388608 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucbhelper4MSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000344576 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpchelp1.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000412160 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpdav1.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000024576 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpexpand1.uno.dll
2018-10-23 15:51 - 2018-10-23 15:51 - 000309248 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\ucpfile1.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000367616 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\unoxml.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000053248 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\updatefeed.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000186880 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\updchk.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001104384 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\utl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000254976 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\uui.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000085504 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\uwinapi.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000662528 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\vbahelper.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 004172800 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\vcl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000099328 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\vos3MSC.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000028672 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\wininetbe1.uno.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000791040 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xcr.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000045056 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xmlreader.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 003469312 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xo.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000396288 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\xstor.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 013914112 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\icudt40.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001072128 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\icuin40.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000951808 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\icuuc40.dll
2006-01-19 05:36 - 2006-01-19 05:36 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
2019-06-22 23:09 - 2017-10-27 09:06 - 000760032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2019-06-22 23:09 - 2017-10-27 09:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-06-22 23:09 - 2017-10-27 09:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\python27.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000355840 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\libcurl.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 001020928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\LIBEAY32.dll
2018-10-24 03:50 - 2018-10-24 03:50 - 000218624 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\SSLEAY32.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxbase30u_net_vc90_x64.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxbase30u_vc90_x64.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_adv_vc90_x64.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_core_vc90_x64.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_html_vc90_x64.dll
2019-08-11 07:47 - 2019-08-11 07:47 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Neil\AppData\Local\Temp\_MEI39202\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 04:47 - 2019-08-10 14:52 - 000000915 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2600175624-1016130486-685330733-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\StartupApproved\StartupFolder: => "Google Chrome.lnk"
HKU\S-1-5-21-2600175624-1016130486-685330733-1001\...\StartupApproved\Run: => "GoogleDriveFS"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{C511E4AC-C55E-4DC1-A957-714167CAE057}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{483CC7A8-94AB-45CC-A22F-AF14F6A256A6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E79C7523-F183-4295-B482-26CDF5C659A6}] => (Allow) C:\Users\Neil\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{9DEC3A52-F071-4304-B040-C1B439C20745}] => (Allow) C:\Users\Neil\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E1AED6F6-74BF-442D-88BF-D19380A67458}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{6080694A-455E-4849-8C91-8CCB30BA3036}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{6CF91C6B-6C17-40FA-8087-B4C2F5C195D1}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{F0F7B845-4A36-4785-970E-2D2F334B4ACA}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{DEDB1621-0D7A-4BD9-91C7-C0F96BAD050D}] => (Allow) LPort=53
FirewallRules: [{C2AE67F5-53CD-4AFE-B21F-9BF0B2A21A1D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{55C87CEF-BC9A-4FDA-9E83-16A5D1EA3401}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{AF78D70A-6991-46F5-B389-C5E4676C06A2}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\Rtldhcp.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{AF3D2030-7FA0-4E55-BA4B-23FD811CC2CE}] => (Allow) LPort=53
FirewallRules: [{FD36D81C-9097-45D9-BC3B-06FFD02744E3}] => (Allow) LPort=1542
FirewallRules: [{D1D70879-4817-449B-B9C5-4217447DAF08}] => (Allow) LPort=1542
FirewallRules: [{16D69D76-E635-45DA-B8DB-4DAD79B8134F}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\RtWlan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
FirewallRules: [UDP Query User{E86F3E80-CD3D-4EB4-9EC8-86DD7085F5D5}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B5C0FFB4-5B35-49B1-A9A4-BCBC1B8D1984}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CD2AF2C6-BA0D-489C-8610-245BEAA54FD3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F1DEA53-9383-441D-BEFE-B16077336605}] => (Allow) C:\Users\Neil\AppData\Local\Temp\RemoveTemp.exe No File
FirewallRules: [{570E3141-5553-4F21-A7C4-BE6580629988}] => (Allow) C:\Users\Neil\AppData\Local\Temp\RemoveTemp.exe No File
FirewallRules: [{25A7EBFB-C5F8-455E-BBF2-0EA75E2975FC}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{1BF4792E-F256-4DF4-81BE-F3ABFFCDC525}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{8501BB80-FB56-41CB-B221-81060F627D80}] => (Allow) C:\Users\Neil\AppData\Local\Temp\andy-x64\Setup.exe No File
FirewallRules: [{F4421F45-A5C8-4078-B3D8-46A475F32F55}] => (Allow) C:\Users\Neil\AppData\Local\Temp\andy-x64\Setup.exe No File
FirewallRules: [{6D5E3BF9-265D-47FE-AFB2-21D2A88B6C02}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> )
FirewallRules: [{4A3F2D83-8F4B-418A-BA3C-74EDCE925638}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{A9A7A701-4F31-497A-9218-259F177D61E0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{E3B99C4D-9BC5-4D16-9570-F988AD4CE015}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E4BC62F3-5345-4B70-8DDC-E08AD5201C5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FB8A1840-ACCA-47EF-9608-A0C21DBE013A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CEB0E267-02A9-4842-8240-DADE68B8AEF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F8508B25-8708-457E-B6F6-394959FBE75E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EA5D883C-A006-486A-9D06-CEB791EC649C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32A259AC-96CA-4CE1-AD64-5DF6AF035BC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D636E237-5D0A-4BD9-83DB-70ABE12E943E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{A1FDEFE8-559B-4571-9EEE-04C372789A1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{77830CA9-0957-4435-9FA6-BA3F79B8AF92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{9927EDCC-CA82-4923-8C2A-774FA0D0630E}C:\users\neil\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\neil\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{CA92CD4D-8E9A-4DA8-8855-B577ED473931}C:\users\neil\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\neil\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3AC26215-9FA7-4C9D-9CBF-A5943084B02A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{458D081A-2028-482B-9EF3-4DE88D7E754F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1AAACA3D-C299-416F-AE18-068F16CFFF3A}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C29DF3BB-E52A-4066-A5C1-A68B89E22B20}C:\users\neil\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\neil\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EDFA498-5B29-4D9E-8122-53FB96EEE2E3}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{0744E5B5-40B4-49FA-9B53-37C8AFF4281E}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{A06C4EE7-FDD5-49F4-A803-D0C6C21F2126}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E7928A85-62E3-48A4-8F50-07CD1C707974}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7B4F253B-5D0F-4119-AF23-A6D22E55396B}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{73C73A62-C600-4A17-85F1-87C249FE88DA}] => (Allow) C:\Program Files\iTunes\iTunes.exe No File
FirewallRules: [{A761F121-819F-4247-ACA6-645E6202322A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B39328D7-A7CA-4D8C-83E6-8544BD781A73}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA366CF2-8D2F-4903-AD84-EC5F7DB00A4D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{A3D29AE2-744B-4D27-98C8-B59428C79E8F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{9F45E794-3ED5-4B05-8EC2-3701F1448EFF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{64D8CF80-0E4C-4A0C-87E3-C24034DA5728}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98649725-5DB5-4BD4-848E-A24A3474BD0D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBFEF4B6-CDAA-465D-A2AA-64FE62C81FFB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA3DC1AE-78E9-4A7C-9D62-1C76F3B468BB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4DC8DA1C-4324-4926-9CC1-897480063432}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1EE67CB-8DEA-4812-90B3-433A2E57E26B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F85000D2-9AFC-47DC-B2AF-8E3FCA5CED3D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9ED48DC-BD9C-47F4-B02F-96C9B1217E52}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5915A619-701A-4668-B81C-8E346314F315}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A2C35757-1767-4A8D-B4D1-855D6A960549}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{C3F3C2F4-DDA7-4605-AB35-617B16131F04}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{9A5296D6-C0B1-4D28-B578-C72545AAE08F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{4624F11B-FB9D-4A9A-918C-985F8D10992D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{B1DE5339-CC24-4E50-AC50-0578CD3AE3C3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )

==================== Restore Points =========================

29-07-2019 07:49:03 ActiveWords 4
30-07-2019 08:26:33 ActiveWords 4
03-08-2019 07:56:02 ActiveWords 4
09-08-2019 09:14:42 Installed OpenOffice 4.1.6 Language Pack (English)
10-08-2019 19:55:40 ActiveWords 4

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2019 08:18:14 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/11/2019 07:57:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10076,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/11/2019 07:48:12 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (08/10/2019 09:50:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10744,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/10/2019 08:50:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1844,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/10/2019 08:35:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12768,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/10/2019 08:19:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6732,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/10/2019 08:05:00 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/10/2019 10:33:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-76OKMHN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-08-10 13:26:16.123
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0E629D48-A747-435D-BE5B-D093A8FF9A9D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-10 13:00:05.281
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F42DD48B-3289-49C7-AD26-AC3509485589}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-10 09:33:27.342
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8974F32A-28F5-4380-BFF0-742A56ED3785}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-10 08:03:00.669
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {774BA212-4F54-4122-B1E9-83E24F00044E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-09 22:34:48.358
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C121AF12-3BA7-4C71-A03A-9382376ADE5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2019-08-11 07:50:37.278
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-11 07:50:37.270
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-11 07:50:37.258
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-11 07:50:37.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-11 07:47:40.784
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-11 07:47:40.748
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-11 07:47:40.699
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-11 07:47:40.629
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.40 11/26/2009
Motherboard: ASRock M3A770DE
Processor: AMD Phenom(tm) II X4 925 Processor
Percentage of memory in use: 71%
Total physical RAM: 8191.3 MB
Available physical RAM: 2364.59 MB
Total Virtual: 9727.3 MB
Available Virtual: 2515.11 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:231.94 GB) (Free:94.74 GB) NTFS
Drive e: (The Spirit of Alaska) (CDROM) (Total:4.25 GB) (Free:0 GB) UDF

\\?\Volume{c67f46b2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{c67f46b2-0000-0000-0000-501b3a000000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: C67F46B2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=468 MB) - (Type=27)

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

The first step of my initial reply was to run Malwarebytes, did you do that....?

Share this post


Link to post
Share on other sites

Thanks for that log, continue as follows:

Uninstall this program Yahoo! Powered reboot when complete...

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 
Let me see those logs in your next reply, also tell me if there are any remaining issues or concerns...
 
Thanks,
 
Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

I`d rather you you make the fix before running MSRT, there is no fix button in the file fixlist.txt. The fix button is on the GUI of FRST..

Leave Yahoo Powered for now, we can look for that later..

Capture.JPG

Share this post


Link to post
Share on other sites

See attached, by the way, I think the problem is not all fixed. Although the virus is gone, firefox is using abnormally high memory and cpu

FRST.txt

Share this post


Link to post
Share on other sites

That is the log from a scan, I want to see the log from FRST fix..

Share this post


Link to post
Share on other sites

Can you show me recent logs from Malwarebytes to show what is found..

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Scan Report" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

 

Share this post


Link to post
Share on other sites

That log is clean, the FRST logs were also clean... What do you feel is wrong with your system...

Share this post


Link to post
Share on other sites

I assume you are referring to the following entry from AdwCleaner related to Chrome default homepage and search engines:

PUP.Optional.Legacy  MSN Homepage & Bing Search Engine

Those are not malicious per se as can be seen from the two following VirusTotal results links...

MSN Homepage - https://www.virustotal.com/gui/url/97962552ff82fe74e418cd7180f4bc8b0df37b663736ece64d78f141b3be2021/detection

Bing Search Engine - https://www.virustotal.com/gui/url/40f4d2524bcbf0fadb4efdad7b7162c2804324166d629aeb11706b4288c4270b/detection

The settings can be reverted back to usual Chrome defaults of Google homepage and Google search engine, see instructions at the following link:

https://support.google.com/chrome/answer/3296214?hl=en

Does that help, clear the issue...?

Share this post


Link to post
Share on other sites

The problem returned! I think every time I open chrome, pup.optional.legacy reappears, even if I reset chrome's setings. What should I do? 

Share this post


Link to post
Share on other sites
Make clean install of Google Chrome, see if that clears the issue...

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

For your Passwords go here:

https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server...

Continue to next step to completely Uninstall Chrome....

Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Import Passwords... (instructions in second step above)

Next,

Install Malwarebytes Browser Extension (Free) https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

Does that help

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.