Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Extensions keep coming back after being removed!


  • Please log in to reply
2 replies to this topic

#1 Fandramon

Fandramon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 AM

Posted 13 October 2018 - 04:46 PM

Hey all, I seem to have some persistently annoying add-on/extension on Chrome that keep coming back! I've reset to default chrome settings, run Malwarebytes [premium], SuperAntiSpyware [free], Bullguard Internet Security (I hate this program, would appreciate better less annoying suggestions), and Malwarebytes AdwCleaner multiple times, which finds the files, cleans them, but when I reset the computerthey come back. Have also run a disk check. I've attached a screenshot of the names of the extensions [as one is Russian]. Not sure how to get rid of these things, any help would be appreciated!

 

FRST.txt contents:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Jessica (administrator) on BURROUGHS (13-10-2018 17:39:42)
Running from C:\Users\Jessica\Documents\Downloads
Loaded Profiles: Jessica (Available Profiles: Jessica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe
(Malwarebytes) K:\adwcleaner_7.2.4.0.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SmartRecovery2\RPMDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Discord Inc.) C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\Discord.exe
(Akamai Technologies, Inc.) C:\Users\Jessica\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jessica\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Sony Interactive Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Dropbox, Inc.) C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Interactive Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Discord Inc.) C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\Discord.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Discord Inc.) C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\Discord.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Discord Inc.) C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\Discord.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgGameMon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2017-01-24] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [173416 2018-10-08] (BullGuard Ltd.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Andy] => "C:\Program Files\Andy\HandyAndy.exe"
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2017-12-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [{43d0e9f8-e35b-4e1e-94e7-1534c305dea4}] => "C:\ProgramData\Package Cache\{43d0e9f8-e35b-4e1e-94e7-1534c305dea4}\TunnelBear-Installer.exe" /burn.runonce
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstart.exe [2422272 2012-09-06] (Gigabyte Technology CO., LTD.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Run: [Discord] => C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jessica\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Run: [Dropbox Update] => C:\Users\Jessica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Run: [DiscordPTB] => C:\Users\Jessica\AppData\Local\DiscordPTB\app-0.0.43\DiscordPTB.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8893360 2018-09-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\MountPoints2: {32d22248-7caf-11e3-91a3-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3437876216-2934815057-908750906-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\Stitch.scr [471040 2017-01-24] (ScreenTime Media)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [182296 2017-11-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [159736 2017-11-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk [2017-12-20]
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Interactive Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-12-02]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-09-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.151.1
Tcpip\..\Interfaces\{5113A9E7-4768-4C92-BC59-92A9E6994747}: [DhcpNameServer] 192.168.151.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-09-23] (Microsoft Corporation)
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-09-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-09-23] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-05-25] (DVDVideoSoft Ltd.)
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2018-09-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-20] (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2017-03-26] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-09-23] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528 [2018-10-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528 -> autoconfig_url", "data:text/javascript,var%20pac_engine%20%3D%20(function%20quine(browser)%7B%0A%0Avar%20E%20%3D%20%7B%7D%3B%0A%2F%2F%20XXX%20shachar%3A%20remove%20this%20and%20everything%20that%20uses%20it%0AE.def_ext%20%3D%20%5B'gif'%2C%20'png'%2C%20'jpg'%2C%20'mp3'%2C%20'css'%2C%20'mp4'%2C%20'wmv'%2C%20'flv'%2C%20'swf'%2C%0A%20%20%20%20'mkv'%2C%20'ico'%2C%20'f4v'%2C%20'h264'%2C%20'webp'%2C%20'webm'%5D%3B%0A%0A%2F%2F%20XXX%20note%20that%20console.log%20cannot%20be%20used%20in%20the%20pac%20file%20since%20it%20causes%0A%2F%2F%20IE10%20to%20reject%20the%20pac%20file%0Avar%20g_pac_engine%20%3D%20%7B%7D%3B%0A%0Afunction%20pac_redir(url%2C%20host%2C%20do_redir)%7B%0A%20%20%20%20if%20(!do_redir%20%7C%7C%20!g_pac_engine.redir_direct)%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%20false%2C%20str%3A%20'DIRECT'%7D%3B%0A%20%20%20%20var%20ip%20%3D%20E.dns_resolver(host)%3B%0A%20%20%20%20if%20(browser.isInNet(ip%2C%20'10.0.0.0'%2C%20'255.0.0.0')%20%7C%7C%0A%20%20%20%20%20%20%20%20browser.isInNet(ip%2C%20'172.16.0.0'%2C%20'255.240.0.0')%20%7C%7C%0A%20%20%20%20%20%20%20%20browser.isInNet(ip%2C%20'192.168.0.0'%2C%20'255.255.0.0')%20%7C%7C%0A%20%20%20%20%20%20%20%20browser.isInNet(ip%2C%20'127.0.0.0'%2C%20'255.0.0.0'))%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%20false%2C%20str%3A%20'DIRECT'%7D%3B%0A%20%20%20%20%7D%0A%20%20%20%20if%20(browser.isPlainHostName(host))%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%20false%2C%20str%3A%20'DIRECT'%7D%3B%0A%20%20%20%20var%20m%20%3D%20url.match(%2F%5E.%2B%3A(%5B0-9%5D%2B)%5C%2F.*%24%2F)%3B%0A%20%20%20%20if%20(m%20%26%26%20m.length%3D%3D2%20%26%26%20m%5B1%5D!%3D'80')%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%20false%2C%20str%3A%20'DIRECT'%7D%3B%0A%20%20%20%20if%20(url.match(%2F%5Ehttps%3A.*%24%2F))%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%20false%2C%20str%3A%20'DIRECT'%7D%3B%0A%20%20%20%20return%20%7Bproxy%3A%20false%2C%0A%20%20%20%20%20%20%20%20str%3A%20'PROXY%20127.0.0.1%3A'%2Bg_pac_engine.redir_port%2B'%3B%20DIRECT'%7D%3B%0A%7D%0A%0Afunction%20get_ext(url)%7B%0A%20%20%20%20var%20ext%20%3D%20''%2C%20index%20%3D%20url.indexOf('%3F')%3B%0A%20%20%20%20if%20(index%3E%3D0)%0A%20%20%20%20%20%20%20%20url%20%3D%20url.slice(0%2C%20index)%3B%0A%20%20%20%20var%20ext_index%20%3D%20url.lastIndexOf('.'%2C%20url.length)%3B%0A%20%20%20%20var%20_ext_index%20%3D%20url.lastIndexOf('%2F'%2C%20url.length)%3B%0A%20%20%20%20if%20(ext_index%3E%3D0%20%26%26%20ext_index%3E_ext_index)%0A%20%20%20%20%20%20%20%20ext%20%3D%20url.slice(ext_index%2B1)%3B%0A%20%20%20%20else%20if%20(_ext_index%3E%3D0)%0A%20%20%20%20%20%20%20%20ext%20%3D%20url.slice(_ext_index%2B1)%3B%0A%20%20%20%20return%20ext%3B%0A%7D%0A%0Afunction%20is_ip(host)%7B%20return%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2F.test(host)%3B%20%7D%0A%0Afunction%20handle_then(value%2C%20url%2C%20host%2C%20do_redir%2C%20exception%2C%20orig_proxy)%7B%0A%20%20%20%20if%20(value%3D%3D'DIRECT')%0A%20%20%20%20%20%20%20%20return%20pac_redir(url%2C%20host%2C%20do_redir)%3B%0A%20%20%20%20var%20n%20%3D%20value.split('%20')%3B%0A%20%20%20%20if%20(exception%20%26%26%20n%5B0%5D%3D%3D'PROXY')%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20if%20(n.length%3D%3D1)%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20null%3B%0A%20%20%20%20%20%20%20%20if%20(n%5B1%5D%3D%3D'XX'%20%26%26%20orig_proxy)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20c%20%3D%20orig_proxy.split('%20')%5B1%5D.split('.')%5B0%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%20true%2C%20str%3A%20'PROXY%20'%2Bc%7D%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20if%20(n.length%3C2)%0A%20%20%20%20%20%20%20%20return%20pac_redir(url%2C%20host%2C%20do_redir)%3B%0A%20%20%20%20else%20if%20(!%7BPROXY%3A%201%2C%20SOCKS%3A%201%2C%20SOCKS5%3A%201%7D%5Bn%5B0%5D%5D)%0A%20%20%20%20%20%20%20%20return%20pac_redir(url%2C%20host%2C%20do_redir)%3B%0A%20%20%20%20if%20(g_pac_engine.ext)%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%20true%2C%20str%3A%20value%7D%3B%0A%20%20%20%20return%20%7Bproxy%3A%20true%2C%20str%3A%20'PROXY%20127.0.0.1%3A'%2Bg_pac_engine.proxy_port%7D%3B%0A%7D%0A%0Afunction%20host_cb(name%2C%20rule%2C%20cmd%2C%20url%2C%20host%2C%20do_redir%2C%20opt)%7B%0A%20%20%20%20if%20(!cmd%5B'if'%5D)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20if%20(cmd.dst_dns)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20handle_then(cmd.then%2C%20url%2C%20host%2C%20do_redir%2C%20opt.exception%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20opt.orig_proxy)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20cmd%5B'if'%5D%20%3D%20%5B%7Bext%3A%20'def-ext'%2C%20type%3A%20'in'%2C%20then%3A%20'DIRECT'%7D%5D%3B%0A%20%20%20%20%7D%0A%20%20%20%20var%20ext%20%3D%20get_ext(url)%3B%0A%20%20%20%20for%20(var%20i%3D0%3B%20i%3Ccmd%5B'if'%5D.length%3B%20i%2B%2B)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20_if%20%3D%20cmd%5B'if'%5D%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20var%20arg%20%3D%20null%2C%20value%20%3D%20null%3B%0A%20%20%20%20%20%20%20%20var%20type%20%3D%20'%3D%3D'%3B%0A%20%20%20%20%20%20%20%20if%20(!_if.then)%0A%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20if%20(_if.type)%0A%20%20%20%20%20%20%20%20%20%20%20%20type%20%3D%20_if.type%3B%0A%20%20%20%20%20%20%20%20if%20(_if.host)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20arg%20%3D%20host%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20value%20%3D%20_if.host%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20else%20if%20(_if.url)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20arg%20%3D%20url%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20value%20%3D%20_if.url%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20else%20if%20(_if.ext)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20arg%20%3D%20ext%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20value%20%3D%20_if.ext%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(value%3D%3D'def-ext'%20%26%26%20!(value%20%3D%20rule%5B'def-ext'%5D))%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20value%20%3D%20E.def_ext%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20else%20if%20(_if.main)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20arg%20%3D%20opt.is_main%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20value%20%3D%20_if.main%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20else%0A%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20var%20cmp%3B%0A%20%20%20%20%20%20%20%20switch%20(type)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20case%20'%3D%3D'%3A%20cmp%20%3D%20arg%3D%3Dvalue%3B%20break%3B%0A%20%20%20%20%20%20%20%20case%20'!%3D'%3A%20cmp%20%3D%20arg!%3Dvalue%3B%20break%3B%0A%20%20%20%20%20%20%20%20case%20'%3D~'%3A%20cmp%20%3D%20arg.match(value)%3B%20break%3B%0A%20%20%20%20%20%20%20%20case%20'!~'%3A%20cmp%20%3D%20!arg.match(value)%3B%20break%3B%0A%20%20%20%20%20%20%20%20case%20'%3Da'%3A%0A%20%20%20%20%20%20%20%20case%20'in'%3A%20cmp%20%3D%20value.indexOf(arg)!%3D-1%3B%20break%3B%0A%20%20%20%20%20%20%20%20case%20'!a'%3A%0A%20%20%20%20%20%20%20%20case%20'not_in'%3A%20cmp%20%3D%20value.indexOf(arg)%3D%3D-1%3B%20break%3B%0A%20%20%20%20%20%20%20%20case%20'%3Do'%3A%20cmp%20%3D%20!!value%5Barg%5D%3B%20break%3B%0A%20%20%20%20%20%20%20%20case%20'!o'%3A%20cmp%20%3D%20!value%5Barg%5D%3B%20break%3B%0A%20%20%20%20%20%20%20%20default%3A%20continue%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%20(cmp)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20handle_then(_if.then%2C%20url%2C%20host%2C%20do_redir%2C%20opt.exception%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20opt.orig_proxy)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%20(_if%5B'else'%5D)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20handle_then(_if%5B'else'%5D%2C%20url%2C%20host%2C%20do_redir%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20opt.exception%2C%20opt.orig_proxy)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20return%20handle_then(cmd.then%2C%20url%2C%20host%2C%20do_redir%2C%20opt.exception%2C%0A%20%20%20%20%20%20%20%20opt.orig_proxy)%3B%0A%7D%0A%0Afunction%20inet_aton(str)%7B%0A%20%20%20%20var%20laddr%20%3D%200%2C%20i%2C%20parts%20%3D%20%2F%5E(%5Cd%2B)%5C.(%5Cd%2B)%5C.(%5Cd%2B)%5C.(%5Cd%2B)%24%2F.exec(str)%3B%0A%20%20%20%20if%20(!parts)%0A%20%20%20%20%20%20%20%20return%20null%3B%0A%20%20%20%20parts.shift()%3B%0A%20%20%20%20for%20(i%3D0%3B%20i%3Cparts.length%3B%20i%2B%2B)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20laddr%20*%3D%20256%3B%0A%20%20%20%20%20%20%20%20laddr%20%2B%3D%20%2Bparts%5Bi%5D%3B%0A%20%20%20%20%7D%0A%20%20%20%20return%20laddr%3B%0A%7D%0A%0Afunction%20set_rule(name%2C%20rule%2C%20cmd%2C%20hosts)%7B%0A%20%20%20%20var%20_cif%20%3D%20cmd%5B'if'%5D%2C%20i%3B%0A%20%20%20%20if%20(_cif)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20for%20(i%3D0%3B%20i%3C_cif.length%3B%20i%2B%2B)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20_if%20%3D%20_cif%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(_if.type%3D%3D'%3D~'%20%7C%7C%20_if.type%3D%3D'!~')%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20(_if.host)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_if.host%20%3D%20new%20RegExp(_if.host)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20else%20if%20(_if.url)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_if.url%20%3D%20new%20RegExp(_if.url)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20else%20if%20(_if.ext)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_if.ext%20%3D%20new%20RegExp(_if.ext)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20if%20(!cmd.hosts)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20hosts.hosts%5B'*'%5D%20%3D%20function(url%2C%20host%2C%20do_redir%2C%20opt)%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20host_cb(name%2C%20rule%2C%20cmd%2C%20url%2C%20host%2C%20do_redir%2C%20opt)%3B%20%7D%3B%0A%20%20%20%20%20%20%20%20return%3B%0A%20%20%20%20%7D%0A%20%20%20%20for%20(i%3D0%3B%20i%3Ccmd.hosts.length%3B%20i%2B%2B)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20_host%20%3D%20cmd.hosts%5Bi%5D%2C%20n%3B%0A%20%20%20%20%20%20%20%20if%20(n%20%3D%20_host.match(%2F%5E((%5Cd%7B1%2C3%7D%5C.)%7B3%7D%5Cd%7B1%2C3%7D)(%5C%2F(%5Cd%2B))%3F%24%2F))%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(!cmd.ips)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20cmd.ips%20%3D%20%5B%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20bits%20%3D%2032%20-%20(n%5B4%5D%20%3F%20%2Bn%5B4%5D%20%3A%2032)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(bits%3C0)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20bits%20%3D%200%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20mask%20%3D%20inet_aton(n%5B1%5D)%20%3E%3E%3E%20bits%20%3C%3C%20bits%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts.ips.push(%7Bmask%3A%20mask%2C%20bits%3A%20bits%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20func%3A%20function(url%2C%20host%2C%20do_redir%2C%20exception)%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20host_cb(name%2C%20rule%2C%20cmd%2C%20url%2C%20host%2C%20do_redir%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20exception)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%7D)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20hosts.hosts%5B_host%5D%20%3D%20function(url%2C%20host%2C%20do_redir%2C%20opt)%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20host_cb(name%2C%20rule%2C%20cmd%2C%20url%2C%20host%2C%20do_redir%2C%20opt)%3B%20%7D%3B%0A%20%20%20%20%7D%0A%7D%0A%0Afunction%20parse_cmds(name%2C%20rule%2C%20rules%2C%20hosts%2C%20by_rules)%7B%0A%20%20%20%20var%20cmds%20%3D%20rule.cmds%3B%0A%20%20%20%20if%20(!cmds)%0A%20%20%20%20%20%20%20%20return%3B%0A%20%20%20%20for%20(var%20i%3D0%3B%20i%3Ccmds.length%3B%20i%2B%2B)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20cmd%20%3D%20cmds%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20if%20(cmd.rule)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20_name%20%3D%20cmd.rule%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20parse_cmds(_name%2C%20rules%5B_name%5D%2C%20rules%2C%20hosts)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%20(!cmd.hosts%20%26%26%20!by_rules)%0A%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20if%20(!cmd.then)%0A%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20set_rule(name%2C%20rule%2C%20cmd%2C%20hosts)%3B%0A%20%20%20%20%7D%0A%7D%0Afunction%20hex_decode(h)%7B%0A%20%20%20%20var%20s%20%3D%20''%3B%0A%20%20%20%20for%20(var%20i%20%3D%200%3B%20i%20%3C%20h.length%3B%20i%2B%3D2)%0A%20%20%20%20%20%20%20%20s%20%2B%3D%20String.fromCharCode(parseInt(h.substr(i%2C%202)%2C%2016))%3B%0A%20%20%20%20return%20decodeURIComponent(escape(s))%3B%0A%7D%0Afunction%20local_hola_cb(url)%7B%0A%20%20%20%20var%20n%3B%0A%20%20%20%20try%20%7B%0A%20%20%20%20%20%20%20%20if%20(n%20%3D%20url.match(%2F%5Ehttp%3A%5C%2F%5C%2F(.*).local.hola%5C%2F%3F%24%2F))%0A%20%20%20%20%20%20%20%20%20%20%20%20n%20%3D%20JSON.parse(hex_decode(n%5B1%5D))%3B%0A%20%20%20%20%7D%20catch(e)%7B%20n%20%3D%20null%3B%20%7D%0A%20%20%20%20if%20(!n%20%7C%7C%20n.key!%3Dg_pac_engine.key)%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%200%2C%20str%3A%20'PROXY%20127.0.0.1%3A0'%7D%3B%0A%20%20%20%20if%20(!g_pac_engine.local_redir)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20g_pac_engine.local_redir%20%3D%20%7B%7D%3B%0A%20%20%20%20%20%20%20%20g_pac_engine.local_counter%20%3D%200%3B%0A%20%20%20%20%7D%0A%20%20%20%20var%20set%20%3D%20n.set%3B%0A%20%20%20%20var%20proxy%20%3D%20n.proxy%3B%0A%20%20%20%20var%20entry%20%3D%20g_pac_engine.local_redir%5Bset%5D%3B%0A%20%20%20%20if%20(!entry%20%7C%7C%20entry.proxy%20!%3D%20proxy)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20entry%20%3D%20g_pac_engine.local_redir%5Bset%5D%20%3D%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20proxy%3A%20proxy%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20count%3A%200%2C%0A%20%20%20%20%20%20%20%20%7D%3B%0A%20%20%20%20%7D%0A%20%20%20%20entry.count%2B%2B%3B%0A%20%20%20%20entry.ts%20%3D%20Date.now()%3B%0A%20%20%20%20return%20%7Bproxy%3A%200%2C%20str%3A%20'PROXY%20127.0.0.1%3A0'%7D%3B%0A%7D%0A%0AE.init%20%3D%20function(json%2C%20options)%7B%0A%20%20%20%20options%20%3D%20options%7C%7C%7B%7D%3B%0A%20%20%20%20g_pac_engine%20%3D%20%7B%0A%20%20%20%20%20%20%20%20hosts%3A%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts%3A%20%7B%7D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20ips%3A%20%5B%5D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts_cache%3A%20%7B%7D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts_counter%3A%200%2C%0A%20%20%20%20%20%20%20%20%7D%2C%0A%20%20%20%20%20%20%20%20exceptions%3A%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts%3A%20%7B%7D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20ips%3A%20%5B%5D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts_cache%3A%20%7B%7D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts_counter%3A%200%2C%0A%20%20%20%20%20%20%20%20%7D%2C%0A%20%20%20%20%20%20%20%20ext%3A%20options.ext%7C%7C0%2C%0A%20%20%20%20%20%20%20%20by_rules%3A%20options.by_rules%7C%7C0%2C%0A%20%20%20%20%20%20%20%20do_redir%3A%20options.do_redir%7C%7C0%2C%0A%20%20%20%20%20%20%20%20redir_direct%3A%20options.redir_direct%3D%3D%3Dundefined%20%7C%7C%20options.redir_direct%2C%0A%20%20%20%20%20%20%20%20proxy_port%3A%20options.proxy_port%7C%7C6857%2C%0A%20%20%20%20%20%20%20%20redir_port%3A%20options.redir_port%7C%7C6850%2C%0A%20%20%20%20%20%20%20%20key%3A%20options.key%2C%0A%20%20%20%20%7D%3B%0A%20%20%20%20if%20(!json.unblocker_rules)%0A%20%20%20%20%20%20%20%20return%20-1%3B%0A%20%20%20%20var%20rules%20%3D%20json.unblocker_rules%2C%20rule%2C%20i%3B%0A%20%20%20%20if%20(!g_pac_engine.by_rules)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20for%20(i%20in%20rules)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20rule%20%3D%20rules%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(rule.internal%20%7C%7C%20(g_pac_engine.ext%20%26%26%20!rule.enabled))%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20parse_cmds(i%2C%20rule%2C%20rules%2C%20g_pac_engine.hosts)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20else%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20g_pac_engine.rules%20%3D%20%7B%7D%3B%0A%20%20%20%20%20%20%20%20for%20(i%20in%20rules)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20rule%20%3D%20rules%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(rule.internal%20%7C%7C%20(g_pac_engine.ext%20%26%26%20!rule.enabled))%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(!rule.root_url)%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20parse_cmds(i%2C%20rule%2C%20rules%2C%20g_pac_engine.hosts)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(!rule.cmds)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20g_pac_engine.rules%5Bi%5D%20%3D%20%7Bhosts%3A%20%7B%7D%2C%20ips%3A%20%5B%5D%2C%20hosts_cache%3A%20%7B%7D%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20hosts_counter%3A%200%7D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20parse_cmds(i%2C%20rule%2C%20rules%2C%20g_pac_engine.rules%5Bi%5D%2C%201)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20g_pac_engine.hosts.hosts%5B'local.hola'%5D%20%3D%20local_hola_cb%3B%0A%20%20%20%20g_pac_engine.hosts.hosts%5B'127.255.255.255'%5D%20%3D%20function(url%2C%20host)%7B%0A%20%20%20%20%20%20%20%20return%20%7Bproxy%3A%200%2C%20str%3A%20'PROXY%20'%2Bhost%2B'%3A0'%7D%3B%20%7D%3B%0A%20%20%20%20if%20(json.unblocker_globals)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20rules%20%3D%20json.unblocker_globals%3B%0A%20%20%20%20%20%20%20%20for%20(i%20in%20rules)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20rule%20%3D%20rules%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20parse_cmds(i%2C%20rule%2C%20rules%2C%20g_pac_engine.exceptions)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20return%200%3B%0A%7D%3B%0A%0Afunction%20find_proxy_for_url(url%2C%20host%2C%20hosts%2C%20opt)%7B%0A%20%20%20%20opt%20%3D%20opt%7C%7C%7B%7D%3B%0A%20%20%20%20var%20do_redir%20%3D%20g_pac_engine.do_redir%3B%0A%20%20%20%20if%20(hosts.hosts_cache)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20c%20%3D%20hosts.hosts_cache%5Bhost%5D%3B%0A%20%20%20%20%20%20%20%20if%20(c%20%26%26%20c.func)%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20c.func(url%2C%20host%2C%20do_redir%2C%20opt)%3B%0A%20%20%20%20%20%20%20%20if%20©%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20pac_redir(url%2C%20host%2C%20do_redir)%3B%0A%20%20%20%20%7D%0A%20%20%20%20if%20(hosts.hosts_counter%3E5000)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20hosts.hosts_counter%20%3D%200%3B%0A%20%20%20%20%20%20%20%20hosts.hosts_cache%20%3D%20%7B%7D%3B%0A%20%20%20%20%7D%0A%20%20%20%20if%20(is_ip(host))%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20ip%20%3D%20inet_aton(host)%3B%0A%20%20%20%20%20%20%20%20var%20ips%20%3D%20hosts.ips%3B%0A%20%20%20%20%20%20%20%20for%20(var%20i%3D0%3B%20i%3Cips.length%3B%20i%2B%2B)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20_ip%20%3D%20ips%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20((ip%20%3E%3E%3E%20_ip.bits%20%3C%3C%20_ip.bits)%5E_ip.mask)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20continue%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts.hosts_cache%5Bhost%5D%20%3D%20%7Bfunc%3A%20_ip.func%7D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts.hosts_counter%2B%2B%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20_ip.func(url%2C%20host%2C%20do_redir%2C%20opt)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20var%20index%20%3D%20-1%3B%0A%20%20%20%20for%20(%3B%3B)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20func%20%3D%20hosts.hosts%5B'*'%5D%7C%7Chosts.hosts%5Bhost.substr(index%2B1)%5D%3B%0A%20%20%20%20%20%20%20%20if%20(func)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts.hosts_cache%5Bhost%5D%20%3D%20%7Bfunc%3A%20func%7D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20hosts.hosts_counter%2B%2B%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20func(url%2C%20host%2C%20do_redir%2C%20opt)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%20((index%20%3D%20host.indexOf('.'%2C%20index%2B1))%3C0)%0A%20%20%20%20%20%20%20%20%20%20%20%20break%3B%0A%20%20%20%20%7D%0A%20%20%20%20if%20(opt.exception)%0A%20%20%20%20%20%20%20%20return%20null%3B%0A%20%20%20%20hosts.hosts_cache%5Bhost%5D%20%3D%20%7B%7D%3B%0A%20%20%20%20hosts.hosts_counter%2B%2B%3B%0A%20%20%20%20return%20pac_redir(url%2C%20host%2C%20do_redir)%3B%0A%7D%0A%0AE.FindProxyForURL%20%3D%20function(url%2C%20host)%7B%0A%20%20%20%20var%20pac%20%3D%20g_pac_engine%2C%20locals%20%3D%20pac.local_redir%2C%20ret%3B%0A%20%20%20%20if%20(host.match(%2F%5E(.*)%5C.local%5C.hola%24%2F))%0A%20%20%20%20%20%20%20%20host%20%3D%20'local.hola'%3B%0A%20%20%20%20if%20(host.match(%2F%5E(.*)%5C.trigger%5C.hola%5C.org%24%2F))%0A%20%20%20%20%20%20%20%20host%20%3D%20host.replace('.trigger.hola.org'%2C%20'')%3B%0A%20%20%20%20if%20(locals%20%26%26%20host!%3D'local.hola')%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20then%20%3D%20locals%5Burl%5D%3B%0A%20%20%20%20%20%20%20%20if%20(then%20%26%26%20Date.now()%20-%20then.ts%20%3E%202000)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20then%20%3D%20false%3B%0A%20%20%20%20%20%20%20%20%20%20%20delete%20locals%5Burl%5D%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%20(then)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20(!--then.count)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20delete%20locals%5Burl%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20ret%20%3D%20handle_then(then.proxy%2C%20url%2C%20host%2C%20pac.do_redir)%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20pac.local_counter%2B%2B%3B%0A%20%20%20%20%20%20%20%20if%20(!(pac.local_counter%251000))%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20cur_ts%20%3D%20Date.now()%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20for%20(var%20i%20in%20locals)%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20var%20local%20%3D%20locals%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20(cur_ts-local.ts%20%3E%2010000)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20delete%20locals%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20pac.local_counter%20%3D%200%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%20%20if%20(!ret)%0A%20%20%20%20%20%20%20%20ret%20%3D%20find_proxy_for_url(url%2C%20host%2C%20pac.hosts)%3B%0A%20%20%20%20if%20(ret.proxy)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20ex%20%3D%20find_proxy_for_url(url%2C%20host%2C%20pac.exceptions%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%7Bexception%3A%201%2C%20orig_proxy%3A%20ret.proxy%7D)%3B%0A%20%20%20%20%20%20%20%20if%20(ex)%0A%20%20%20%20%20%20%20%20%20%20%20%20ret%20%3D%20ex%3B%0A%20%20%20%20%7D%0A%20%20%20%20return%20ret.str%3B%0A%7D%3B%0A%0AE.find_proxy_for_url_rule%20%3D%20function(rule%2C%20url%2C%20host%2C%20is_main%2C%20no_global)%7B%0A%20%20%20%20var%20pac%20%3D%20g_pac_engine%2C%20ret%3B%0A%20%20%20%20if%20(host.match(%2F%5E(.*)%5C.trigger%5C.hola%5C.org%2F))%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20host%20%3D%20host.replace('.trigger.hola.org'%2C%20'')%3B%0A%20%20%20%20%20%20%20%20url%20%3D%20url.replace('.trigger.hola.org'%2C%20'')%3B%0A%20%20%20%20%7D%0A%20%20%20%20var%20r%20%3D%20pac.rules%20%26%26%20rule%20%3F%20pac.rules%5Brule%5D%20%3A%20pac.hosts%3B%0A%20%20%20%20if%20(!r)%0A%20%20%20%20%20%20%20%20return%20'DIRECT'%3B%0A%20%20%20%20ret%20%3D%20find_proxy_for_url(url%2C%20host%2C%20r%2C%20%7Bis_main%3A%20is_main%7D)%3B%0A%20%20%20%20if%20(ret.proxy%20%26%26%20!no_global)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20var%20ex%20%3D%20find_proxy_for_url(url%2C%20host%2C%20pac.exceptions%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%7Bexception%3A%201%2C%20orig_proxy%3A%20ret.proxy%7D)%3B%0A%20%20%20%20%20%20%20%20if%20(ex)%0A%20%20%20%20%20%20%20%20%20%20%20%20ret%20%3D%20ex%3B%0A%20%20%20%20%7D%0A%20%20%20%20return%20ret.str%3B%0A%7D%3B%0A%0AE.find_proxy_for_url_exception%20%3D%20function(url%2C%20host%2C%20orig)%7B%0A%20%20%20%20var%20ret%20%3D%20find_proxy_for_url(url%2C%20host%2C%20g_pac_engine.exceptions%2C%0A%20%20%20%20%20%20%20%20%7Bexception%3A%201%2C%20orig_proxy%3A%20orig%7D)%3B%0A%20%20%20%20return%20ret%20%3F%20ret.str%20%3A%20orig%3B%0A%7D%3B%0A%0AE.t%20%3D%20%7B%0A%20%20%20%20global_var%3A%20function()%7B%20return%20g_pac_engine%3B%20%7D%2C%0A%20%20%20%20pac_redir%3A%20pac_redir%2C%0A%20%20%20%20get_ext%3A%20get_ext%2C%0A%7D%3B%0A%0AE.gen_pac%20%3D%20function(json%2C%20options)%7B%0A%20%20%20%20return%20'var%20pac_engine%20%3D%20('%2Bquine%2B')(%7B%5Cn'%0A%20%20%20%20%20%20%20%20%2B'%20%20%20%20isInNet%3A%20isInNet%2C%20isPlainHostName%3A%20isPlainHostName%7D)%3B%5Cn'%0A%20%20%20%20%20%20%20%20%2B'function%20FindProxyForURL(url%2C%20host)%7B%5Cn'%0A%20%20%20%20%20%20%20%20%2B'%20%20%20%20return%20pac_engine.FindProxyForURL(url%2C%20host)%3B%5Cn'%0A%20%20%20%20%20%20%20%20%2B'%7D%5Cn'%0A%20%20%20%20%20%20%20%20%2B'pac_engine.dns_resolver%20%3D%20dnsResolve%3B%5Cn'%0A%20%20%20%20%20%20%20%20%2B'pac_engine.init('%2BJSON.stringify(json)%2B'%2C%20'%0A%20%20%20%20%20%20%20%20%20%20%20%20%2BJSON.stringify(options)%2B')%3B%5Cn'%3B%0A%7D%3B%0A%0Areturn%20E%3B%20%7D)(%7B%0A%20%20%20%20isInNet%3A%20isInNet%2C%20isPlainHostName%3A%20isPlainHostName%7D)%3B%0Afunction%20FindProxyForURL(url%2C%20host)%7B%0A%20%20%20%20return%20pac_engine.FindProxyForURL(url%2C%20host)%3B%0A%7D%0Apac_engine.dns_resolver%20%3D%20dnsResolve%3B%0Apac_engine.init(%7B%22unblocker_rules%22%3A%7B%7D%7D%2C%20%7B%22do_redir%22%3Afalse%2C%22ext%22%3A1%2C%22key%22%3A%222b4a5064671c61a496188278d6e257ed636bf96d4a17f67f1b84eeef9c33442%22%7D)%3B%0A"
FF Session Restore: Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528 -> is enabled.
FF Extension: (media-capture) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528\Extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack.xpi [2018-09-18]
FF Extension: (HTTPS Everywhere) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528\Extensions\https-everywhere-eff@eff.org.xpi [2018-09-20]
FF Extension: (Privacy Badger) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2018-10-04]
FF Extension: (uBlock Origin) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528\Extensions\uBlock0@raymondhill.net.xpi [2018-09-23]
FF Extension: (Video DownloadHelper) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\0wx0vpkh.default-1485232022528\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-02] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: (BullGuard Safe Browsing) - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-08-13] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Firefox\Extensions: [dmpluginff@westbyte.com] - C:\Program Files (x86)\Download Master\distribution\bundles\dmpluginff@westbyte.com => not found
FF HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Firefox\Extensions: [dmmm@westbyte.com] - C:\Program Files (x86)\Download Master\distribution\bundles\dmmm@westbyte.com => not found
FF HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Firefox\Extensions: [dmbarff@westbyte.com] - C:\Program Files (x86)\Download Master\distribution\bundles\dmbarff@westbyte.com => not found
FF HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Firefox\Extensions: [dmremote@westbyte.com] - C:\Program Files (x86)\Download Master\distribution\bundles\dmremote@westbyte.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-01-17] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-01-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2018-09-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3437876216-2934815057-908750906-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jessica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> yandex.ru
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default [2018-10-13]
CHR Extension: (ProxFlow) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2018-09-21]
CHR Extension: (Google Translate) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-29]
CHR Extension: (Slides) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Batch Link Downloader) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahkbnnpafepcgnhhecilboebmmolnn [2017-10-30]
CHR Extension: (Flash Video Downloader) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-23]
CHR Extension: (Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-08]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Sad Panda) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2018-05-16]
CHR Extension: (Adblock Plus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-12]
CHR Extension: (OneTab) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-02]
CHR Extension: (Google Search) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-09-03]
CHR Extension: (Session Buddy) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (minerBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2018-10-13]
CHR Extension: (uBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-10-13]
CHR Extension: (FrankerFaceZ) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2015-03-15]
CHR Extension: (Sheets) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (HTTPS Everywhere) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03]
CHR Extension: (Pinterest Save Button) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-09-26]
CHR Extension: (SearchPreview) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2018-10-13]
CHR Extension: (iGive Button) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcjdamjhkmdccbmbilbpabpofenchge [2018-05-27]
CHR Extension: (New XKit) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2018-04-02] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION
CHR Extension: (ReChat for Twitch™) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-03-03]
CHR Extension: (Google +1 Button) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2017-08-06]
CHR Extension: (Search by image on Aliexpress) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kafhoidinlbamepifokmbjdkkciefhgh [2018-09-23]
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2014-01-15]
CHR Extension: (Vimeo Video Downloader) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lieleokakhofondondkehlhghhbadcch [2018-03-10]
CHR Extension: (Video DownloadHelper) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-08]
CHR Extension: (Dragons of Atlantis) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf [2014-01-15]
CHR Extension: (CHROMIFIED Google Translate [BBmod]) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddinjaeleehccjagphnmkcjafhidhmc [2017-01-01]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Tumblr Savior) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2018-05-27]
CHR Extension: (Gmail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR HKLM-x32\...\Chrome\Extension: [dljdacfojgikogldjffnkdcielnklkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gbjeiekahklbgbfccohipinhgaadijad] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-22] (Adobe Systems) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBackup.exe [1608552 2018-10-08] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe [570216 2018-10-08] (BullGuard Ltd.)
S3 BsHelper; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardHelper.exe [271856 2018-08-25] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe [5852520 2018-10-12] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe [1047912 2018-10-12] (BullGuard Ltd.)
R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe [806248 2018-10-12] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [305512 2018-10-08] (BullGuard Ltd.)
R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe [462184 2018-10-08] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [489320 2018-10-12] (BullGuard Ltd.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [244800 2016-07-04] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6514752 2016-08-23] (GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3520872 2015-09-22] (INCA Internet Co., Ltd.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1800832 2012-10-01] (Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2017-12-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [X]
U4 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [X]
S2 mi-raysat_3dsmax2014_64; "K:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe" [X]
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2016-09-20] (BullGuard Ltd.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [152664 2017-06-29] (BullGuard Ltd.)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [84264 2018-05-06] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [76728 2015-10-15] (BullGuard Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [537080 2017-07-19] (Intel Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-13] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-05-06] (BitDefender S.R.L.)
S3 TTDrv; K:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 VGPU; no ImagePath
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2018-04-02] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 mdf16; \??\C:\Users\Jessica\AppData\Local\Temp\mdf16.sys [X] <==== ATTENTION
S3 mvd23; \??\C:\Users\Jessica\AppData\Local\Temp\mvd23.sys [X] <==== ATTENTION
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-13 17:28 - 2018-10-13 17:28 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-13 17:28 - 2018-10-13 17:28 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-13 17:28 - 2018-10-13 17:28 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-13 17:28 - 2018-10-13 17:28 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-13 16:05 - 2018-10-13 16:05 - 000000000 ____D C:\ProgramData\Pure Networks
2018-10-13 15:52 - 2018-10-13 15:52 - 000000000 ____D C:\SUPERDelete
2018-10-13 15:50 - 2018-10-13 15:50 - 000001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-10-13 15:50 - 2018-10-13 15:50 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\SUPERAntiSpyware.com
2018-10-13 15:50 - 2018-10-13 15:50 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-10-13 15:50 - 2018-10-13 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-10-13 15:50 - 2018-10-13 15:50 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-10-13 15:43 - 2018-10-13 15:43 - 000005898 _____ C:\Users\Jessica\Desktop\JRT.txt
2018-10-13 00:31 - 2018-10-13 00:31 - 000000000 ____D C:\Windows\system32\GPUCache
2018-10-13 00:27 - 2018-10-13 00:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-10-13 00:26 - 2018-10-13 00:26 - 000001195 _____ C:\Users\Jessica\AppData\Local\recently-used.xbel
2018-10-12 08:33 - 2018-10-08 04:25 - 000181728 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2018-10-12 08:33 - 2018-10-08 04:25 - 000165200 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2018-10-10 20:13 - 2018-10-10 20:13 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-06 19:16 - 2018-10-06 19:16 - 000000000 ____D C:\Users\Jessica\AppData\Local\_ImagineUpdate
2018-10-04 17:22 - 2018-10-13 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-04 17:22 - 2018-10-06 20:12 - 000001911 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-04 17:22 - 2018-10-04 17:22 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-04 17:22 - 2018-10-04 17:22 - 000000000 ____D C:\Users\Jessica\AppData\Local\mbamtray
2018-10-04 17:22 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-27 22:12 - 2018-09-27 22:13 - 017584485 _____ C:\Users\Jessica\Desktop\MyDW2Movie.mp4
2018-09-27 22:07 - 2018-09-27 22:07 - 000000000 _____ C:\Users\Jessica\Desktop\slowdw2-2.avi
2018-09-27 22:06 - 2018-09-27 22:07 - 1895013376 _____ C:\Users\Jessica\Desktop\slowdw2-2.wav
2018-09-27 22:04 - 2018-09-27 22:04 - 2973144064 _____ C:\Users\Jessica\Desktop\slowdw2.avi
2018-09-22 23:58 - 2018-09-23 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-09-22 19:18 - 2018-09-22 19:35 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-22 19:15 - 2018-10-02 19:40 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-09-22 17:55 - 2018-09-22 17:55 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\fltk.org
2018-09-21 20:15 - 2018-09-21 20:15 - 000000000 ____D C:\Users\Jessica\AppData\Local\mbam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-13 17:39 - 2018-06-03 13:12 - 000000000 ____D C:\FRST
2018-10-13 17:39 - 2014-01-15 13:37 - 000000000 ____D C:\ProgramData\BullGuard
2018-10-13 17:36 - 2009-07-14 00:45 - 000075664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-13 17:36 - 2009-07-14 00:45 - 000075664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-13 17:34 - 2014-10-26 23:53 - 000744258 _____ C:\Windows\system32\prfh0816.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000729320 _____ C:\Windows\system32\prfh0416.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000438702 _____ C:\Windows\system32\perfh012.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000410222 _____ C:\Windows\system32\prfh0404.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000392922 _____ C:\Windows\system32\prfh0804.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000163052 _____ C:\Windows\system32\prfc0816.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000157988 _____ C:\Windows\system32\prfc0416.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000129606 _____ C:\Windows\system32\perfc012.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000128814 _____ C:\Windows\system32\prfc0804.dat
2018-10-13 17:34 - 2014-10-26 23:53 - 000124312 _____ C:\Windows\system32\prfc0404.dat
2018-10-13 17:34 - 2014-01-18 02:44 - 000426960 _____ C:\Windows\system32\perfh011.dat
2018-10-13 17:34 - 2014-01-18 02:44 - 000131322 _____ C:\Windows\system32\perfc011.dat
2018-10-13 17:34 - 2009-07-14 01:13 - 004677832 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-13 17:34 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-10-13 17:31 - 2015-06-24 21:45 - 000000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000UA.job
2018-10-13 17:29 - 2017-03-03 18:46 - 000000000 ____D C:\Users\Jessica\AppData\LocalLow\Mozilla
2018-10-13 17:28 - 2017-12-02 00:44 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-10-13 17:28 - 2017-03-02 18:36 - 000000000 __SHD C:\Users\Jessica\IntelGraphicsProfiles
2018-10-13 17:28 - 2014-01-13 20:43 - 000025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-10-13 17:28 - 2014-01-13 20:40 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-13 17:28 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-13 17:14 - 2017-01-24 00:08 - 000004456 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-10-13 17:14 - 2014-07-08 19:34 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-13 17:14 - 2014-07-08 19:34 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-13 17:14 - 2014-07-08 19:34 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-13 17:14 - 2014-01-15 18:11 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-13 17:14 - 2014-01-15 16:32 - 000000000 ____D C:\Users\Jessica\AppData\Local\Adobe
2018-10-13 17:07 - 2014-03-01 16:15 - 000000000 __HDC C:\ProgramData\~0
2018-10-13 17:05 - 2014-03-01 16:14 - 000000000 ____D C:\Program Files (x86)\Linksys
2018-10-13 16:03 - 2017-03-04 21:49 - 000000000 ____D C:\Users\Jessica\VirtualBox VMs
2018-10-13 16:03 - 2017-03-04 21:49 - 000000000 ____D C:\Users\Jessica\.VirtualBox
2018-10-13 16:03 - 2017-03-04 21:48 - 000000000 ____D C:\ProgramData\Andy
2018-10-13 16:03 - 2014-01-13 20:06 - 000000000 ____D C:\Users\Jessica
2018-10-13 16:02 - 2017-03-02 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2018-10-13 16:01 - 2014-02-12 16:04 - 000000000 ____D C:\Program Files (x86)\HP
2018-10-13 16:00 - 2014-02-12 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-10-13 15:39 - 2018-03-21 02:57 - 000000000 ____D C:\Users\Jessica\Documents\My Digital Editions
2018-10-13 15:39 - 2016-02-12 04:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2018-10-13 15:39 - 2014-01-15 16:32 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-10-13 01:52 - 2014-01-15 16:42 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-13 00:46 - 2016-05-30 02:20 - 000000000 ____D C:\AdwCleaner
2018-10-13 00:45 - 2016-06-17 20:21 - 000000000 ____D C:\Users\Jessica\AppData\Local\CrashDumps
2018-10-13 00:20 - 2014-01-23 02:14 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\vlc
2018-10-12 19:33 - 2018-06-27 20:53 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-10-12 19:31 - 2015-06-24 21:45 - 000000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000Core.job
2018-10-12 19:29 - 2015-06-19 21:19 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\dvdcss
2018-10-11 19:46 - 2015-12-31 18:30 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\deluge
2018-10-10 20:13 - 2014-07-06 18:37 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\Dropbox
2018-10-10 01:12 - 2016-12-01 03:27 - 000000000 ____D C:\Users\Jessica\Desktop\txt
2018-10-09 21:59 - 2016-01-29 23:48 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\discord
2018-10-09 02:57 - 2015-05-16 00:25 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-07 11:44 - 2014-09-20 16:56 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2018-09-27 22:23 - 2016-05-19 02:12 - 000004510 _____ C:\Users\Jessica\AppData\Roaming\CamStudio.cfg
2018-09-27 22:23 - 2016-05-19 02:12 - 000000408 _____ C:\Users\Jessica\AppData\Roaming\CamShapes.ini
2018-09-27 22:23 - 2016-05-19 02:12 - 000000408 _____ C:\Users\Jessica\AppData\Roaming\CamLayout.ini
2018-09-27 22:23 - 2016-05-19 02:12 - 000000105 _____ C:\Users\Jessica\AppData\Roaming\Camdata.ini
2018-09-26 03:15 - 2014-01-13 20:20 - 000122688 _____ C:\Users\Jessica\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-26 03:14 - 2009-07-14 00:45 - 000457808 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-22 19:18 - 2014-07-14 21:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-09-21 19:26 - 2015-06-24 21:45 - 000003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000UA
2018-09-21 19:26 - 2015-06-24 21:45 - 000003508 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000Core
2018-09-19 20:51 - 2015-05-16 00:25 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-18 14:56 - 2014-01-13 20:36 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-05-19 02:12 - 2018-09-27 22:23 - 000000105 _____ () C:\Users\Jessica\AppData\Roaming\Camdata.ini
2016-05-19 02:12 - 2018-09-27 22:23 - 000000408 _____ () C:\Users\Jessica\AppData\Roaming\CamLayout.ini
2016-05-19 02:12 - 2018-09-27 22:23 - 000000408 _____ () C:\Users\Jessica\AppData\Roaming\CamShapes.ini
2016-05-19 02:12 - 2018-09-27 22:23 - 000004510 _____ () C:\Users\Jessica\AppData\Roaming\CamStudio.cfg
2014-05-05 18:46 - 2014-05-19 15:34 - 000000770 _____ () C:\Users\Jessica\AppData\Roaming\Rim.Desktop.Exception.log
2014-05-01 00:14 - 2014-05-31 16:12 - 000003125 _____ () C:\Users\Jessica\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-05-05 18:46 - 2014-05-19 15:34 - 000000770 _____ () C:\Users\Jessica\AppData\Roaming\Rim.DesktopHelper.Exception.log
2018-05-11 23:26 - 2018-05-11 23:26 - 000003584 _____ () C:\Users\Jessica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-10 04:04 - 2017-02-10 04:04 - 000004096 ____H () C:\Users\Jessica\AppData\Local\keyfile3.drm
2017-08-27 23:12 - 2018-07-29 08:14 - 000000776 _____ () C:\Users\Jessica\AppData\Local\Nox_crash.log
2018-10-13 00:26 - 2018-10-13 00:26 - 000001195 _____ () C:\Users\Jessica\AppData\Local\recently-used.xbel
2016-03-27 20:55 - 2017-07-02 19:15 - 000007612 _____ () C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
2016-03-18 01:34 - 2016-03-18 01:34 - 000000003 _____ () C:\Users\Jessica\AppData\Local\updater.log
2016-03-18 01:35 - 2016-03-18 01:35 - 000000424 _____ () C:\Users\Jessica\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-10-13 15:51 - 2018-10-13 15:51 - 000040448 ____N () C:\Users\Jessica\AppData\Local\Temp\proxy_vole9060039708508482203.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ANIM.DLL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-13 10:41

==================== End of FRST.txt ============================

 

Addition.txt contents:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Jessica (13-10-2018 17:40:03)
Running from C:\Users\Jessica\Documents\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-14 00:06:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3437876216-2934815057-908750906-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3437876216-2934815057-908750906-1012 - Limited - Enabled)
Guest (S-1-5-21-3437876216-2934815057-908750906-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3437876216-2934815057-908750906-1003 - Limited - Enabled)
Jessica (S-1-5-21-3437876216-2934815057-908750906-1000 - Administrator - Enabled) => C:\Users\Jessica

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {B73BE81F-4345-B6C3-E5AB-80F647E9AA59}
FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{F1EF6C33-1EAF-489E-A344-2838ECC22D47}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{73A43153-E77E-45E6-A18F-E549F8EB5664}) (Version: 2.7.1.1 - Intel) Hidden
@BIOS B13.0703.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
—_“]¶IMAGINE (HKLM-x32\...\MEGAMITENSEI IMAGINE) (Version: 1.408 - )
4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.1.2070 - Open Media LLC)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
App Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.13.0703 - Gigabyte) Hidden
App Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.13.0703 - Gigabyte)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk 3ds Max 2014 (HKLM\...\{52B37EC7-D836-0409-0064-3C24BCED2010}) (Version: 16.0.420.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk)
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\{5AAB972C-FF31-4B01-8445-50C42860EC02}) (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk DirectConnect 2014 64-bit (HKLM\...\{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}) (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\{0BB716E0-1400-0610-0000-097DC2F354DF}) (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 19.0 - BullGuard Ltd.)
BUSB B13.0508.1 (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.00.0000 -  GIGABYTE)
CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{C0115E87-E731-48DC-B258-DB2AD494DC80}) (Version: 3.56.7933.1204 - Sony Interactive Entertainment Inc.)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dandelion - Wishes brought to you - Full version 1.93 (HKLM-x32\...\{3452BE99-43FF-4760-B779-D649E7C418C3}_is1) (Version: 1.93 - Cheritz)
Dell System Detect (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\73f463568823ebbe) (Version: 6.4.0.7 - Dell)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Digimon Masters (HKLM-x32\...\Digimon Masters) (Version:  - )
Discord (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Discord PTB (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\DiscordPTB) (Version: 0.0.43 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Download Master version 6.9.1.1517 (HKLM-x32\...\Download Master_is1) (Version: 6.9.1.1517 - WestByte)
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
eMule (HKLM-x32\...\eMule) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{CA3B6D8B-2437-4C7C-84A3-97AF21EDBE20}) (Version: 1.1.144.0 - Epic Games, Inc.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
EZSetupN B13.0628.1 (HKLM-x32\...\{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE) Hidden
EZSetupN B13.0628.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
FastImageResizer (remove only) (HKLM-x32\...\FastImageResizer) (Version:  - )
FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
FLV Downloader(xmlbar)(remove only) (HKLM-x32\...\Xmlbar FLVDownloader) (Version:  - )
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.6.2 - Graeme Gott)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Free GIF Maker (HKLM-x32\...\Free GIF Maker_is1) (Version: 1.3.48.831 - Digital Wave Ltd)
Free Studio version 6.5.2.525 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.2.525 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.2.3.913 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.2.3.913 - DVDVideoSoft Ltd.)
Free Video to JPG Converter (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.73.119 - DVDVideoSoft Ltd.)
GDMO (HKLM-x32\...\DMO_GSP) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro VR Player 2.0 (HKLM\...\GoPro VR Player 2.0) (Version: V2.0.0 - GoPro)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.3.72.0 (HKLM\...\PROSetDX) (Version: 18.3.72.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{29539bc2-b48e-4b56-93e8-420e38a6d551}) (Version: 2.7.1.1 - Intel)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
KeyHoleTV (HKLM-x32\...\KeyHoleTV) (Version:  - )
K-Lite Codec Pack 10.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
KOPLAYER Pro version: 1.4.1055 (HKLM\...\KOPLAYER_is1) (Version:  - KOPLAYER Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.51.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.51.3 - Hendrik Leppkes)
Leawo Blu-ray Player version  1.8.0.4 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.8.0.4 - leawo Software)
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1035 - Marvell)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Publisher 2013 - en-us (HKLM\...\PublisherRetail - en-us) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MilkShape 3D 1.8.4 (HKLM-x32\...\MilkShape 3D 1.8.4) (Version: 1.8.4 - chUmbaLum sOft)
Mobirise (HKLM-x32\...\Mobirise_is1) (Version:  - Mobirise.com)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.9.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.9.0 ESR (x86 en-US)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version:  - )
No Man's Sky (HKLM-x32\...\1446213994_is1) (Version: 2.0.0.2 - GOG.com)
No Man's Sky Pre-order DLC (HKLM-x32\...\2022706229_is1) (Version: 2.0.0.2 - GOG.com)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.1 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.7.2 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DD1865F0-AD73-40FB-B23E-1822E02396FF}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.4 - OBS Project)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
PDFsam Basic (HKLM-x32\...\{4E4EF242-7FF0-423E-99ED-C96305B840C0}) (Version: 3.0.10.0 - Andrea Vacondio)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
Qcma (HKLM\...\Qcma) (Version: 0.4.1 - codestation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
Seahorse (HKLM-x32\...\Seahorse) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shin Megami Tensei Imagine (HKLM-x32\...\55A28800-614C-47F2-A956-9D85A4E10922_is1) (Version: 1.678 - ATLUS ONLINE)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Smart Recovery 2 B13.0627.1  (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0001 - GIGABYTE)
Smart TimeLock B13.0508.1 (HKLM-x32\...\{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE) Hidden
Smart TimeLock B13.0508.1 (HKLM-x32\...\InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.24.9651 - SoftEther VPN Project)
Sothink Video Converter (HKLM-x32\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stitch (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Stitch) (Version:  - )
Stitch Screen Saver (HKLM-x32\...\Stitch) (Version:  - )
StudioTax 2013 (HKLM-x32\...\{A02B37F4-26DA-454A-9997-B006D3587102}) (Version: 9.1.9.2 - BHOK IT Consulting)
StudioTax 2014 (HKLM-x32\...\{B66FF49A-22D0-40C2-9E64-00325689850D}) (Version: 10.0.10.1 - BHOK IT Consulting)
StudioTax 2015 (HKLM-x32\...\{10DC0B0F-E7D6-4F37-9CF9-0A76A689AAB0}) (Version: 11.0.8.2 - BHOK IT Consulting)
StudioTax 2016 (HKLM-x32\...\{5A5A6614-A1B6-498B-8F4A-36D9C1A3FE35}) (Version: 12.0.10.1 - BHOK IT Consulting)
StudioTax 2017 (HKLM-x32\...\{E5FF3290-BB3F-471A-8BDA-96135C3B69A8}) (Version: 13.0.4.0 - BHOK IT Consulting)
Suite Specific (HKLM-x32\...\{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}) (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1264 - SUPERAntiSpyware.com)
System Ninja version 3.1.5 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.5 - SingularLabs)
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Lion King (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\The Lion King) (Version:  - )
TurboTax 2016 (HKLM-x32\...\{22573A7C-7F78-4C6E-931E-8E5E5BC03FCF}) (Version: 1.00.0000 - Intuit Canada)
TVPaint Animation 10 Pro v10.0.16 (HKLM-x32\...\TVPaint Animation 10 Pro v10.0.1610.0.16) (Version: 10.0.16 - Friends in War)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB to Serial Bridge Controller (HKLM-x32\...\{B39C475A-77A7-446D-B423-8051E976D910}) (Version: 1.30.232.01 - Alcor Micro) Hidden
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
Viva Pinata (HKLM-x32\...\{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Viva Piñata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (05/27/2016 4.3.12) (HKLM\...\94C2625000FDEC5DD549EADDF8698D48672C3037) (Version: 05/27/2016 4.3.12 - BigNox Corporation)
Windows Driver Package - Microsoft PS Vita Type B (02/22/2013 6.1.7600.16385) (HKLM\...\A0EC80B5719D4DA4CF40C9219D7CB9CCAD6DBA40) (Version: 02/22/2013 6.1.7600.16385 - Microsoft)
Windows Driver Package - Oracle Corporation (VBoxUSB) USB  (05/27/2016 4.3.12) (HKLM\...\9B8A57D7ECC2B5D3115B5A1361FAE29AC92E355B) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Windows Driver Package - Oracle Corporation VBoxUSBMon System  (05/27/2016 4.3.12) (HKLM\...\2B96D1320C797F081985B7C1EA9A2DABAC2644BF) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)
Zayay (HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\Zayay) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3437876216-2934815057-908750906-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-08] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-08] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-08] (BullGuard Ltd.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-05-17] ()
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> No File
ContextMenuHandlers1-x32-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2015-03-31] (e-merge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2015-03-31] (e-merge GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2018-10-08] (BullGuard Ltd.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3437876216-2934815057-908750906-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3437876216-2934815057-908750906-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3437876216-2934815057-908750906-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04130744-DE67-477E-B9A8-8A29174E6E13} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000UA => C:\Users\Jessica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {07B27350-9A32-4AF1-A68D-E4350131012C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {11EC1044-3C36-4BF5-B98D-A780352CF880} - System32\Tasks\{42CA11F1-5E34-4E7E-BD2E-4B6D00D30147} => C:\Windows\system32\pcalua.exe -a "I:\Desktop\PS CS2 - FREE LEGIT VERSION\CS_2.0_WWE_Extras_1.exe" -d "I:\Desktop\PS CS2 - FREE LEGIT VERSION"
Task: {16CF8CBA-EB78-44B5-94C2-E518E7EBE9E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {19907F56-CCC7-4263-8887-364509351849} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation)
Task: {1E63D69F-C661-4744-9593-8564A522848D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation)
Task: {25994DC6-9BB1-485B-B0BA-EA61BED83FC9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000Core => C:\Users\Jessica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {280E9850-998B-44BE-97CC-3063A0E59834} - System32\Tasks\{3B2D867A-9C17-4D4C-A9B3-6EA24AD38683} => C:\Windows\system32\pcalua.exe -a D:\setup\game\WebDriverFullInstall.exe -d D:\setup\game
Task: {3B61A0BF-EF13-48D8-8E1C-EA651F409FED} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation)
Task: {42E7140D-B64A-4B3A-A94C-925747334A66} - System32\Tasks\{4D660805-112A-477C-A243-67C5FEF213CC} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.154.259&LastError=404
Task: {45E2BAE9-6442-4289-A739-A3A0BC168584} - System32\Tasks\{CB33C997-4A50-43C5-9930-71A85FD471CF} => C:\Windows\system32\pcalua.exe -a K:\710_b042_multilanguage.exe -d K:\
Task: {4BFFFA9A-5AFC-4160-B45A-C1D9AD745C7B} - System32\Tasks\{A52150C3-FE13-40CE-A41C-CDA0052A757F} => C:\Windows\system32\pcalua.exe -a C:\Users\Jessica\Desktop\Delphi_8.msi\Delphi_8.msi\setup.exe -d C:\Users\Jessica\Desktop\Delphi_8.msi\Delphi_8.msi
Task: {4DA94056-896E-4395-8490-8154041E7871} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {4FEFC568-D22B-43DB-B0AD-F3A4372DA9AA} - System32\Tasks\{98F079E8-C752-44FC-81E5-726C6290A872} => C:\Windows\system32\pcalua.exe -a "K:\Jess Files\setup.exe" -d "K:\Jess Files"
Task: {54359138-54C0-4428-865B-35299119642E} - System32\Tasks\{EBCB2EFB-6739-4788-9ED0-24D629967537} => C:\Windows\system32\pcalua.exe -a K:\lela-3.11.9139.94.exe -d K:\
Task: {5BEA0286-A764-4BD7-87E9-659CC61CE30C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {63E53878-EC8A-4BDB-9198-0EE1F32611ED} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {68CE60E7-3D1E-4B13-B551-92371FCC8FB4} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {74D7C372-9C45-4792-8CDB-8EF1668BF9B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe [2018-10-13] (Adobe Systems Incorporated)
Task: {83737BEE-A6FE-4A6D-B2AC-673EDF30AEF5} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {8694A9CE-8D9B-4FBA-A555-163A6A533FD8} - System32\Tasks\{46A2B76B-4A77-4BAA-A0CE-5811482245A9} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsBing
Task: {95B678E6-7DD6-48DC-AA61-FE4B95F28F85} - System32\Tasks\{E819D6E1-B3A4-4DDE-BA8F-D0DD4D7D5AA2} => C:\Windows\system32\pcalua.exe -a "D:\PL-2303\AJZ232-Driver\AJZ232-Driver-RS232-AJZ232 COM Port\setup.exe" -d "D:\PL-2303\AJZ232-Driver\AJZ232-Driver-RS232-AJZ232 COM Port"
Task: {9AFD9509-CD80-4768-B985-4C54440FAA62} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2018-09-23] (Microsoft Corporation)
Task: {AB15D6BD-9F7F-4A46-B580-B99754CB53D6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {BB1D4E67-2A78-426B-B97E-5041CD0B7BC7} - System32\Tasks\{F60E62F5-24C2-4A99-A16B-2A6BC68906AD} => C:\Windows\system32\pcalua.exe -a D:\PL2507_Disk_Remove_Generic_1700.exe -d D:\
Task: {BCE5A0C4-A416-4DC8-8EDF-16C1913B6F32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BEF338B2-734C-49D0-A5D1-84E3AA74B20B} - System32\Tasks\{8A0B05CA-D07E-4186-9572-25E1F220F733} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.14.85.106/en/abandoninstall?page=tsMain
Task: {C13D499F-9ADA-4249-AB95-CC9AD4B6C6D0} - System32\Tasks\{47E15200-2265-4452-B2C0-0A3A6EB1CE86} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.154.259&LastError=12007
Task: {C988EAD2-029B-41C2-A068-C6F2A86A8F6C} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3437876216-2934815057-908750906-1000 -> No File <==== ATTENTION
Task: {D1780F15-8D43-47DA-9641-147AD8A7B4B8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {D88C9F33-FA55-4816-BD40-9053DCA90282} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2018-10-08] (BullGuard Ltd.)
Task: {E4A95F53-FE8E-4D1C-B0B7-124FF9C593B5} - System32\Tasks\{835B1186-CF53-4A1B-98E1-B35FCE9EECBD} => C:\Windows\system32\pcalua.exe -a "I:\Desktop\PS CS2 - FREE LEGIT VERSION\CreativeSuiteCS2Disc3.exe" -d "I:\Desktop\PS CS2 - FREE LEGIT VERSION"
Task: {E4DA854C-B63F-4413-B7C7-E14EC20D61F6} - System32\Tasks\{D6616701-57C1-49C0-9976-130ECF04F57E} => C:\Windows\system32\pcalua.exe -a "D:\USB Netlink cable 2.0\driver for win98_2k_xp\Setup.exe" -d "D:\USB Netlink cable 2.0\driver for win98_2k_xp"
Task: {EF461573-A568-4FC4-8035-16DCC155943E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-10-01] (Microsoft Corporation)
Task: {F0CF0714-8C9D-4474-B3F1-2E7565F2985D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation)
Task: {F161D393-0417-4531-B843-ABA58D97FC19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2018-09-23] (Microsoft Corporation)
Task: {F3876F1F-23D4-4F3A-B9F1-3E5FBE8BF0BE} - System32\Tasks\{5D37AA13-57EA-4108-B1D4-D487071C99F0} => C:\Windows\system32\pcalua.exe -a "K:\PS CS2\Adobe Creative Suite 2.0\Setup.exe" -d "K:\PS CS2\Adobe Creative Suite 2.0"
Task: {FB44DA4E-7C32-4568-B91E-7D110033D4FD} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3437876216-2934815057-908750906-1000 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000Core.job => C:\Users\Jessica\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3437876216-2934815057-908750906-1000UA.job => C:\Users\Jessica\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Forum.lnk -> hxxp://www.chumba.ch/chumbalum-soft/forum
Shortcut: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Homepage.lnk -> hxxp://www.milkshape3d.com
Shortcut: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Order Online.lnk -> hxxp://www.milkshape3d.com/ms3d/register.htm

ShortcutWithArgument: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MoveGames\DMO_GSP\GameKing.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://dmo.gameking.com

==================== Loaded Modules (Whitelisted) ==============

2018-10-12 08:33 - 2018-10-08 04:25 - 000724840 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2018-10-12 08:33 - 2018-10-08 04:25 - 000088936 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2018-10-12 08:33 - 2018-10-08 04:25 - 000527208 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2018-10-12 08:33 - 2018-10-08 04:25 - 000073064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2014-09-20 23:10 - 2014-05-04 10:02 - 001232880 _____ () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
2017-03-02 17:30 - 2017-07-26 13:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-09-22 19:15 - 2012-10-01 17:34 - 000373360 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2018-09-22 19:15 - 2012-10-01 17:31 - 000495216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2016-11-17 23:05 - 2016-11-17 23:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-09-22 19:20 - 2018-09-23 00:18 - 006522480 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-08-03 11:45 - 2016-08-03 11:45 - 000052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-01-13 20:24 - 2017-01-24 21:15 - 000102904 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-10-04 17:22 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-10-04 17:22 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-02 17:24 - 2016-11-17 23:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-03-02 17:24 - 2016-11-17 23:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-03-02 17:24 - 2016-11-17 23:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-03-02 17:24 - 2016-11-17 23:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-03-02 17:24 - 2016-11-17 23:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-03-02 17:24 - 2016-11-17 23:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-03-02 17:24 - 2016-11-17 23:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-03-02 17:24 - 2016-11-17 23:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-03-02 17:24 - 2016-11-17 23:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-03-02 17:24 - 2016-11-17 23:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-03-02 17:24 - 2016-11-17 23:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-03-02 17:24 - 2016-11-17 23:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-03-02 17:24 - 2016-11-17 23:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-03-02 17:24 - 2016-11-17 23:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2015-06-28 14:53 - 2017-03-22 11:31 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-06-28 14:53 - 2017-03-22 11:31 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-06-28 14:53 - 2017-03-22 11:31 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-06-28 14:53 - 2017-03-22 11:31 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2018-05-01 13:03 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-10-10 20:10 - 2018-10-09 07:53 - 001140552 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-10-10 20:10 - 2018-10-09 07:53 - 002247496 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-10-10 20:13 - 2018-10-09 07:58 - 000023376 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:55 - 000025456 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000142312 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:56 - 001953640 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:56 - 000025960 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:53 - 000117720 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-10-10 20:13 - 2018-10-09 07:53 - 000109024 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:56 - 000083784 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:53 - 000418264 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-10-10 20:13 - 2018-10-09 07:53 - 000027616 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000049128 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000074072 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000131552 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:55 - 000025944 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000026600 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000182752 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000027616 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000118760 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000401752 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000028640 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000034664 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:53 - 000023704 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000053736 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000064992 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000059744 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000068968 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000028520 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:55 - 000027488 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000032408 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000156504 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000092488 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 001778000 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000518992 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000052056 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 001929552 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:57 - 003821392 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000044888 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000132944 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000218456 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000205656 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000061408 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000051552 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000027624 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000033632 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000028008 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000025960 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000025448 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000025960 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:56 - 000031600 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:53 - 000486880 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000029040 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000029024 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:53 - 000036312 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\librsync.dll
2018-10-10 20:13 - 2018-10-09 07:58 - 000025960 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-10-10 20:10 - 2018-10-09 07:56 - 000433992 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-10-10 20:13 - 2018-10-09 07:58 - 000035680 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000025920 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-10-10 20:12 - 2018-10-09 07:56 - 001592128 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-10-10 20:12 - 2018-10-09 07:57 - 000102736 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000028520 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-10-10 20:13 - 2018-10-09 07:58 - 000029544 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000530768 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000348496 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd
2018-10-10 20:12 - 2018-10-09 07:56 - 000037200 _____ () C:\Users\Jessica\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.cp35-win32.pyd
2018-05-01 13:03 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-05-01 13:03 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Jessica\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-01-12 00:00 - 2017-07-21 10:26 - 000518144 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2017-03-02 17:30 - 2017-07-26 13:08 - 069820864 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-03-02 17:30 - 2017-07-26 13:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-03 20:52 - 2018-08-30 19:40 - 011321176 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-05-03 20:52 - 2018-09-15 12:55 - 001615704 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-05-03 20:52 - 2018-05-03 20:52 - 000512856 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-05-03 20:52 - 2018-08-10 21:13 - 001641304 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-10-03 08:46 - 2018-10-10 23:10 - 009621848 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_cloudsync\discord_cloudsync.node
2018-05-03 20:52 - 2018-09-21 20:21 - 001743704 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-05-03 20:52 - 2018-05-03 20:52 - 002722648 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-08-10 21:13 - 2018-10-05 15:24 - 001253720 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
2018-08-10 21:13 - 2018-10-13 17:08 - 024909144 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
2018-05-03 20:53 - 2018-05-03 20:53 - 002760536 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-05-03 20:54 - 2018-05-03 20:54 - 001249112 _____ () \\?\C:\Users\Jessica\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Jessica\Desktop\13086666_571917876310010_8108560543547551143_o2.jpg:com.dropbox.attributes [418]
AlternateDataStreams: C:\Users\Jessica\Desktop\20170213_190115_1600x900.jpg:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\msn.com -> g.msn.com
IE restricted site: HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\skype.com -> apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3437876216-2934815057-908750906-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.151.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E2A845EF-A8EF-4812-8F16-081B849C1EF2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{45F277FE-6609-4104-9380-A61B620F5E26}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6B1992F0-E58B-4043-9A5B-0755C87E73E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1C6090C3-1671-4883-A58F-E30C414DDC99}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{978BD37E-6AFE-4DDB-8FAA-CC06D67033A4}] => (Allow) K:\SteamLibrary\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{5AA4C8CB-E39B-4534-A6B1-A61B487D2321}] => (Allow) K:\SteamLibrary\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{0DA09797-2F32-4431-94FD-8686B3ACBB9B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{EA1914A0-E788-488C-BA93-4503F2765743}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{57E5A8EE-4387-4CF9-83C9-79E428822EEE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{C9E59CE1-58EF-4004-B8C6-ECFB624A5E8B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{174580EC-5508-4EF8-84FF-7C03D7CD7416}] => (Allow) C:\Users\Jessica\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CA515A1-A580-43C1-A714-FF8767CC4B95}] => (Allow) C:\Users\Jessica\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{A5B4114B-AB68-4C5D-8261-2742BD7B0929}C:\users\jessica\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jessica\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6E04707B-9F0C-493C-B934-1B2570C17ECD}C:\users\jessica\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jessica\appdata\local\akamai\netsession_win.exe
FirewallRules: [{3C73C88E-3CF2-4850-9E1D-E1D78CBDC274}] => (Allow) LPort=67
FirewallRules: [{E6371BBA-3DAA-4ED9-9427-56C5C7CE09A8}] => (Allow) LPort=67
FirewallRules: [{CE5EEDD0-8500-4D07-B512-2E5BF003A3B9}] => (Allow) K:\SteamLibrary\SteamApps\common\Divinity Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{C91B6A75-EEBB-4AFE-85BC-459AE2968429}] => (Allow) K:\SteamLibrary\SteamApps\common\Divinity Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{11D10C02-9CD0-4FFB-B878-362C25897266}] => (Allow) K:\SteamLibrary\SteamApps\common\Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{6E8F5D0D-CDE0-4F75-9C1B-705A4AFB03C2}] => (Allow) K:\SteamLibrary\SteamApps\common\Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{15E2F65C-669B-4794-A794-FF8536420771}] => (Allow) C:\Users\Jessica\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{72B15031-BD8F-44BE-8CA5-9CC8CEFD741B}] => (Allow) C:\Users\Jessica\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9155B692-1B7F-40A0-BE8F-C33C6574DB93}] => (Allow) K:\SteamLibrary\SteamApps\common\Ys Origin\yso_win.exe
FirewallRules: [{7CB08027-5EFE-4964-9322-075F6917164D}] => (Allow) K:\SteamLibrary\SteamApps\common\Ys Origin\yso_win.exe
FirewallRules: [{C3DDE393-4347-4A59-9888-ACD0C9F507A3}] => (Allow) K:\SteamLibrary\SteamApps\common\Ys Origin\config.exe
FirewallRules: [{FB00CB7C-996D-4BB2-B9BC-07794A0C2B33}] => (Allow) K:\SteamLibrary\SteamApps\common\Ys Origin\config.exe
FirewallRules: [{022AF185-744C-45CC-BC3D-9AD734C0E79A}] => (Allow) K:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{8C090551-0BF2-4BAE-BD93-C58B98D5FF4B}] => (Allow) K:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DAEA299F-E26F-4D58-AC2F-0A9FA4CBF97D}] => (Allow) C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E9536044-0364-4DB3-9957-C77BA691DCB4}] => (Allow) C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5C6908D5-7D33-498D-A9C4-BC59CA4EFA8A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{405132C0-BF44-467F-8428-1FEB76887959}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{6DB59E5E-B329-4339-A74A-26E570C28060}D:\jre\bin\tnameserv.exe] => (Allow) D:\jre\bin\tnameserv.exe
FirewallRules: [UDP Query User{FE19F927-CD17-4840-BE33-6B2C467F9D15}D:\jre\bin\tnameserv.exe] => (Allow) D:\jre\bin\tnameserv.exe
FirewallRules: [{9C83ED8C-F339-45DA-A83A-B02CF11B8AF3}] => (Allow) K:\SteamLibrary\SteamApps\common\Monster Loves You!\MonsterLovesYou.exe
FirewallRules: [{6D81E073-1050-4785-A410-DF70ABBA1131}] => (Allow) K:\SteamLibrary\SteamApps\common\Monster Loves You!\MonsterLovesYou.exe
FirewallRules: [{F183CE13-B7B5-4754-8D33-1DC35D7DDD4D}] => (Allow) K:\SteamLibrary\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{053D3AB3-BCEB-4AA1-A0E9-E37CC339D59C}] => (Allow) K:\SteamLibrary\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{A40CB6B1-3946-45BE-B36F-90C9E930AD54}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord\Overlord.exe
FirewallRules: [{70E32295-47C5-403C-B8A6-D282C53C5769}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord\Overlord.exe
FirewallRules: [{1309B709-DFC0-490B-8DB0-AE531856B9FF}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord\Config.exe
FirewallRules: [{EDC2C019-334C-47FD-B207-86B3BC818F55}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord\Config.exe
FirewallRules: [{7FD05BA5-3388-4DF7-94AB-942C91A8A669}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord II\Overlord2.exe
FirewallRules: [{6EC19710-7635-4898-B77F-3CB4CA4D0795}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord II\Overlord2.exe
FirewallRules: [{DA7F8C19-C56F-46F5-B58A-60EA85AA5C05}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord II\Config.exe
FirewallRules: [{9522381A-2849-4208-8254-825438896AB5}] => (Allow) K:\SteamLibrary\SteamApps\common\Overlord II\Config.exe
FirewallRules: [TCP Query User{52AA905A-43C1-4351-A58F-9536AC6D9417}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{02B8440F-DBF8-4BAC-B5B4-1D679AC37D02}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{4757D66B-53DC-4B9B-AEA7-EA6DFD5BAFF7}C:\users\jessica\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jessica\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8F454320-C1D5-4637-AF65-09EC67CCD2CC}C:\users\jessica\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jessica\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{D8DC5981-442F-47CE-933A-E80EBB547ACA}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [UDP Query User{1A516262-3395-4C9C-B24A-5EFB09400ABB}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [{273B13F5-03FC-461A-BE46-E7A48725A5E4}] => (Allow) K:\Battle.net\Battle.net.exe
FirewallRules: [{70AB4CE3-97CE-4D21-B16F-573CCF0897DE}] => (Allow) K:\Battle.net\Battle.net.exe
FirewallRules: [{9CF8B2E4-6A8E-4A04-B9D9-34C6707A4F72}] => (Allow) K:\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [{BF3AE2B7-B41A-4E35-A809-2E851DF454EF}] => (Allow) K:\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [{9911FFAD-C688-4962-A96C-898DC2307F63}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBAEE240-043D-4035-B8EC-DD20DB73D013}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4CAB145-E43B-4602-9EC0-2D18BDA9E4C4}] => (Allow) K:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{FCCA15C2-DCA4-4D22-9DB6-B6B2382FBC9A}] => (Allow) K:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{5F5EA693-13AC-4587-BC3F-74EAAC57166A}] => (Allow) K:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{C38DF94D-B7DF-473C-927A-4F5A2C44C9CF}] => (Allow) K:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{C3EC4B94-F353-4FDD-B8CE-66CF87ECF0FB}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{387FA760-6E70-4E32-B9EA-BD1633514363}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{A600DEE0-6788-46E5-B65E-77E55D29F9F6}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{8F0D8313-7C97-4C7D-ADCA-A7314317AF37}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{0881718C-A6AB-4210-9375-F625EBDA93E0}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{BB00FB8C-F120-4FB0-8656-A3F4A8027B4B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{C684676E-67F5-43C0-BA9A-BF48BE6C19AB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{11244036-05F1-4BD2-A07B-22E0F3085488}] => (Allow) LPort=2869
FirewallRules: [{5B87BC58-CE06-4806-97B5-90190DFAE4BA}] => (Allow) LPort=1900
FirewallRules: [{556361F9-29A9-4419-BF65-06DC2DE5A9CB}] => (Allow) K:\SteamLibrary\SteamApps\common\Dandelion - Wishes brought to you -\Dandelion - Wishes brought to you - Full.exe
FirewallRules: [{3DDD6293-900F-466F-AE72-0AB8A02691DB}] => (Allow) K:\SteamLibrary\SteamApps\common\Dandelion - Wishes brought to you -\Dandelion - Wishes brought to you - Full.exe
FirewallRules: [TCP Query User{BC478760-22E9-4E71-9690-D7D4B21B20F4}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [UDP Query User{E325B89B-7D43-41FF-B7B4-080651A59D5F}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [{54296263-C110-43C7-98EE-A8E17046DB63}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7773F63B-F800-48C5-BB61-E103F2F6491D}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{43AA96DA-17B4-498D-B3B4-EF9534B712A5}] => (Allow) K:\Viva Pinata\Viva Pinata.exe
FirewallRules: [{263A4249-F674-4D57-919F-0212F3A210F5}] => (Allow) K:\Viva Pinata\Viva Pinata.exe
FirewallRules: [TCP Query User{D3644E35-70A3-4DD4-9310-D3712665E678}C:\program files (x86)\viva pinata\viva pinata.exe] => (Allow) C:\program files (x86)\viva pinata\viva pinata.exe
FirewallRules: [UDP Query User{4F949AF2-B486-4F9C-BDC9-5EBF4A12559C}C:\program files (x86)\viva pinata\viva pinata.exe] => (Allow) C:\program files (x86)\viva pinata\viva pinata.exe
FirewallRules: [{D09284DB-47FA-4577-AE16-31BBA760A18E}] => (Allow) K:\SteamLibrary\SteamApps\common\Amnesia\amnesia.exe
FirewallRules: [{79830F2F-CCE4-47A0-A2F9-71D62A4565B6}] => (Allow) K:\SteamLibrary\SteamApps\common\Amnesia\amnesia.exe
FirewallRules: [TCP Query User{7BCC4B88-8620-4EBC-8237-3D96F39C02D4}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{555203E6-6A9F-4CC4-8D83-A916A34334DC}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{A48BC674-2D8A-4103-B51A-6228A35FF323}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{59F82300-A340-43AF-A08C-2D1FB1AB4F5E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{AC120225-12F3-4998-8C06-B79F869796CF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D43E08A8-BDE9-456A-9757-E30E382F600B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{8BA4A635-4031-4EB2-8746-C3B6448F130B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{EDB16F15-1B2A-444A-913B-4FB2C72DC897}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{45520BF3-FC71-4EFB-A64E-005A4F4A3206}C:\users\jessica\documents\downloads\rtmpdumphelper121\rtmpsuck.exe] => (Allow) C:\users\jessica\documents\downloads\rtmpdumphelper121\rtmpsuck.exe
FirewallRules: [UDP Query User{3FAF22DA-DF2D-4E58-A78E-BBA9CFEAC170}C:\users\jessica\documents\downloads\rtmpdumphelper121\rtmpsuck.exe] => (Allow) C:\users\jessica\documents\downloads\rtmpdumphelper121\rtmpsuck.exe
FirewallRules: [TCP Query User{5229233F-0725-4282-91B9-DBAC74D0F1EE}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{7B0DAC25-2768-4C43-9201-4A4B68B33D19}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{4250DBEB-B7E3-4ED0-B2CC-B55B74B9B8C1}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{CE2838C7-FB5F-472F-9034-2CA98B0BFBC1}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{D8EBE66B-8CE7-40FF-B917-420CEF685993}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D8D1CCA8-10F3-4A5B-BDF9-4CB5820EAB38}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C12B43D8-6CB8-4C4C-BDAD-2BD578C94DFE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{9850C33C-89DE-4F2E-A889-FB6E8CCCF8B3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B96CD4D6-2D9C-4930-8344-BDA39E123FC6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B8872B99-EC61-4671-8077-D215CA497B09}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A67BDA4D-6DE2-44C8-80AA-1E48F685BC30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{78D52138-286B-4A4C-97A6-8A96A67F605A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{113FCF50-2603-4144-9A94-7EA48B21C121}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FA47911-CDC5-4308-93A9-A1390BC1A789}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E460FD26-F8A4-4BBB-9E89-00B7830A2454}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{8B4E8BAB-BA64-4088-92A5-4A32CD4ED112}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{1868F4D9-F62B-45EA-A887-B134F066DD41}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{E77AB6AD-D512-4E6B-A5FE-2DB87C439F9F}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{F64C0CC5-26C7-4BF5-925F-46EC85532E60}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{6A5EBE8C-4AC4-4E80-8E81-D04C68F3736C}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [TCP Query User{33F65869-FA3C-4830-B2A3-3D5937B1B604}C:\program files (x86)\emuletorrent\emuletorrent.exe] => (Allow) C:\program files (x86)\emuletorrent\emuletorrent.exe
FirewallRules: [UDP Query User{EEA0A9EC-F822-47EF-83FF-E8C9A9DAE9D3}C:\program files (x86)\emuletorrent\emuletorrent.exe] => (Allow) C:\program files (x86)\emuletorrent\emuletorrent.exe
FirewallRules: [TCP Query User{E3E2E030-A08E-4FEC-AA64-6FB8FBDA878C}K:\project icarus online\bin64\launcher.exe] => (Allow) K:\project icarus online\bin64\launcher.exe
FirewallRules: [UDP Query User{8D6F31FF-A84D-4443-A593-5A898B29E8FC}K:\project icarus online\bin64\launcher.exe] => (Allow) K:\project icarus online\bin64\launcher.exe
FirewallRules: [TCP Query User{00274109-3839-4752-BBF7-D08CBBD2B6B5}C:\program files (x86)\keyholetv\keyholetv.exe] => (Allow) C:\program files (x86)\keyholetv\keyholetv.exe
FirewallRules: [UDP Query User{FD3D99A1-3DEA-4B70-9CE1-6C92B6CE01EA}C:\program files (x86)\keyholetv\keyholetv.exe] => (Allow) C:\program files (x86)\keyholetv\keyholetv.exe
FirewallRules: [{727AA830-6D2C-447B-94C3-5DA3E740997F}] => (Allow) K:\SteamLibrary\SteamApps\common\YookaLayleeToybox\Toybox64.exe
FirewallRules: [{0C959FF9-B9C5-441F-8638-68FDBB1810BA}] => (Allow) K:\SteamLibrary\SteamApps\common\YookaLayleeToybox\Toybox64.exe
FirewallRules: [{48BACB42-04F4-4BD2-8FB4-19F0C1A8709D}] => (Allow) K:\SteamLibrary\SteamApps\common\Rodina\Rodina_SteamDemo.exe
FirewallRules: [{C93993B5-C7CE-416C-8401-F43CC13FFAE8}] => (Allow) K:\SteamLibrary\SteamApps\common\Rodina\Rodina_SteamDemo.exe
FirewallRules: [{B3A9F62E-27F9-4EF0-AED8-2B8E1BD99BDF}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{247CC1FA-FAD4-414C-9015-12BAD7AF4F67}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{4C524163-36DC-49DB-BA40-3249C4D3E873}] => (Allow) K:\SteamLibrary\SteamApps\common\In Case of Emergency, Release Raptor\ReleaseRaptor.exe
FirewallRules: [{6ED39F27-6CCC-482E-8AC5-66709BC8AF2D}] => (Allow) K:\SteamLibrary\SteamApps\common\In Case of Emergency, Release Raptor\ReleaseRaptor.exe
FirewallRules: [TCP Query User{A263AAA0-B1B5-4A4B-BC41-7C1AC634D339}C:\users\jessica\desktop\qcma\qcma.exe] => (Allow) C:\users\jessica\desktop\qcma\qcma.exe
FirewallRules: [UDP Query User{0ACD149E-08EB-4962-9DA0-88F6D8482A05}C:\users\jessica\desktop\qcma\qcma.exe] => (Allow) C:\users\jessica\desktop\qcma\qcma.exe
FirewallRules: [{CBB42336-1FC6-48F2-93DE-6230962DE050}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2EB9E6F3-EF76-46F7-ADA5-3C66A7B681D5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{93903E77-E17A-4946-9BAD-08BCF3EFEF7D}] => (Allow) C:\Users\Jessica\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{00436CCA-151E-47C7-8928-1F09C10961F6}] => (Allow) C:\Users\Jessica\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{6B8D0A31-65E5-49C6-9EFA-19FD8D95F585}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{5A1EC800-8908-4D87-ABBE-6F361E6FCB4E}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{7C8B694A-74AA-4936-9CCD-26B2BBD60C18}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{AFCB6A38-53EF-45AF-8BE8-851281272668}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{AC9E3B34-4E6E-4935-A250-0091C47BBE9A}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{DF52FE85-9B8B-49A6-A12C-DFE45F5EB2B5}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{FC0B00C1-E6C9-47E2-BFD4-7550B060CD35}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{2D81D2BF-3E7E-4F55-8F17-EF945B54F8A7}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{607968E2-9E07-4177-BFAE-0584C8DBEED7}] => (Allow) C:\Users\Jessica\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{374638A9-02F4-47D0-888D-DA4F94C27C7C}] => (Allow) C:\Users\Jessica\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{06E63251-1EF5-4B44-BB9C-F9C01F2142A9}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{15F55542-541F-44D8-B7F1-8DE52EB5E4CE}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{CDA17218-ACB8-4BBC-BA70-58A6F631C8C1}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{D4313CBA-4C62-4D95-B965-C5CD5C4C9A3F}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{0D3A777F-6B7B-4BC3-9249-F78424BEFA6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{AB6021E2-04B5-4E03-8208-8B2E6C6C9EF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2606E235-8AD3-437E-9D2F-A6B63B044A44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A64B919-3F5E-4DE9-8C52-06DBC0058333}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71A5FE94-3487-4BF1-B3E6-4201A1126222}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{CDD75786-A912-46FD-9C17-B44E26FA1D73}K:\andy_43e_x64_2\andy\x64\andy.exe] => (Allow) K:\andy_43e_x64_2\andy\x64\andy.exe
FirewallRules: [UDP Query User{E93D01E4-8C54-408A-9BBE-2D0BAD31C344}K:\andy_43e_x64_2\andy\x64\andy.exe] => (Allow) K:\andy_43e_x64_2\andy\x64\andy.exe
FirewallRules: [{7AC8F069-620E-49B1-8C75-943437B48B60}] => (Block) K:\andy_43e_x64_2\andy\x64\andy.exe
FirewallRules: [{E4552C58-629D-44B2-80C0-1DB6CC1BF563}] => (Block) K:\andy_43e_x64_2\andy\x64\andy.exe
FirewallRules: [{15F8B74E-FE2F-4AD5-9844-D00864EDA6E9}] => (Allow) K:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{3BF017A0-FDCE-46FB-84CE-A15C026A0B24}] => (Allow) K:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{8F9951DF-D319-4DED-AD12-738A41CB03A1}] => (Allow) K:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{72A0ACAB-1810-4EEA-81BA-D2B55B33859D}] => (Allow) K:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{C4DE4AE6-07BC-4CA5-8781-B1FBED74356C}] => (Allow) K:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{DBF508AA-D15E-4E0D-A8FD-2F720AFAD12F}] => (Allow) K:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{12965848-096E-44A3-ACA6-158AA4192691}] => (Allow) K:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{E7785B71-7447-4B66-B932-FBD2E05F7650}] => (Allow) K:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{34394121-C5DE-4BCA-A9A1-F3AAEAF1468A}] => (Allow) K:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{0D82C0B1-F0AF-405E-AD1D-CF521A24EFE8}] => (Allow) K:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{A8110E8F-92F9-4469-B985-1812E5C0FF4F}] => (Allow) K:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{0CAA9E6E-6407-46D7-B694-49BB0CC1F3E6}] => (Allow) K:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{D68B987B-540B-458A-8CEC-DB17E56B60D4}] => (Allow) K:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{F15E5BA8-6C8C-4E72-9014-DE3EFF23B881}] => (Allow) K:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{C78A6B14-BE97-4C78-9141-D4594EDE3CFD}] => (Allow) K:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{8992C751-F552-4FDE-AD19-744CFBDC7F1B}] => (Allow) K:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{312EA18E-ABCC-4964-8BCC-D830ECAC4B9A}] => (Allow) K:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{CB075380-FFE2-439D-BBD3-29752D83B828}] => (Allow) K:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{E8E2DE07-7AE1-4CFA-901E-75E64849084C}] => (Allow) K:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{11402052-D40D-4407-BA03-7355ACDE2797}] => (Allow) K:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{FD5C2E42-820C-46A6-BC2F-2131FB48C82F}] => (Allow) K:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{619956F0-8CCD-4999-90D2-0A3C4A099E2D}] => (Allow) K:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{7CF006CE-B9E7-4709-897E-8E7C295D0B20}] => (Allow) K:\SteamLibrary\SteamApps\common\YookaLaylee\YookaLaylee64.exe
FirewallRules: [{32080760-3D1B-4F5E-84D7-D2CF013393B0}] => (Allow) K:\SteamLibrary\SteamApps\common\YookaLaylee\YookaLaylee64.exe
FirewallRules: [{43352E6E-A766-4CA8-86D5-1E4F9206B117}] => (Allow) K:\SteamLibrary\SteamApps\common\Dungeons2\Dungeons2.exe
FirewallRules: [{E567AD67-067A-4F74-BF13-EA6711A6064B}] => (Allow) K:\SteamLibrary\SteamApps\common\Dungeons2\Dungeons2.exe
FirewallRules: [{6E136098-A32A-44D7-B823-A9A96697CA19}] => (Allow) K:\SteamLibrary\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{087227CB-E62F-45FC-8787-34726E80B781}] => (Allow) K:\SteamLibrary\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{AB26BBBB-1E8B-452F-B6ED-25111428EC21}] => (Allow) K:\SteamLibrary\SteamApps\common\ABZU\AbzuGame.exe
FirewallRules: [{BE0B5A11-2A19-4B32-8416-476992F0B7F5}] => (Allow) K:\SteamLibrary\SteamApps\common\ABZU\AbzuGame.exe
FirewallRules: [{011B5061-7D76-4D48-9430-56A8BFC56BC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{43641C61-DCED-49C1-9141-A2CDDCCB7B77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D50B5018-492F-444F-8576-62B3CBE48A8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1C3CBD9F-0327-4F39-BAFC-9B071AB851B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09331190-9381-497C-92E0-C25D346F09AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DC053FBE-042D-4174-BC25-1C53FAAACCE1}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{33F2E2B2-211C-4D60-AB3F-FEE7072689E4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{6E42B7D6-FA21-4151-A775-067C7465B20F}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{5FD50786-9062-466C-9BCF-E0D47942FDAA}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{6141C090-56C1-428F-AD56-42E8C6A2E7A9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{FD6115A1-6A4A-4056-A8A4-6D73C0645D67}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{56434DA3-A52D-4441-9573-CE5285EF01BF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{4F5D5A60-315C-4F71-8696-FC717DC8C7D9}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{5D32E64B-98BD-4163-97DE-7B5CF4267E8B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{DFB27C5C-BA50-4F8B-BB11-4844CD0DB240}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{6936369F-AC6D-47B8-ACDF-D3C8291240FE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{3D292ABC-4685-40CF-82E2-D788B304A8E1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{076090F2-5985-46D6-9A30-905850EF8440}] => (Allow) K:\SteamLibrary\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{A2ADBADC-79A0-4815-921C-105CD2E41421}] => (Allow) K:\SteamLibrary\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [TCP Query User{900B993C-2932-4F84-9B51-5CAAAD2EBDE5}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{80B46653-63A9-42AB-A9DC-C43766BDA44F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{CD2C4FE2-ACB8-4A78-A932-2C4B3F98338F}K:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{941329E2-7543-41A1-93A0-FB62AD248691}K:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) K:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{17E0E626-941B-4988-84DF-979832FC4686}K:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{1CF62315-8E08-45AF-A4AB-B0191634D696}K:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) K:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{CD347A27-93BB-49D7-BE56-C10227B50475}K:\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe] => (Allow) K:\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{6902536B-ED43-449B-9372-70EB529012CC}K:\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe] => (Allow) K:\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe
FirewallRules: [{425DFBD9-4AAA-43DA-BEA1-844F57387037}] => (Allow) K:\Nox\Nox\bin\Nox.exe
FirewallRules: [{D5437DE3-A105-43CB-B9F6-66CEB954E616}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [TCP Query User{450E28FA-2328-4A1A-85BB-2756CA1F4AFD}C:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2ACF988E-2064-4119-B94E-EB40144C31F9}C:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1B820EBF-A540-4CC4-8CD1-BC46AC57D92B}] => (Allow) LPort=49200
FirewallRules: [{791DE19D-DE92-4045-A70E-861CE9783BC6}] => (Allow) LPort=5000
FirewallRules: [{EFC17671-1764-419A-9EC4-4ECF61EE3308}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FD28A344-BAAF-481F-AD2C-250EA5689212}] => (Allow) LPort=57287
FirewallRules: [{B5E58EE3-366B-41FF-B314-C0A8CDABA1D3}] => (Allow) LPort=5000
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

13-10-2018 01:16:27 Installed Rapport
13-10-2018 15:37:14 JRT Pre-Junkware Removal
13-10-2018 16:00:14 Removed HP Deskjet 1050 J410 series Basic Device Software
13-10-2018 17:13:03 Removed Rapport

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2018 03:29:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000005
Fault offset: 0x000000000001f177
Faulting process id: 0xc78
Faulting application start time: 0x01d462b3de93a5d0
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report Id: 4c331ccc-cf1e-11e8-a2e2-94de80af3605

Error: (10/13/2018 04:10:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "k:\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/12/2018 03:03:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "k:\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/11/2018 04:03:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "k:\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/10/2018 03:53:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "k:\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/09/2018 04:01:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "k:\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/08/2018 04:00:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "k:\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/07/2018 03:50:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "k:\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/13/2018 05:27:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:26:38 PM on ‎13/‎10/‎2018 was unexpected.

Error: (10/13/2018 05:20:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/13/2018 05:20:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (10/13/2018 05:20:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/13/2018 05:20:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/13/2018 05:20:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/13/2018 05:20:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/13/2018 05:20:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 55%
Total physical RAM: 8075.23 MB
Available physical RAM: 3597.7 MB
Total Virtual: 16148.64 MB
Available Virtual: 11552.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:49.27 GB) NTFS
Drive d: (513024_POLAR) (CDROM) (Total:1.17 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:14.76 GB) (Free:12.4 GB) FAT32
Drive k: (Local HDD) (Fixed) (Total:931.51 GB) (Free:448.06 GB) NTFS

\\?\Volume{32d22244-7caf-11e3-91a3-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 34313029)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 10682292)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Protective MBR) (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Fandramon

Fandramon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 AM

Posted 13 October 2018 - 04:55 PM

Here's the file that didn't seem to go through the first time.

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:43 AM

Posted 14 October 2018 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
CHR Extension: (Flash Video Downloader) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-23]
CHR Extension: (minerBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2018-10-13]
CHR Extension: (uBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-10-13]
CHR HKLM-x32\...\Chrome\Extension: [gbjeiekahklbgbfccohipinhgaadijad] - hxxp://clients2.google.com/service/update2/crx
S3 mdf16; \??\C:\Users\Jessica\AppData\Local\Temp\mdf16.sys [X] <==== ATTENTION
S3 mvd23; \??\C:\Users\Jessica\AppData\Local\Temp\mvd23.sys [X] <==== ATTENTION

HKU\S-1-5-21-3437876216-2934815057-908750906-1000\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
Task: {42E7140D-B64A-4B3A-A94C-925747334A66} - System32\Tasks\{4D660805-112A-477C-A243-67C5FEF213CC} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.154.259&LastError=404
Task: {C988EAD2-029B-41C2-A068-C6F2A86A8F6C} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3437876216-2934815057-908750906-1000 -> No File <==== ATTENTION
Task: {FB44DA4E-7C32-4568-B91E-7D110033D4FD} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3437876216-2934815057-908750906-1000 -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Jessica\Desktop\13086666_571917876310010_8108560543547551143_o2.jpg:com.dropbox.attributes [418]
AlternateDataStreams: C:\Users\Jessica\Desktop\20170213_190115_1600x900.jpg:com.dropbox.attributes [168]

C:\Windows\SysWOW64\ANIM.DLL

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Chrome - Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
<<<>>>

Restart the compugter and let me know if the problem persists.

p.s.
If the problem persists, it could be a Sync issue?

Are you Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Do not reset the sync just yet. Wait until all is fine.
<<<>>>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users