Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome adware redirecting, links and ads.


  • This topic is locked This topic is locked
44 replies to this topic

#1 jdog31804

jdog31804

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 09 December 2016 - 06:15 PM

I scanned Using rkill, tdss, malware bytes, rogue killer, adwcleaner, and hitmanpro. I also scanned with spyhunter but I don't want to spent 100 dollars on a software. But it detected a bunch of things that nothing else detected (I don't know if its a lie) but google, redirects me to a puklisi.ru link, 20161.cf-track.info, azartplaynew.com, or a Japanese site about a aging technique. it mostly shows Russian site links, I recognize this as adware, or something similar. I tried all other threads step's, I reset google settings and cleared everything. uninstalled any programs since this started. It didn't fix it, Help is very much appreciated  :). Sorry Don't know how to attach it. 

 

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by jdog3 (administrator) on DESKTOP-9DVKH5M (09-12-2016 18:10:11)
Running from C:\Users\jdog3\Desktop
Loaded Profiles: jdog3 (Available Profiles: defaultuser0 & jdog3)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) J:\Steam\Steam.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Valve Corporation) J:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) J:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Ableton) C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
() C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\Index\Ableton Index.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7705.42037.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7705.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jdog3\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-29] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\Run: [skypefile] => C:\Users\jdog3\AppData\Roaming\skypefiles\skypeproc.exe
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\Run: [Steam] => J:\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1690248 2016-12-01] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{32222ddd-e753-4a19-a336-94dbb56cd91a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{aad67123-33e2-4ae1-96b4-0488d115fadd}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4288253323-1802736211-3084792629-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4288253323-1802736211-3084792629-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-11] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: n6naw4w5.default
FF ProfilePath: C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default [2016-12-09]
FF NewTab: Mozilla\Firefox\Profiles\n6naw4w5.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\n6naw4w5.default -> about:home
FF Extension: (HackBar) - C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2016-11-24]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-11] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-4288253323-1802736211-3084792629-1001: @nsroblox.roblox.com/launcher -> C:\Users\jdog3\AppData\Local\Roblox\Versions\version-c2285b6f3d724119\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4288253323-1802736211-3084792629-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\jdog3\AppData\Local\Roblox\Versions\version-c2285b6f3d724119\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Adblock Plus) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Material Simple Dark Grey) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2016-12-09]
CHR Extension: (Chrome Media Router) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1455624 2016-12-08] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-01] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-01] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-12-04] (EasyAntiCheat Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-07] (SurfRight B.V.)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [323824 2016-03-16] (Locktime Software)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1316080 2016-11-23] (Overwolf LTD)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [13848 2016-11-29] (Advanced Micro Devices Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-01] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-26] (C-MEDIA)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 HWiNFO32; C:\Windows\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-29] (REALiX™)
R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7139088 2016-11-29] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [128328 2016-03-16] (Locktime Software)
R2 NPF; C:\Windows\system32\DRIVERS\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvnUsbAudio; C:\Windows\system32\DRIVERS\nvnusbaudio.sys [54000 2015-06-10] (Novation DMS Ltd.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-11-29] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-07] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 aswVmm; \??\C:\Users\jdog3\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-09 18:10 - 2016-12-09 18:10 - 00013986 _____ C:\Users\jdog3\Desktop\FRST.txt
2016-12-09 18:07 - 2016-12-09 18:06 - 02420224 _____ (Farbar) C:\Users\jdog3\Desktop\FRST64 (1).exe
2016-12-09 18:06 - 2016-12-09 18:06 - 02420224 _____ (Farbar) C:\Users\jdog3\Downloads\FRST64 (1).exe
2016-12-09 15:25 - 2016-12-09 15:26 - 52419266 _____ C:\Users\jdog3\Downloads\Calvin Harris - Outside. (Project File by Voltapix).zip
2016-12-08 17:45 - 2016-12-08 17:45 - 00000000 ____D C:\Users\jdog3\AppData\Local\NetworkTiles
2016-12-08 17:28 - 2016-12-08 17:28 - 00000000 ____D C:\Users\jdog3\AppData\Local\CrashDumps
2016-12-08 14:34 - 2016-12-08 14:34 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2016-12-08 14:33 - 2016-12-08 14:34 - 00000000 ____D C:\ProgramData\ProductData
2016-12-08 14:33 - 2016-12-08 14:33 - 00000000 ____D C:\Users\jdog3\AppData\Local\VirtualStore
2016-12-07 23:13 - 2016-12-07 22:30 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-12-07 22:53 - 2016-12-07 22:53 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-12-07 22:38 - 2016-12-07 22:38 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-07 22:38 - 2016-12-07 22:38 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-07 22:38 - 2016-12-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-07 22:38 - 2016-12-07 22:38 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-07 22:34 - 2016-12-07 22:37 - 34190992 _____ (Adlice Software ) C:\Users\jdog3\Downloads\setup.exe
2016-12-07 22:25 - 2016-12-07 23:11 - 00000000 ____D C:\zoek_backup
2016-12-07 22:25 - 2016-12-07 22:25 - 01309184 _____ C:\Users\jdog3\Downloads\zoek.exe
2016-12-07 22:20 - 2016-12-07 22:21 - 00000000 ____D C:\FRST
2016-12-07 22:19 - 2016-12-07 22:20 - 00000000 ____D C:\Users\jdog3\Desktop\far
2016-12-07 22:19 - 2016-12-07 22:19 - 02420224 _____ (Farbar) C:\Users\jdog3\Downloads\FRST64.exe
2016-12-07 22:13 - 2016-12-07 22:13 - 05198336 _____ (AVAST Software) C:\Users\jdog3\Downloads\aswMBR.exe
2016-12-07 21:45 - 2016-12-07 21:46 - 01631928 _____ (Malwarebytes) C:\Users\jdog3\Downloads\JRT.exe
2016-12-07 21:40 - 2016-12-08 14:34 - 00000000 ____D C:\Program Files\Unlocker
2016-12-07 21:39 - 2016-12-07 21:39 - 00346112 _____ C:\Users\jdog3\Downloads\Unlocker x64 1.9.2.msi
2016-12-07 21:33 - 2016-12-07 21:35 - 15171858 ____R C:\Users\jdog3\Downloads\SpyHunter 4.1.11.0 + Crack(Boss1988).rar
2016-12-07 21:33 - 2016-12-07 21:33 - 00000000 ____D C:\Users\jdog3\Downloads\SpyHunter 4.1.11.0 + Crack
2016-12-07 21:32 - 2016-12-07 21:34 - 00000000 ____D C:\Users\jdog3\Downloads\SpyHunter v4.8.13.3861 [h33t.com] Full
2016-12-07 21:28 - 2016-12-07 21:28 - 00000000 ____D C:\Users\jdog3\Downloads\SpyHunter.3.7.19
2016-12-07 21:20 - 2016-12-07 21:20 - 00641632 _____ C:\Users\jdog3\Downloads\Spyhunter_4_Email_and_Password_Generator_with_Serial_2015_downloader.exe
2016-12-07 21:19 - 2016-12-07 21:19 - 03593852 _____ C:\Users\jdog3\Downloads\SpyHunter 4 Email And Password 2016 Crack Keygen Free Download (1).zip
2016-12-07 21:17 - 2016-12-07 21:17 - 03593852 _____ C:\Users\jdog3\Downloads\SpyHunter 4 Email And Password 2016 Crack Keygen Free Download.zip
2016-12-07 21:16 - 2016-12-07 21:16 - 15768485 _____ C:\Users\jdog3\Downloads\SpyHunter 4 Plus CRACK with Serial keys.rar
2016-12-07 21:07 - 2016-12-07 21:08 - 107347726 _____ C:\Users\jdog3\Downloads\SpyHunter4_FullCracked_(Boldox90).rar
2016-12-07 20:48 - 2016-12-07 20:48 - 00000000 _____ C:\autoexec.bat
2016-12-07 20:47 - 2016-12-07 20:47 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\jdog3\Downloads\SpyHunter-Installer.exe
2016-12-07 20:38 - 2016-12-07 20:38 - 48750920 _____ C:\Users\jdog3\Downloads\BDPUARLauncher.exe
2016-12-07 20:34 - 2016-12-07 20:36 - 00524160 _____ C:\TDSSKiller.3.1.0.12_07.12.2016_20.34.39_log.txt
2016-12-07 20:33 - 2016-12-07 20:33 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\jdog3\Downloads\rkill.exe
2016-12-07 20:33 - 2016-12-07 20:33 - 00095780 _____ C:\TDSSKiller.3.1.0.12_07.12.2016_20.33.08_log.txt
2016-12-07 20:32 - 2016-12-07 20:33 - 04747704 _____ (AO Kaspersky Lab) C:\Users\jdog3\Downloads\tdsskiller.exe
2016-12-07 19:33 - 2016-12-07 19:33 - 06688693 _____ C:\Users\jdog3\Downloads\hitman crack.rar
2016-12-07 19:25 - 2016-12-07 19:40 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-07 19:25 - 2016-12-07 19:34 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-12-07 19:25 - 2016-12-07 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-07 19:23 - 2016-12-07 19:27 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-07 19:23 - 2016-12-07 19:23 - 12307297 _____ C:\Users\jdog3\Downloads\file25111.rar
2016-12-07 15:10 - 2016-12-07 19:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-07 15:09 - 2016-12-07 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-07 15:09 - 2016-12-07 15:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-07 15:09 - 2016-12-07 15:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-07 15:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-12-07 15:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-07 15:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-07 15:07 - 2016-12-07 15:09 - 22851472 _____ (Malwarebytes ) C:\Users\jdog3\Desktop\mbam-setup-2.2.1.1043.exe
2016-12-07 15:07 - 2016-12-07 15:07 - 22851472 _____ (Malwarebytes ) C:\Users\jdog3\Downloads\mbam-setup-2.2.1.1043.exe
2016-12-07 07:45 - 2016-12-07 21:53 - 00000000 ____D C:\AdwCleaner
2016-12-07 07:45 - 2016-12-07 07:45 - 03968464 _____ C:\Users\jdog3\Desktop\adwcleaner_6.040.exe
2016-12-07 01:56 - 2016-12-07 01:56 - 05088826 _____ C:\Users\jdog3\Downloads\Avast Premier + License 2021.zip
2016-12-07 01:08 - 2016-12-07 01:08 - 00003732 _____ C:\Windows\System32\Tasks\InternetCB
2016-12-06 21:02 - 2016-12-06 21:02 - 09403051 _____ C:\Users\jdog3\Downloads\Helixus - Animals.zip
2016-12-06 20:57 - 2016-12-06 21:01 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\obs-studio
2016-12-06 20:57 - 2016-12-06 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-12-06 20:56 - 2016-12-06 20:56 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-12-06 20:55 - 2016-12-06 20:56 - 98698192 _____ (obsproject.com) C:\Users\jdog3\Downloads\OBS-Studio-0.16.6-Full-Installer.exe
2016-12-06 20:52 - 2016-12-06 20:52 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-12-04 17:30 - 2016-12-04 17:30 - 00001133 _____ C:\Users\jdog3\Desktop\heroter.txt
2016-12-04 02:53 - 2016-12-08 16:55 - 00552184 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2016-12-04 02:53 - 2016-12-04 02:53 - 00000000 ____D C:\Users\jdog3\AppData\LocalLow\Freejam
2016-12-04 02:53 - 2016-12-04 02:51 - 00245544 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-12-04 02:50 - 2016-12-04 02:50 - 00000202 _____ C:\Users\jdog3\Desktop\Robocraft.url
2016-12-04 02:49 - 2016-12-04 02:49 - 00000000 ____D C:\ProgramData\Steam
2016-12-04 02:36 - 2016-12-04 02:36 - 00000612 _____ C:\Users\jdog3\Downloads\Takedown.Red.Sabre.v1.1.Plus.4.Trainer.zip
2016-12-04 01:24 - 2016-12-04 01:24 - 00000000 ____D C:\Users\jdog3\AppData\Local\Macromedia
2016-12-04 01:23 - 2016-12-04 01:23 - 00001648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-12-04 01:23 - 2016-11-23 08:37 - 00000570 _____ C:\Users\jdog3\AppData\Local\TroubleshooterConfig.json
2016-12-04 01:22 - 2016-12-04 01:22 - 00000000 ____D C:\Users\jdog3\AppData\Local\Bluestacks
2016-12-04 01:21 - 2016-12-04 01:23 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-12-04 01:21 - 2016-12-04 01:21 - 330796920 _____ (BlueStack Systems Inc.) C:\Users\jdog3\Downloads\BlueStacks2_native_8bd0d675318666cf9d19e2336b33f120.exe
2016-12-04 01:21 - 2016-12-01 10:48 - 00000000 ____D C:\ProgramData\Bluestacks
2016-12-03 22:32 - 2016-12-03 22:32 - 29168349 _____ C:\Users\jdog3\Downloads\Faded.rar
2016-12-03 17:45 - 2016-12-03 17:45 - 00000000 ____D C:\Users\jdog3\Documents\@Lakeside
2016-12-03 17:45 - 2016-12-03 17:45 - 00000000 ____D C:\Users\jdog3\Documents\@CBA_A3
2016-12-01 22:55 - 2016-12-02 00:04 - 00000000 ____D C:\Users\jdog3\Documents\A3 MODS
2016-12-01 20:25 - 2016-12-01 20:25 - 01097203 _____ C:\Users\jdog3\Downloads\GodDorksCrackedByMatt (1).rar
2016-12-01 20:24 - 2016-12-01 20:24 - 01097203 _____ C:\Users\jdog3\Downloads\GodDorksCrackedByMatt.rar
2016-12-01 20:21 - 2016-12-01 20:22 - 01142272 _____ C:\Users\jdog3\Downloads\GodDorksReborn.Patched (1).exe
2016-12-01 20:20 - 2016-12-01 20:20 - 01142272 _____ C:\Users\jdog3\Downloads\GodDorksReborn.Patched.exe
2016-12-01 20:12 - 2016-12-01 20:12 - 00048572 _____ C:\Users\jdog3\Documents\Dorks.txt
2016-12-01 20:10 - 2016-12-01 20:10 - 01255294 _____ C:\Users\jdog3\Downloads\Combo#.rar
2016-12-01 19:43 - 2016-12-01 19:43 - 00046903 _____ C:\Users\jdog3\Downloads\Text Utils pack by Lays.rar
2016-12-01 19:26 - 2016-12-01 19:26 - 00990894 _____ C:\Users\jdog3\Downloads\Work With Dorks [DORK-s Generator] By JohnDoe v.2.1.zip
2016-12-01 19:24 - 2016-12-01 19:24 - 01095015 _____ C:\Users\jdog3\Downloads\WWDv.2.0.zip
2016-12-01 19:14 - 2016-12-01 19:14 - 00090939 _____ C:\Users\jdog3\Downloads\Multicore v1.2.zip
2016-11-30 16:27 - 2016-12-04 00:58 - 00000000 ____D C:\Steamgames
2016-11-30 16:27 - 2016-11-30 16:27 - 00000000 ____D C:\Steamlibary
2016-11-30 16:04 - 2016-11-30 16:21 - 00000202 _____ C:\Users\jdog3\Desktop\Arma 3.url
2016-11-30 15:55 - 2016-11-30 15:55 - 00000551 _____ C:\Users\Public\Desktop\Steam.lnk
2016-11-30 15:55 - 2016-11-30 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-30 14:39 - 2016-11-30 14:39 - 00000000 ____D C:\Windows\LastGood
2016-11-30 14:39 - 2007-01-19 18:24 - 00025312 ____R (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2016-11-30 14:38 - 2016-11-30 14:38 - 54540226 _____ C:\Users\jdog3\Downloads\WNA3100-SW-V2.2.0.4.zip
2016-11-30 14:38 - 2016-11-30 14:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-30 14:38 - 2016-11-30 14:38 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2016-11-30 14:38 - 2015-02-10 20:46 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2016-11-30 14:27 - 2016-11-30 14:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2016-11-29 18:51 - 2016-11-29 18:51 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-11-29 18:50 - 2016-11-29 18:50 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-11-29 18:50 - 2016-11-29 18:50 - 00000000 ____D C:\Windows\system32\DAX2
2016-11-29 18:50 - 2016-11-29 18:50 - 00000000 ____D C:\Program Files\Realtek
2016-11-29 18:49 - 2016-11-29 18:49 - 72520720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-11-29 18:49 - 2016-11-29 18:49 - 23505720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRenderAVX64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 23414272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRender64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 17378000 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 15202040 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 14057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 13122584 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 12988352 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 10534696 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 07172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 07096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 07020920 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-11-29 18:49 - 2016-11-29 18:49 - 06374320 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 06264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-11-29 18:49 - 2016-11-29 18:49 - 05793528 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 05593624 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 05341352 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 05310472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-11-29 18:49 - 2016-11-29 18:49 - 03299832 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 03291320 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 03283248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 03203592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 03133856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02895104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-11-29 18:49 - 2016-11-29 18:49 - 02825104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02775360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02706872 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02439048 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02203752 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02190992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02073088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 02050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01920820 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2016-11-29 18:49 - 2016-11-29 18:49 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01618032 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01422928 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01360520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01337648 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01213664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01186840 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01166168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01115136 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01041744 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 01001800 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00999856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00962136 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00923752 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00873472 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00864344 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00858208 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00854040 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00725944 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00601152 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00571384 _____ (Intel Corporation) C:\Windows\system32\tbb_waves.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00498640 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00472312 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00467168 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00447184 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00438696 _____ (Conexant Systems, Inc.) C:\Windows\system32\CAF64APO2.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00416512 _____ (Harman) C:\Windows\system32\HMUI.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00372736 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00366128 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00362056 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00360352 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00341160 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00203848 _____ (Harman) C:\Windows\system32\HMHVS.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00192984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00190936 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00190936 _____ (Harman) C:\Windows\system32\HMEQ.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00179600 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00154368 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00112496 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf64api.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00105312 _____ C:\Windows\system32\audioLibVc.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-11-29 18:49 - 2016-11-29 18:49 - 00005604 _____ C:\Windows\system32\cxapo.lncs
2016-11-29 18:49 - 2016-11-29 18:49 - 00000736 _____ C:\Windows\system32\cxapo.prop
2016-11-29 18:48 - 2016-11-29 18:48 - 00943112 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2016-11-29 18:48 - 2016-11-29 18:48 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-11-29 18:47 - 2016-07-10 17:58 - 00546240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-11-29 18:47 - 2016-07-10 17:58 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 31680568 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 25442240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 17764408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 17463992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 14487768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 10700592 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 10656296 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 10243600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 09028360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 08742360 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 08622576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 03382240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 02868160 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 02497984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 01939000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436881.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436881.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00999872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00930360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00909248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00852024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00802816 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00694488 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00644184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00583920 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00462904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00444472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00413488 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00393152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00383936 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00348216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00345800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00155952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00153232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-29 18:45 - 2016-11-29 18:45 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-11-29 18:45 - 2016-11-29 18:45 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-11-29 18:44 - 2016-11-29 18:47 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-29 18:44 - 2016-11-29 18:44 - 07908368 _____ C:\Windows\system32\Drivers\Netwfw04.dat
2016-11-29 18:44 - 2016-11-29 18:44 - 07139088 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw04.sys
2016-11-29 18:44 - 2016-11-29 18:44 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-11-29 18:44 - 2016-11-29 18:44 - 00013848 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys
2016-11-29 16:54 - 2016-11-29 16:54 - 01446792 _____ C:\Users\jdog3\Downloads\SteamSetup (1).exe
2016-11-29 16:43 - 2016-12-07 21:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-29 16:43 - 2016-11-29 16:43 - 06306272 _____ (AVAST Software) C:\Users\jdog3\Downloads\avast_premier_antivirus_setup_online.exe
2016-11-29 16:41 - 2016-11-29 16:41 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-11-29 16:41 - 2016-11-29 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-11-29 16:40 - 2016-11-29 18:55 - 00000000 ____D C:\ProgramData\IObit
2016-11-29 16:40 - 2016-11-29 16:41 - 00000000 ____D C:\Users\jdog3\AppData\LocalLow\IObit
2016-11-29 16:40 - 2016-11-29 16:41 - 00000000 ____D C:\Program Files (x86)\IObit
2016-11-29 16:40 - 2016-11-29 16:40 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-11-29 16:40 - 2016-11-29 16:40 - 00000000 ____D C:\Windows\IObit
2016-11-29 16:40 - 2016-11-29 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2016-11-29 16:39 - 2016-11-29 16:42 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\IObit
2016-11-29 16:39 - 2016-11-29 16:39 - 17150504 _____ (IObit ) C:\Users\jdog3\Downloads\driver_booster_setup.exe
2016-11-29 16:23 - 2016-11-29 16:24 - 00000000 _____ C:\Windows\BcdLog.txt
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\epm
2016-11-29 13:06 - 2016-11-29 16:24 - 00000028 _____ C:\Windows\OutLog.txt
2016-11-29 11:40 - 2016-11-29 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.8
2016-11-29 11:39 - 2016-08-26 17:49 - 03843264 _____ C:\Windows\system32\BootMan.exe
2016-11-29 11:39 - 2016-08-26 17:46 - 02928320 _____ C:\Windows\SysWOW64\BootMan.exe
2016-11-29 11:39 - 2016-07-11 10:01 - 00101984 _____ C:\Windows\system32\setupempdrvx64.exe
2016-11-29 11:39 - 2016-07-11 10:01 - 00088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2016-11-29 11:39 - 2016-07-11 10:01 - 00010848 _____ C:\Windows\system32\EuGdiDrv.sys
2016-11-29 11:39 - 2016-07-11 10:01 - 00010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2016-11-29 11:39 - 2016-07-08 15:28 - 00248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
2016-11-29 11:39 - 2016-01-14 10:05 - 00024056 _____ C:\Windows\system32\epmntdrv.sys
2016-11-29 11:39 - 2016-01-14 10:05 - 00021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
2016-11-29 11:39 - 2014-11-18 14:46 - 00021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2016-11-29 11:39 - 2014-11-18 14:46 - 00017504 _____ C:\Windows\system32\EuEpmGdi.dll
2016-11-29 11:31 - 2016-11-29 11:35 - 58114593 _____ C:\Users\jdog3\Downloads\EaseUS Partition Master 11.8 + Crack All Edition.rar
2016-11-29 11:24 - 2016-11-29 11:39 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-11-29 11:23 - 2016-11-29 11:23 - 49597536 _____ (EaseUS ) C:\Users\jdog3\Downloads\epm.exe
2016-11-29 10:37 - 2016-11-29 10:37 - 00236198 _____ C:\Users\jdog3\Downloads\cumberland-fontworks_merchant-copy.zip
2016-11-29 10:36 - 2016-11-29 10:36 - 00103004 _____ C:\Users\jdog3\Downloads\fake-receipt.zip
2016-11-28 13:34 - 2016-11-28 13:34 - 00001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-11-28 13:34 - 2016-11-28 13:34 - 00001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-11-28 13:34 - 2016-11-28 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-11-28 13:34 - 2016-11-28 13:34 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-11-28 13:31 - 2016-11-28 13:35 - 00000000 ____D C:\Program Files\Wireshark
2016-11-28 13:29 - 2016-11-28 13:31 - 49242104 _____ (Wireshark development team) C:\Users\jdog3\Downloads\Wireshark-win64-2.2.2.exe
2016-11-27 22:46 - 2016-11-27 22:46 - 00055400 _____ C:\Users\jdog3\Downloads\OCRAEXT.TTF
2016-11-27 22:04 - 2016-11-27 22:14 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\ObviousIdea
2016-11-27 22:04 - 2016-11-27 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ObviousIdea
2016-11-27 22:04 - 2016-11-27 22:04 - 00000000 ____D C:\Program Files (x86)\ObviousIdea
2016-11-27 22:03 - 2016-11-27 22:03 - 07364936 _____ (ObviousIdea ) C:\Users\jdog3\Downloads\light_image_resizer5_setup.exe
2016-11-26 17:29 - 2016-11-26 17:29 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Seupport
2016-11-26 17:22 - 2016-11-26 17:22 - 00241736 _____ C:\Users\jdog3\Downloads\DUCSetup_v4_1_1.exe
2016-11-26 17:22 - 2016-11-26 17:22 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2016-11-26 17:22 - 2016-11-26 17:22 - 00000000 ____D C:\Users\jdog3\AppData\Local\Vitalwerks
2016-11-26 17:22 - 2016-11-26 17:22 - 00000000 ____D C:\ProgramData\Vitalwerks
2016-11-26 17:22 - 2016-11-26 17:22 - 00000000 ____D C:\Program Files (x86)\No-IP
2016-11-26 02:33 - 2016-11-26 02:33 - 02099620 _____ C:\Users\jdog3\Downloads\Paypal By The N3RoX-Cracking.Org.rar
2016-11-26 02:27 - 2016-11-26 02:27 - 01972441 _____ C:\Users\jdog3\Downloads\Anti-Public Online.zip
2016-11-26 02:23 - 2016-11-26 02:23 - 00000000 ____D C:\Users\jdog3\AppData\Local\SkinSoft
2016-11-25 04:00 - 2016-11-25 04:00 - 00000889 _____ C:\Users\jdog3\Downloads\google_play_se_(social_engineering)_method_easy_noobfriendly.txt
2016-11-25 03:35 - 2016-11-25 03:35 - 10277885 _____ C:\Users\jdog3\Downloads\Complex_Crack.rar
2016-11-25 03:27 - 2016-11-25 03:27 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Macromedia
2016-11-25 03:21 - 2016-11-25 03:21 - 07420926 _____ C:\Users\jdog3\Downloads\BH Tool Release.rar
2016-11-25 03:19 - 2016-11-25 03:19 - 00446669 _____ C:\Users\jdog3\Downloads\Super TG 2016 v2.3 (Vip Pro Edition).7z
2016-11-25 02:50 - 2016-11-25 02:51 - 13051399 _____ C:\Users\jdog3\Downloads\Sentry MBA 1.4.2.rar
2016-11-25 01:33 - 2016-11-25 01:33 - 00645729 _____ (WDS Team) C:\Users\jdog3\Downloads\windirstat1_1_2_setup.exe
2016-11-25 01:33 - 2016-11-25 01:33 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-11-25 01:33 - 2016-11-25 01:33 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2016-11-25 01:21 - 2016-11-25 01:26 - 3834773504 _____ C:\Users\jdog3\Downloads\Parrot-full-3.2_amd64.iso
2016-11-25 00:15 - 2016-11-25 01:41 - 00000000 ____D C:\Users\jdog3\Documents\Virtual Machines
2016-11-25 00:11 - 2016-12-01 14:19 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\VMware
2016-11-25 00:11 - 2016-12-01 14:19 - 00000000 ____D C:\Users\jdog3\AppData\Local\VMware
2016-11-25 00:09 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2016-11-25 00:09 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2016-11-25 00:09 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2016-11-25 00:09 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2016-11-25 00:08 - 2016-12-07 23:49 - 00000000 ____D C:\ProgramData\VMware
2016-11-25 00:08 - 2016-11-25 00:08 - 01205652 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-25 00:08 - 2016-11-25 00:08 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2016-11-25 00:08 - 2016-11-25 00:08 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2016-11-25 00:08 - 2016-11-25 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-11-25 00:08 - 2016-11-25 00:08 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-11-25 00:08 - 2016-11-25 00:08 - 00000000 ____D C:\Program Files (x86)\VMware
2016-11-25 00:08 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2016-11-25 00:08 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2016-11-25 00:08 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2016-11-25 00:08 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2016-11-25 00:08 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2016-11-25 00:08 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2016-11-25 00:04 - 2016-11-25 00:06 - 318436392 _____ (VMware, Inc.) C:\Users\jdog3\Downloads\VMware-workstation-full-12.5.2-4638234.exe
2016-11-25 00:02 - 2016-11-25 00:03 - 00000000 ____D C:\Users\jdog3\.VirtualBox
2016-11-25 00:02 - 2016-11-25 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-11-25 00:02 - 2016-11-25 00:02 - 00000000 ____D C:\Program Files\Oracle
2016-11-25 00:02 - 2016-11-21 17:45 - 00933088 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-11-25 00:02 - 2016-11-21 17:44 - 00150280 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-11-25 00:01 - 2016-11-25 00:01 - 123014112 _____ (Oracle Corporation) C:\Users\jdog3\Downloads\VirtualBox-5.1.10-112026-Win.exe
2016-11-24 00:27 - 2016-11-24 00:27 - 03225422 _____ C:\Users\jdog3\Downloads\Havij 1.152 Pro.rar
2016-11-24 00:14 - 2016-12-04 02:36 - 00000000 ____D C:\Users\jdog3\AppData\LocalLow\Mozilla
2016-11-24 00:14 - 2016-11-24 00:21 - 00000000 ____D C:\Users\jdog3\AppData\Local\Mozilla
2016-11-24 00:14 - 2016-11-24 00:14 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Mozilla
2016-11-24 00:13 - 2016-11-24 00:13 - 00243600 _____ C:\Users\jdog3\Downloads\Firefox Setup Stub 50.0.exe
2016-11-24 00:05 - 2016-11-24 00:05 - 00792247 _____ C:\Users\jdog3\Downloads\WebCruiserPro.zip
2016-11-23 23:32 - 2016-11-23 23:33 - 748132182 _____ C:\Users\jdog3\Downloads\Jim's HacPack.zip
2016-11-23 23:05 - 2016-11-23 23:05 - 65517878 _____ C:\Users\jdog3\Downloads\Hack Pack V2 by Anon!M ID.part7.rar
2016-11-23 23:05 - 2016-11-23 23:05 - 104857600 _____ C:\Users\jdog3\Downloads\Hack Pack V2 by Anon!M ID.part6.rar
2016-11-23 23:05 - 2016-11-23 23:05 - 104857600 _____ C:\Users\jdog3\Downloads\Hack Pack V2 by Anon!M ID.part5.rar
2016-11-23 23:05 - 2016-11-23 23:05 - 104857600 _____ C:\Users\jdog3\Downloads\Hack Pack V2 by Anon!M ID.part4.rar
2016-11-23 23:05 - 2016-11-23 23:05 - 104857600 _____ C:\Users\jdog3\Downloads\Hack Pack V2 by Anon!M ID.part3.rar
2016-11-23 23:04 - 2016-11-23 23:07 - 104857600 _____ C:\Users\jdog3\Downloads\Hack Pack V2 by Anon!M ID.part1.rar
2016-11-23 23:04 - 2016-11-23 23:05 - 104857600 _____ C:\Users\jdog3\Downloads\Hack Pack V2 by Anon!M ID.part2.rar
2016-11-23 22:50 - 2016-11-23 22:50 - 00003960 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1479959402
2016-11-23 22:50 - 2016-11-23 22:50 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-11-23 22:50 - 2016-11-23 22:50 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Opera Software
2016-11-23 22:50 - 2016-11-23 22:50 - 00000000 ____D C:\Users\jdog3\AppData\Local\Opera Software
2016-11-23 22:49 - 2016-11-23 22:50 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-23 22:49 - 2016-11-23 22:49 - 01131632 _____ (Opera Software) C:\Users\jdog3\Downloads\OperaSetup.exe
2016-11-23 22:44 - 2016-11-23 22:44 - 50689096 _____ C:\Users\jdog3\Downloads\torbrowser-install-6.0.6_en-US (1).exe
2016-11-23 22:44 - 2016-11-23 22:44 - 00000910 _____ C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-11-23 21:55 - 2016-11-23 22:09 - 00000250 _____ C:\Users\jdog3\AppData\LocalLow\rbxcsettings.rbx
2016-11-23 21:55 - 2016-11-23 21:59 - 00000000 ____D C:\Users\jdog3\AppData\Local\Roblox
2016-11-23 21:55 - 2016-11-23 21:55 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-11-23 21:54 - 2016-11-23 21:55 - 01081336 _____ (ROBLOX Corporation) C:\Users\jdog3\Downloads\RobloxPlayerLauncher.exe
2016-11-23 16:17 - 2016-11-23 16:19 - 2679835302 _____ C:\Users\jdog3\Downloads\@Esseker.rar
2016-11-21 21:42 - 2016-11-21 21:42 - 50689096 _____ C:\Users\jdog3\Downloads\torbrowser-install-6.0.6_en-US.exe
2016-11-21 19:01 - 2016-11-21 19:01 - 03977114 _____ C:\Users\jdog3\Downloads\Hacks.zip
2016-11-21 17:44 - 2016-11-21 17:44 - 00206416 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2016-11-21 17:44 - 2016-11-21 17:44 - 00132120 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2016-11-21 16:37 - 2016-11-21 16:37 - 00783175 _____ C:\Users\jdog3\Downloads\AutoClicker.exe
2016-11-21 16:37 - 2016-11-21 16:37 - 00000000 ____D C:\Users\jdog3\Documents\AutomaticSolution Software
2016-11-20 21:34 - 2016-11-20 21:34 - 00412010 _____ C:\Users\jdog3\Downloads\CBA_A3_v3.1.2.161105.zip
2016-11-20 21:33 - 2016-11-20 21:33 - 09409578 _____ C:\Users\jdog3\Downloads\extended-base-mod-version-0.2.7.rar
2016-11-20 21:21 - 2016-11-20 21:21 - 00000000 ____D C:\ProgramData\Locktime
2016-11-20 21:21 - 2016-11-20 21:21 - 00000000 ____D C:\Program Files\Locktime Software
2016-11-20 21:20 - 2016-11-20 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2016-11-20 21:13 - 2016-11-20 21:13 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-20 21:12 - 2016-11-20 21:12 - 00000000 ____D C:\Windows\pss
2016-11-20 15:18 - 2016-11-20 15:19 - 07667098 _____ C:\Users\jdog3\Downloads\Net Limiter 4 (2016).rar
2016-11-20 15:05 - 2016-11-20 15:05 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Process Hacker 2
2016-11-20 15:05 - 2016-11-20 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2016-11-20 15:05 - 2016-11-20 15:05 - 00000000 ____D C:\Program Files\Process Hacker 2
2016-11-20 15:02 - 2016-11-20 15:02 - 02018808 _____ (wj32 ) C:\Users\jdog3\Downloads\process_er-2.36-setup.exe
2016-11-20 15:02 - 2016-11-20 15:02 - 01212787 _____ C:\Users\jdog3\Downloads\NetLimiter Pro v4.0.13.0 Serial key.txt
2016-11-20 15:00 - 2016-11-20 15:31 - 08030664 _____ (Locktime Software) C:\Users\jdog3\Downloads\netlimiter-4.0.15.0.exe
2016-11-20 15:00 - 2016-11-20 15:00 - 01223219 _____ C:\Users\jdog3\Downloads\NetLimiter 4.0.15.0 _ [x86 x64].zip
2016-11-20 14:10 - 2016-11-24 16:33 - 00000000 ____D C:\Program Files (x86)\A3Launcher
2016-11-20 14:10 - 2016-11-20 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher
2016-11-20 14:09 - 2016-11-20 14:10 - 14022488 _____ (Maca134 ) C:\Users\jdog3\Downloads\setup_a3launcher.exe
2016-11-20 13:30 - 2016-11-20 13:30 - 00507348 _____ C:\Users\jdog3\Downloads\7-th-grade--Chapter-3-Lesson-1--Cell-Division-and-the-cell-cycle (1).pptx
2016-11-20 13:26 - 2016-11-20 13:26 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2016-11-20 13:26 - 2016-11-20 13:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-20 13:25 - 2016-11-20 13:25 - 25685128 _____ (Microsoft Corporation) C:\Users\jdog3\Downloads\wordview_en-us (1).exe
2016-11-20 13:25 - 2016-11-20 13:25 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-11-20 13:24 - 2016-11-20 13:24 - 25685128 _____ (Microsoft Corporation) C:\Users\jdog3\Downloads\wordview_en-us.exe
2016-11-20 13:24 - 2016-11-20 13:24 - 00507348 _____ C:\Users\jdog3\Downloads\7-th-grade--Chapter-3-Lesson-1--Cell-Division-and-the-cell-cycle.pptx
2016-11-20 13:24 - 2016-11-20 13:24 - 00139631 _____ C:\Users\jdog3\Downloads\Mitosis_Content_Practice_A_and_B.pdf
2016-11-19 16:35 - 2016-11-19 16:55 - 322877770 _____ C:\Users\jdog3\Downloads\@CUP_Vehicles-1.8.0.zip
2016-11-19 16:35 - 2016-11-19 16:49 - 2460618534 _____ C:\Users\jdog3\Downloads\@CUP_Units-1.8.0.zip
2016-11-19 16:35 - 2016-11-19 16:46 - 1999434394 _____ C:\Users\jdog3\Downloads\@CUP_Weapons-1.8.0.zip
2016-11-19 16:34 - 2016-11-19 17:00 - 2788834806 _____ C:\Users\jdog3\Downloads\@CUP_Terrains_Complete-1.2.0.zip
2016-11-19 16:30 - 2016-11-19 16:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-11-19 14:42 - 2016-11-19 15:10 - 00000000 ____D C:\Users\jdog3\AppData\Local\ArmA 2 OA
2016-11-19 14:42 - 2016-11-19 14:47 - 00000000 ____D C:\Users\jdog3\Documents\ArmA 2
2016-11-19 14:42 - 2016-11-19 14:42 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2016-11-19 14:41 - 2016-11-19 14:41 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-19 14:41 - 2016-11-19 14:41 - 00000000 ____D C:\Program Files\MSBuild
2016-11-19 14:41 - 2016-11-19 14:41 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-19 14:41 - 2016-11-19 14:41 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-19 14:39 - 2016-11-19 14:39 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2016-11-19 14:39 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2016-11-19 14:39 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-11-19 14:39 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-11-19 14:39 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2016-11-19 14:39 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-11-19 14:39 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-11-19 12:13 - 2016-11-19 12:13 - 00029792 _____ C:\Users\jdog3\Downloads\RapidzZ_Script_Menu.zip
2016-11-19 12:08 - 2016-11-19 12:08 - 00000176 _____ C:\Users\jdog3\Downloads\Ahornblaz (1).sqf
2016-11-19 12:07 - 2016-11-19 12:07 - 00000406 _____ C:\Users\jdog3\Downloads\Read_before_using.txt
2016-11-19 12:07 - 2016-11-19 12:07 - 00000176 _____ C:\Users\jdog3\Downloads\Ahornblaz.sqf
2016-11-19 04:33 - 2016-12-04 01:45 - 00000000 ____D C:\Users\jdog3\Documents\DayZ
2016-11-19 04:33 - 2016-12-04 01:45 - 00000000 ____D C:\Users\jdog3\AppData\Local\DayZ
2016-11-19 04:20 - 2016-11-19 04:20 - 00038974 _____ C:\Users\jdog3\Downloads\Bowonky Menu 1.6.rar
2016-11-19 04:16 - 2016-11-19 04:16 - 00502173 _____ C:\Users\jdog3\Downloads\DayZ Rustlers 3.0(2).rar
2016-11-19 04:13 - 2016-11-19 04:13 - 00027318 _____ C:\Users\jdog3\Downloads\blah.sqf
2016-11-19 04:06 - 2016-11-19 04:06 - 00029791 _____ C:\Users\jdog3\Downloads\RapidzZ Script Menu (1).zip
2016-11-19 04:05 - 2016-11-19 04:05 - 00029791 _____ C:\Users\jdog3\Downloads\RapidzZ Script Menu.zip
2016-11-19 03:58 - 2016-11-19 03:58 - 00204497 _____ C:\Users\jdog3\Downloads\infiSTAR_Menu_v5_103_[unknowncheats.me]_.rar
2016-11-19 03:55 - 2016-11-19 04:00 - 00000000 ____D C:\Users\jdog3\Downloads\DayZ_Epoch_Client_1.0.5.1_Release
2016-11-19 03:53 - 2016-11-19 15:23 - 00000000 ____D C:\Program Files (x86)\DZLauncher
2016-11-19 03:53 - 2016-11-19 03:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DZLauncher
2016-11-19 03:52 - 2016-11-19 03:52 - 14037528 _____ (Maca134 ) C:\Users\jdog3\Downloads\setup_dzlauncher.exe
2016-11-19 03:51 - 2016-11-19 03:54 - 1720102198 ____R C:\Users\jdog3\Downloads\DayZ_Epoch_Client_1.0.5.1_Release.7z
2016-11-19 03:51 - 2016-11-19 03:51 - 00131549 _____ C:\Users\jdog3\Downloads\DayZ_Epoch_Client_1.0.5.1_Release.7z.torrent
2016-11-19 03:50 - 2016-11-19 03:50 - 00022245 _____ C:\Users\jdog3\Downloads\WhippyV4_[unknowncheats.me]_.rar
2016-11-19 02:58 - 2016-11-19 02:58 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Locktime
2016-11-19 02:56 - 2016-11-20 15:19 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Locktime Software
2016-11-19 02:53 - 2016-11-19 02:56 - 08403224 _____ (Locktime Software) C:\Users\jdog3\Downloads\netlimiter-4.0.21.0.exe
2016-11-19 02:32 - 2016-11-19 02:32 - 00000000 ____D C:\Users\jdog3\Tracing
2016-11-19 02:31 - 2016-11-19 02:32 - 00000000 ____D C:\ProgramData\Skype
2016-11-19 02:31 - 2016-11-19 02:31 - 43893216 _____ (Skype Technologies S.A.) C:\Users\jdog3\Downloads\SkypeSetupFull.exe
2016-11-19 02:31 - 2016-11-19 02:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-19 02:31 - 2016-11-19 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-11-18 20:47 - 2016-11-18 20:47 - 00037807 _____ C:\Users\jdog3\Downloads\dolce_vita.zip
2016-11-18 20:46 - 2016-11-18 20:46 - 00065264 _____ C:\Users\jdog3\Downloads\ufonts.com_gotham-black.ttf
2016-11-18 20:45 - 2016-11-18 20:45 - 49400838 _____ C:\Users\jdog3\Downloads\2D Template - PSD.rar
2016-11-18 20:40 - 2016-11-18 20:40 - 46694390 _____ C:\Users\jdog3\Downloads\TheIlluminatiPack.psd
2016-11-18 20:27 - 2016-11-18 20:27 - 03512502 _____ C:\Users\jdog3\Downloads\Banner.psd
2016-11-18 20:15 - 2016-11-18 20:17 - 406014148 _____ C:\Users\jdog3\Downloads\30k Pack.rar
2016-11-18 20:12 - 2016-11-18 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6
2016-11-18 20:11 - 2016-11-18 20:21 - 00000000 ____D C:\Program Files (x86)\Adobe Photoshop CS6
2016-11-18 20:10 - 2016-11-18 20:10 - 77324987 _____ C:\Users\jdog3\Downloads\Setup+key.rar
2016-11-18 19:51 - 2016-11-26 17:08 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Audacity
2016-11-18 19:51 - 2016-11-18 19:51 - 10921409 _____ C:\Users\jdog3\Downloads\audacity-win-2.1.2.zip
2016-11-18 19:51 - 2016-11-18 19:51 - 00000000 ____D C:\Users\jdog3\AppData\Local\Audacity
2016-11-18 19:23 - 2016-11-18 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DayZ SA
2016-11-18 19:16 - 2016-11-18 19:18 - 1201917920 _____ C:\Users\jdog3\Downloads\@Exile-1.0.2.zip
2016-11-18 19:04 - 2016-11-18 19:04 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-11-18 19:03 - 2016-11-18 19:04 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-11-17 22:17 - 2016-11-17 22:17 - 00002684 _____ C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-11-17 22:16 - 2016-12-07 21:36 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\uTorrent
2016-11-17 22:16 - 2016-11-17 22:16 - 02403008 _____ (BitTorrent Inc.) C:\Users\jdog3\Downloads\uTorrent.exe
2016-11-17 21:58 - 2016-11-17 21:58 - 00048588 _____ C:\Users\jdog3\Downloads\Arma 3 Admin Menu_[unknowncheats.me]_.zip
2016-11-17 21:50 - 2016-11-17 21:50 - 00007645 _____ C:\Users\jdog3\Downloads\Arma 3 Admin menu.rar
2016-11-17 21:48 - 2016-11-17 21:48 - 00456498 _____ C:\Users\jdog3\Downloads\DevCon.RAR
2016-11-17 21:46 - 2016-11-17 21:46 - 00085952 _____ C:\Users\jdog3\Downloads\andys_menuhhh.txt
2016-11-17 17:02 - 2016-11-17 17:02 - 00282903 _____ C:\Users\jdog3\Downloads\RMA# 332091JAY ZABEL.pdf
2016-11-17 17:01 - 2016-11-17 17:01 - 00011036 _____ C:\Users\jdog3\Downloads\RMA# 332091  YH - Warranty Customer AM&S.PDF
2016-11-16 21:53 - 2016-11-16 21:53 - 00644053 _____ (UMEZAWA Takeshi ) C:\Users\jdog3\Downloads\utvideo-17.1.0-win.exe
2016-11-16 21:53 - 2016-11-16 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ut Video Codec Suite
2016-11-16 21:53 - 2016-11-16 21:53 - 00000000 ____D C:\Program Files\utvideo
2016-11-16 21:53 - 2016-11-12 21:49 - 00291328 _____ (TODO: <会社名>) C:\Windows\system32\utv_dmo.dll
2016-11-16 21:53 - 2016-11-12 21:48 - 00374784 _____ C:\Windows\system32\utv_core.dll
2016-11-16 21:53 - 2016-11-12 21:48 - 00262144 _____ C:\Windows\SysWOW64\utv_core.dll
2016-11-16 21:53 - 2016-11-12 21:48 - 00225280 _____ (TODO: <会社名>) C:\Windows\SysWOW64\utv_dmo.dll
2016-11-16 21:53 - 2016-11-12 21:48 - 00130048 _____ C:\Windows\system32\utv_vcm.dll
2016-11-16 21:53 - 2016-11-12 21:48 - 00107520 _____ C:\Windows\SysWOW64\utv_vcm.dll
2016-11-16 21:52 - 2016-11-16 21:52 - 00000000 ____D C:\Users\jdog3\AppData\LocalLow\Smartly Dressed Games
2016-11-16 16:34 - 2016-11-16 16:34 - 00000000 ____D C:\Users\jdog3\AppData\Local\softwarelagswitch.com
2016-11-16 16:33 - 2016-11-16 16:33 - 00000000 ____D C:\Users\jdog3\AppData\Local\Downloaded Installations
2016-11-16 16:33 - 2016-11-16 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Lag Switch
2016-11-16 16:33 - 2016-11-16 16:33 - 00000000 ____D C:\Program Files (x86)\Software Lag Switch
2016-11-16 16:32 - 2016-11-16 16:32 - 02712119 _____ (softwarelagswitch.com) C:\Users\jdog3\Downloads\softwarelagswitch.exe
2016-11-15 16:52 - 2016-11-15 16:52 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-11-15 16:52 - 2016-11-15 16:52 - 00000000 ____D C:\Users\jdog3\AppData\Local\SquirrelTemp
2016-11-15 16:52 - 2016-11-15 16:52 - 00000000 ____D C:\Users\jdog3\AppData\Local\Discord
2016-11-15 16:51 - 2016-11-15 16:52 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\jdog3\Downloads\DiscordSetup.exe
2016-11-14 21:04 - 2016-11-14 21:04 - 131256335 _____ C:\Users\jdog3\Downloads\0.9.12.zip
2016-11-13 18:51 - 2016-11-13 18:51 - 41018068 _____ C:\Users\jdog3\Downloads\The Chainsmokers - Don't let Me Down (Zomboy Remix) Projectfile MK2.rar
2016-11-13 18:39 - 2016-11-13 18:40 - 84329305 _____ C:\Users\jdog3\Downloads\TheChainsmokersDontletmedown Project 2.zip
2016-11-12 21:57 - 2016-11-12 21:57 - 00000000 ____D C:\Users\jdog3\AppData\LocalLow\Temp
2016-11-12 21:45 - 2016-11-12 21:46 - 285042543 _____ C:\Users\jdog3\Downloads\Martin Garrix & MOTi - Virus Project File.zip
2016-11-12 21:35 - 2016-11-12 21:35 - 11761212 _____ C:\Users\jdog3\Downloads\Freaks Timmy Trumpet Project.zip
2016-11-12 12:58 - 2016-11-12 12:58 - 35836519 _____ C:\Users\jdog3\Downloads\Timmy Trumpet - Freaks ('Spinnin Launchpad Cover).mp4
2016-11-12 12:57 - 2016-11-12 12:57 - 00394754 _____ C:\Users\jdog3\Downloads\soundboard-1.0b5-win64.ts3_plugin
2016-11-12 12:57 - 2016-11-12 12:57 - 00334311 _____ C:\Users\jdog3\Downloads\soundboard-1.0b5-win32.ts3_plugin
2016-11-11 23:59 - 2016-11-11 23:59 - 00000000 ____D C:\Users\jdog3\Downloads\MEmu Download
2016-11-11 23:58 - 2016-12-04 01:17 - 00000000 ____D C:\Users\jdog3\.MemuHyperv
2016-11-11 23:58 - 2016-11-11 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEmu
2016-11-11 23:58 - 2016-11-11 23:58 - 00000000 ____D C:\Program Files\Microvirt
2016-11-11 23:57 - 2016-11-11 23:57 - 276135480 _____ (Microvirt) C:\Users\jdog3\Downloads\Memu-Setup.exe
2016-11-11 23:05 - 2016-11-11 23:05 - 00098360 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2016-11-11 23:05 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2016-11-11 23:05 - 2016-11-11 23:05 - 00046144 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2016-11-11 23:05 - 2016-11-11 23:05 - 00045632 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2016-11-11 09:32 - 2016-11-11 09:32 - 140329312 _____ C:\Users\jdog3\Downloads\0.9.8.zip
2016-11-11 00:50 - 2016-12-08 16:58 - 00000000 ____D C:\Users\jdog3\.junique
2016-11-11 00:49 - 2016-11-11 00:50 - 00000000 ____D C:\ProgramData\Oracle
2016-11-11 00:49 - 2016-11-11 00:49 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-11 00:49 - 2016-11-11 00:49 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Sun
2016-11-11 00:49 - 2016-11-11 00:49 - 00000000 ____D C:\Users\jdog3\AppData\LocalLow\Sun
2016-11-11 00:49 - 2016-11-11 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-11 00:49 - 2016-11-11 00:49 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-11 00:48 - 2016-12-08 16:58 - 00000000 ____D C:\Program Files (x86)\ArmA3Sync
2016-11-11 00:48 - 2016-11-11 00:48 - 00737344 _____ (Oracle Corporation) C:\Users\jdog3\Downloads\JavaSetup8u111.exe
2016-11-11 00:48 - 2016-11-11 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArmA3Sync
2016-11-11 00:47 - 2016-11-11 00:48 - 03591433 _____ C:\Users\jdog3\Downloads\ArmA3Sync-launcher-and-addons-synchronization-version-1.5.80.7z
2016-11-10 23:51 - 2016-11-29 18:47 - 00000000 ____D C:\Temp
2016-11-10 22:25 - 2016-11-10 22:25 - 19492933 _____ C:\Users\jdog3\Downloads\Skrillex - Bangarang.zip
2016-11-10 20:52 - 2016-11-20 21:10 - 00000000 ____D C:\Windows\Minidump
2016-11-10 20:38 - 2016-11-10 20:38 - 00000436 _____ C:\Users\jdog3\Documents\tbackup.reg
2016-11-10 20:22 - 2016-11-10 20:22 - 00000861 _____ C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2016-11-10 20:18 - 2016-11-10 20:19 - 968497481 _____ C:\Users\jdog3\Downloads\Ableton Live 9 Suite 9.6.1 + Crack WIN x64 - softasm.com.rar
2016-11-10 20:16 - 2016-11-10 20:16 - 17380801 _____ C:\Users\jdog3\Downloads\Ableton Live 9 Suite with CRACK Serial Key.rar
2016-11-10 20:15 - 2016-11-10 20:31 - 00000000 ____D C:\Users\jdog3\Documents\Ableton
2016-11-10 19:52 - 2016-11-10 19:52 - 00000000 ____D C:\Users\jdog3\AppData\Local\Dxtory Software
2016-11-10 19:51 - 2016-11-10 19:51 - 03381528 _____ (ExKode Co. Ltd. ) C:\Users\jdog3\Downloads\Dxtory v2.0.127.exe
2016-11-10 19:51 - 2016-11-10 19:51 - 00000184 _____ C:\Users\jdog3\Downloads\Dxtory License (2.0.127).dxtorylic
2016-11-10 19:51 - 2016-11-10 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2016-11-10 19:51 - 2016-11-10 19:51 - 00000000 ____D C:\Program Files (x86)\ExKode
2016-11-10 19:51 - 2014-06-08 22:14 - 02610736 _____ (ExKode Co. Ltd.) C:\Windows\system32\DxtoryCodec.dll
2016-11-10 19:51 - 2014-06-08 22:14 - 02508336 _____ (ExKode Co. Ltd.) C:\Windows\SysWOW64\DxtoryCodec.dll
2016-11-10 16:55 - 2016-12-04 02:24 - 00000000 ____D C:\Users\jdog3\Documents\My Games
2016-11-10 16:55 - 2016-11-10 16:55 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-11-10 16:55 - 2016-11-10 16:55 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-11-10 16:55 - 2016-11-10 16:55 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-11-10 16:55 - 2016-11-10 16:55 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-11-10 16:55 - 2016-11-10 16:55 - 00000000 ____D C:\ProgramData\Codemasters
2016-11-10 16:55 - 2016-11-10 16:55 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-11-09 20:31 - 2016-11-09 20:31 - 00003342 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-11-09 20:30 - 2016-12-05 15:50 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Skype
2016-11-09 14:56 - 2016-11-09 23:22 - 00000000 ____D C:\NST
2016-11-09 14:54 - 2016-12-08 20:32 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{84D1FA24-F7A1-407E-B055-9D3BD7D121B3}
2016-11-09 14:54 - 2016-11-09 14:54 - 00040960 _____ C:\Users\jdog3\Documents\EasyBCD Backup (2016-11-09).bcd
2016-11-09 14:54 - 2016-11-09 14:54 - 00000000 ____D C:\Users\jdog3\AppData\Local\NeoSmart_Technologies
2016-11-09 14:54 - 2016-11-09 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2016-11-09 14:54 - 2016-11-09 14:54 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2016-11-09 14:53 - 2016-11-09 14:53 - 02264033 _____ C:\Users\jdog3\Downloads\EasyBCD.2.3.0.207.kuyhAa.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-09 18:04 - 2016-11-08 17:33 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-12-09 15:23 - 2016-11-08 17:58 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\TS3Client
2016-12-09 14:42 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-09 14:42 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2016-12-08 23:10 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-08 22:06 - 2016-11-08 19:42 - 00000000 ____D C:\Users\jdog3\AppData\Local\Arma 3 Launcher
2016-12-08 22:06 - 2016-11-08 17:42 - 00000000 ____D C:\Users\jdog3
2016-12-08 19:13 - 2016-11-08 20:19 - 00000000 ____D C:\Users\jdog3\AppData\Local\Arma 3
2016-12-07 23:49 - 2016-11-08 17:33 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-07 23:49 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2016-12-07 23:30 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-07 22:07 - 2016-11-08 19:39 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-12-07 08:07 - 2016-11-08 17:45 - 01408244 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-06 20:52 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2016-12-06 18:44 - 2016-11-08 20:21 - 00000000 ____D C:\Users\jdog3\Documents\Arma 3 - Other Profiles
2016-12-04 02:50 - 2016-11-08 18:13 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-04 01:23 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-01 23:50 - 2016-11-08 17:42 - 00000000 ____D C:\Users\jdog3\AppData\Local\Packages
2016-11-30 17:31 - 2016-11-08 19:42 - 00000000 ____D C:\Users\jdog3\AppData\Local\Bohemia_Interactive
2016-11-30 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2016-11-29 18:47 - 2016-11-08 17:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-29 18:47 - 2016-11-08 17:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-29 18:46 - 2016-11-08 17:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-29 18:45 - 2015-07-13 23:45 - 20417200 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-29 18:45 - 2015-07-13 23:45 - 13675584 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-29 18:45 - 2015-07-13 23:45 - 03825688 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-29 18:45 - 2015-07-13 23:45 - 00563856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-29 18:45 - 2015-07-13 23:45 - 00040084 _____ C:\Windows\system32\nvinfo.pb
2016-11-29 18:44 - 2015-04-16 22:03 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-11-29 18:44 - 2015-04-16 10:19 - 01588688 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-11-29 16:09 - 2016-11-08 17:32 - 00202680 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-27 11:59 - 2016-11-08 17:58 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-11-21 18:31 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\rescache
2016-11-20 10:12 - 2016-11-08 17:58 - 00000000 ____D C:\Users\jdog3\AppData\Local\Overwolf
2016-11-19 18:29 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2016-11-14 17:08 - 2016-11-08 17:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 23:59 - 2016-11-08 18:03 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\NVIDIA
2016-11-10 20:30 - 2016-11-08 19:50 - 00000000 ____D C:\ProgramData\Ableton
2016-11-10 20:29 - 2016-11-08 19:56 - 00000000 ____D C:\Users\jdog3\AppData\Roaming\Ableton
2016-11-09 20:31 - 2016-11-08 17:45 - 00002367 _____ C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-09 20:31 - 2016-11-08 17:45 - 00000000 ___RD C:\Users\jdog3\OneDrive
2016-11-09 12:21 - 2016-11-08 19:45 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-11-09 12:04 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\appcompat
2016-11-09 12:01 - 2016-11-08 17:43 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 11:57 - 2016-11-08 17:52 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-09 11:57 - 2016-11-08 17:52 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
 
==================== Files in the root of some directories =======
 
2016-12-04 01:23 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\jdog3\AppData\Local\TroubleshooterConfig.json
2016-11-29 18:51 - 2016-11-29 18:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-07 18:11
 
==================== End of FRST.txt ============================
 
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by jdog3 (09-12-2016 18:11:10)
Running from C:\Users\jdog3\Desktop
Windows 10 Home Version 1607 (X64) (2016-11-08 22:39:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4288253323-1802736211-3084792629-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4288253323-1802736211-3084792629-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4288253323-1802736211-3084792629-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4288253323-1802736211-3084792629-501 - Limited - Disabled)
jdog3 (S-1-5-21-4288253323-1802736211-3084792629-1001 - Administrator - Enabled) => C:\Users\jdog3
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.)
A3Launcher version 0.1.4.5 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.4.5 - Maca134)
Ableton Live 9 Lite (HKLM\...\{F32EA031-9333-44DD-AE45-31B9C4DBF398}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{B1F5B498-3186-442A-8AA6-AA7FCBC1116C}) (Version: 9.0.0.0 - Ableton)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM\...\Steam App 219540) (Version:  - )
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA3Sync 1.5.80 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.80 - The [S.o.E] team)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.7302 - BlueStack Systems, Inc.)
DayZ SA version 0.60.133.913 (HKLM-x32\...\DayZ SA_is1) (Version: 0.60.133.913 - DankDayZ)
Discord (HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
DZLauncher version 0.1.4.5 (HKLM-x32\...\{1E299AE2-74C8-4CD8-6B17-A86E0ED3C4D2}_is1) (Version: 0.1.4.5 - Maca134)
EaseUS Partition Master 11.8 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gyazo 3.2.7 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Light Image Resizer 5.0.2.0 (HKLM-x32\...\{D5C093E0-D3DF-42D3-AFD6-CAAFB6985CBC}_is1) (Version: 5.0.2.0 - ObviousIdea)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 2.8.6.0 - Microvirt)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 driver (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.19.0) (Version: 4.0.19.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.19.0 - Locktime Software) Hidden
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
Novation USB Audio Driver 2.7 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.7 - Novation DMS Ltd.)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 41.0.2353.69 (HKLM-x32\...\Opera 41.0.2353.69) (Version: 41.0.2353.69 - Opera Software)
Oracle VM VirtualBox 5.1.10 (HKLM\...\{57682F33-488A-4065-8255-C3681A2B6F4E}) (Version: 5.1.10 - Oracle Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.100.9.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
ROBLOX Player for jdog3 (HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
RogueKiller version 12.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.4.0 - Adlice Software)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.103 - Skype Technologies S.A.)
Software Lag Switch (HKLM-x32\...\{6EC29D9E-F229-4B07-AF22-7018AD29DAF0}) (Version: 1.2 - softwarelagswitch.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.1.0 - UMEZAWA Takeshi)
VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinDirStat 1.1.2 (HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\WinDirStat) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.2.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.2 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4288253323-1802736211-3084792629-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\jdog3\AppData\Local\Roblox\Versions\version-c2285b6f3d724119\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {024684D7-DFBB-4B50-B0B2-4B3637F3FC78} - System32\Tasks\Opera scheduled Autoupdate 1479959402 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
Task: {32232F75-72AA-4290-A3CE-C22CFB02E8A9} - System32\Tasks\InternetCB => Chrome.exe hxxp://newnewstodays.net/rivalm
Task: {45F1F5AF-955F-404F-B4B2-C2C57FB61390} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-10-26] ()
Task: {66F30C65-5C1C-4FDC-AA92-041EF5877F5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.)
Task: {6CE24B15-BAE6-4F4E-A2CD-055DBF9530CA} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-11-23] (Overwolf LTD)
Task: {80FC07E1-3831-4674-8713-056B692ED6D1} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-10-26] ()
Task: {823B7952-350C-436F-905C-424B9DF92EE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {8E4650BF-2C3E-4CC1-A4BA-1B1A6499BEFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.)
Task: {CF0235AD-85CB-4DF3-8889-154326E28726} - \Windows System Services -> No File <==== ATTENTION
Task: {D87668D4-9C4C-43E2-B837-381B75AE01A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {EAC358B1-7BD1-475D-BAE7-8687A2B453FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {EC5ADBC3-C1EF-4704-82CF-39F32DA41A7B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\jdog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\NinkiWallet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojjnofoknpfkbbamkfililnkoeoiohih
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-30 14:38 - 2014-08-18 17:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2016-11-11 23:20 - 2016-11-11 23:20 - 12472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-07-20 10:34 - 2015-07-20 10:34 - 00012288 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-11-08 21:53 - 2016-09-15 12:25 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-11-08 17:44 - 2016-07-10 17:58 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 21:53 - 2016-09-15 12:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-08 21:53 - 2016-09-15 12:25 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-11-09 20:30 - 2016-11-09 20:30 - 01864384 _____ () C:\Users\jdog3\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-11-08 21:55 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 22:12 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-14 17:08 - 2016-11-08 16:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 17:08 - 2016-11-08 16:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-29 11:39 - 2014-11-18 14:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
2016-04-05 20:33 - 2016-04-05 20:33 - 12096456 _____ () C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\Index\Ableton Index.exe
2016-11-22 15:02 - 2016-11-22 15:02 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-22 15:02 - 2016-11-22 15:02 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-11-08 18:12 - 2016-11-08 18:12 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-22 15:02 - 2016-11-22 15:02 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-22 15:02 - 2016-11-22 15:02 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-11-08 22:10 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 22:10 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 22:10 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 22:10 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 22:10 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 22:10 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-29 16:41 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-11-29 16:41 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-11-29 16:41 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-11-30 14:38 - 2015-02-26 20:19 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-07-20 10:34 - 2015-07-20 10:34 - 00073728 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2016-11-30 15:56 - 2016-09-07 22:14 - 00784672 _____ () J:\Steam\SDL2.dll
2016-11-30 15:56 - 2016-08-31 20:02 - 04969248 _____ () J:\Steam\v8.dll
2016-11-30 15:56 - 2016-10-12 20:58 - 02321696 _____ () J:\Steam\video.dll
2016-11-30 15:56 - 2016-01-27 02:49 - 02549760 _____ () J:\Steam\libavcodec-56.dll
2016-11-30 15:56 - 2016-01-27 02:49 - 00491008 _____ () J:\Steam\libavformat-56.dll
2016-11-30 15:56 - 2016-01-27 02:49 - 00332800 _____ () J:\Steam\libavresample-2.dll
2016-11-30 15:56 - 2016-01-27 02:49 - 00442880 _____ () J:\Steam\libavutil-54.dll
2016-11-30 15:56 - 2016-01-27 02:49 - 00485888 _____ () J:\Steam\libswscale-3.dll
2016-11-30 15:56 - 2016-08-31 20:02 - 01563936 _____ () J:\Steam\icui18n.dll
2016-11-30 15:56 - 2016-08-31 20:02 - 01195296 _____ () J:\Steam\icuuc.dll
2016-11-30 15:56 - 2016-10-12 20:58 - 00836896 _____ () J:\Steam\bin\chromehtml.DLL
2016-11-30 15:56 - 2016-07-04 17:17 - 00266560 _____ () J:\Steam\openvr_api.dll
2016-11-29 11:39 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\traynet.dll
2016-11-29 11:39 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\libcurl.dll
2016-11-29 11:39 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\zlib1.dll
2016-11-29 11:39 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\uexper.dll
2016-11-30 15:56 - 2016-08-04 15:56 - 49825056 _____ () J:\Steam\bin\cef\cef.winxp\libcef.dll
2016-11-30 15:56 - 2015-09-24 18:52 - 00119208 _____ () J:\Steam\winh264.dll
2016-11-29 16:41 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-11-29 16:41 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-12-07 15:36 - 00000830 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jdog3\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{84011bc4-1dd9-461a-bf6d-2a73feb737e1}.png
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\StartupApproved\Run: => "Advanced SystemCare 10"
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\StartupApproved\Run: => "skypefile"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{0FCD5292-83C5-44FE-9607-22E46504DEC0}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B96B0FE-2F70-4BDA-BE46-B8A573476585}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{0D0D701B-D85F-4C27-843D-69F34980613C}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{CF014E42-6E7F-4B5E-84D4-353C8BCC1CD7}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{767F9C7B-7F27-4F3F-BA22-C072B23966CF}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5513C0B1-7471-4D2C-9E7A-EAE1448B4F39}] => C:\Users\jdog3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{89519EC0-80B8-489B-8264-BA61BB6C933D}] => C:\Users\jdog3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{50C96D0B-2DE8-4CD0-BD16-585E4BDA7AFF}] => C:\Users\jdog3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7885BCA3-2815-470A-8A2D-D8ECCA427400}] => C:\Users\jdog3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{694EF594-AABA-4DB1-8FFF-332C12C97F76}] => C:\Users\jdog3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8BCD98CD-9ACA-460E-A2EC-425AFE24E3DF}] => C:\Users\jdog3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40F87109-2F22-4826-BC16-2CCD9BA84331}] => C:\Program Files (x86)\DayZ SA\DayZ Launcher.exe
FirewallRules: [{3EEF1365-8029-4AB1-80EC-D9B03F3B519B}] => C:\Program Files (x86)\DayZ SA\DayZ Launcher.exe
FirewallRules: [{281095CD-D773-4A0F-9D13-988AFCBF6B2C}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{99BC4363-3909-4372-AF41-F791C53D7CC4}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{34A9BBA6-85BC-45D0-869B-CC13624B3033}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{33370514-318A-496E-A2A0-D4A3BF5091E5}] => C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{0E452D43-346E-488A-8685-9D1C7133C9B1}] => C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{58715EAF-6EF0-4F1F-A53D-5F0B2FDC18AA}] => C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{403AF64C-139A-4793-B78B-7D896E1D2DC0}] => C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{199972A6-C4BE-4AC5-B62A-4F9B3F3AF3CC}] => C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{12DAB382-EFF2-4CC7-909A-DAFD84BA9497}] => C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [TCP Query User{155F0651-9181-4E2F-9BB5-C5C727F09E6C}C:\program files (x86)\dayz sa\dayz.exe] => C:\program files (x86)\dayz sa\dayz.exe
FirewallRules: [UDP Query User{CCD89C03-D572-4726-AC33-156F9EE9FEAA}C:\program files (x86)\dayz sa\dayz.exe] => C:\program files (x86)\dayz sa\dayz.exe
FirewallRules: [TCP Query User{E679954B-A981-4F1C-ABA8-2BABC5B986BE}C:\users\jdog3\desktop\ddos tools\epic hackpack\ddos tools\ddvniek's hacker toolbox 1.2\ddvniek's hacker toolbox 1.2.exe] => C:\users\jdog3\desktop\ddos tools\epic hackpack\ddos tools\ddvniek's hacker toolbox 1.2\ddvniek's hacker toolbox 1.2.exe
FirewallRules: [UDP Query User{2F2BC627-99E2-4089-94B8-813484080478}C:\users\jdog3\desktop\ddos tools\epic hackpack\ddos tools\ddvniek's hacker toolbox 1.2\ddvniek's hacker toolbox 1.2.exe] => C:\users\jdog3\desktop\ddos tools\epic hackpack\ddos tools\ddvniek's hacker toolbox 1.2\ddvniek's hacker toolbox 1.2.exe
FirewallRules: [{29B725F3-C638-4D22-9055-7B06B53CCBF9}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{59CAEB70-837C-4EFD-AF62-7953AFB143BA}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{5CF06265-C0F9-4F22-94B4-D809ADB09741}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{0DACEC5D-7DDC-448D-8531-03DB8F892610}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{0844B5AF-5706-4864-82C0-35424F607166}C:\users\jdog3\appdata\local\temp\darkcomet.exe] => C:\users\jdog3\appdata\local\temp\darkcomet.exe
FirewallRules: [UDP Query User{1E058F9E-38D5-4023-811B-E37532AEFE95}C:\users\jdog3\appdata\local\temp\darkcomet.exe] => C:\users\jdog3\appdata\local\temp\darkcomet.exe
FirewallRules: [{B38A6A05-7A40-4A5F-9FC6-9327DCFF6C1C}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{0EFDD559-3B71-4FDA-9CE5-1BACB0CCE027}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{3DB0974C-2340-40C4-A56F-E9CB0375FE40}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{E3554EDB-6360-467A-9EF2-E682CED3C28E}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{CF575EA1-5ECA-4C35-8CD2-9AB8253D1A48}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{BC5AAE45-AB22-4CD0-857C-67729CF8AD35}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{F8DB7C89-E661-4B8D-9C70-64EEEF4BDC41}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{359A850A-8397-4C79-965F-C3EE40A61397}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{69701FC8-C86D-41C9-AC50-4B6F0FAF699B}] => J:\Steam\Steam.exe
FirewallRules: [{729FA1A3-DC49-4B08-A47C-1031C06CF55C}] => J:\Steam\Steam.exe
FirewallRules: [{163C9EC4-B4B6-4E38-A75B-10CD41FEB909}] => J:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{6104C5B8-C94F-42F2-9140-C1F0D4EF4FE1}] => J:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{CC52DDBB-1A3D-4B6E-B0B5-ABBEE92B2001}] => J:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{A4D71058-854D-4454-9E47-E5EBCEDFEA63}] => J:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{44677118-F535-4A74-A151-86AA234C048B}] => J:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{EF0B97C3-DCC2-4541-B01D-EDF46E7A83A1}] => J:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{012CBFD1-797D-42DF-91D2-4FEBF0A19043}] => C:\Steamgames\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{2ED86823-CDE7-42A0-8933-939D0474D0D7}] => C:\Steamgames\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{ABB5623A-D0EB-4B31-BFA1-D791730E0AE5}] => %USERPROFILE%\Desktop\SpyHunterPo+FullCracked+LatestVersion\App\SpyHunter\SpyHunter4.exe
 
==================== Restore Points =========================
 
29-11-2016 18:43:31 Driver Booster : High Definition Audio Device
07-12-2016 03:12:02 Scheduled Checkpoint
07-12-2016 21:47:00 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2016 02:37:17 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for J:\Steam\bin\steamwebhelper.exe
 
Error: (12/08/2016 05:28:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 54.0.2840.99, time stamp: 0x582209d1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.321, time stamp: 0x57f4c4f0
Exception code: 0xe0000008
Fault offset: 0x0000000000017788
Faulting process id: 0x191c
Faulting application start time: 0x01d251a25653d24c
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 485ce6ce-8d4c-4f46-bb3b-44f8b964a405
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/08/2016 02:33:25 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for J:\Steam\bin\steamwebhelper.exe
 
Error: (12/07/2016 11:32:06 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
 
Error: (12/07/2016 11:30:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: NetEventPacketCapture.dll, version: 10.0.14393.206, time stamp: 0x57dacea5
Exception code: 0xc0000005
Fault offset: 0x00000000000160d3
Faulting process id: 0x185c
Faulting application start time: 0x01d2510bc3a75d86
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\system32\wbem\NetEventPacketCapture.dll
Report Id: 70da4626-e6c8-4de3-93db-915265dc9a0b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2016 10:53:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/07/2016 10:53:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/07/2016 10:21:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/07/2016 10:21:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/07/2016 10:21:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {df5b798f-bf2f-4161-8d8c-78ff85d8a01a}
 
 
System errors:
=============
Error: (12/09/2016 02:36:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/08/2016 02:34:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 10 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/08/2016 02:32:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 11:48:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/07/2016 11:08:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/07/2016 11:08:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/07/2016 11:08:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/07/2016 11:08:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/07/2016 11:08:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/07/2016 10:26:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NetLimiter 4 Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-11-20 14:56:44.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.99.218.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-11-13 16:16:34.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.99.11.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4300 Quad-Core Processor 
Percentage of memory in use: 78%
Total physical RAM: 8189.55 MB
Available physical RAM: 1724.05 MB
Total Virtual: 10877.55 MB
Available Virtual: 4088.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:798.25 GB) (Free:649.05 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (New Volume) (Fixed) (Total:0.39 GB) (Free:0.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (y) (Fixed) (Total:130.91 GB) (Free:130.6 GB) NTFS
Drive i: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS
Drive j: (JJ) (Fixed) (Total:595.2 GB) (Free:541.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DD0C1A34)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=798.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.8 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D5118F72)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=298 GB) - (Type=42)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1FDE214B)
Partition 1: (Not Active) - (Size=297.7 GB) - (Type=42)
Partition 2: (Active) - (Size=398 MB) - (Type=42)
Partition 3: (Not Active) - (Size=1368 KB) - (Type=42)
 
==================== End of Addition.txt ============================
 
 
Mod Edit
Moved to Malware logs from Am I Infected due to FRST logs.
 
NickAu

Edited by NickAu, 09 December 2016 - 10:05 PM.
Add mod edit


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 10 December 2016 - 09:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\Run: [skypefile] => C:\Users\jdog3\AppData\Roaming\skypefiles\skypeproc.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
S3 aswVmm; \??\C:\Users\jdog3\AppData\Local\Temp\aswVmm.sys [X]
Task: {CF0235AD-85CB-4DF3-8889-154326E28726} - \Windows System Services -> No File <==== ATTENTION
C:\Users\jdog3\AppData\Roaming\skypefiles
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

#3 jdog31804

jdog31804
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 11 December 2016 - 03:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\Run: [skypefile] => C:\Users\jdog3\AppData\Roaming\skypefiles\skypeproc.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
S3 aswVmm; \??\C:\Users\jdog3\AppData\Local\Temp\aswVmm.sys [X]
Task: {CF0235AD-85CB-4DF3-8889-154326E28726} - \Windows System Services -> No File <==== ATTENTION
C:\Users\jdog3\AppData\Roaming\skypefiles
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

 

Didn't fix it

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by jdog3 (11-12-2016 02:46:56) Run:2
Running from C:\Users\jdog3\Desktop\far
Loaded Profiles: jdog3 (Available Profiles: defaultuser0 & jdog3)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\...\Run: [skypefile] => C:\Users\jdog3\AppData\Roaming\skypefiles\skypeproc.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
S3 aswVmm; \??\C:\Users\jdog3\AppData\Local\Temp\aswVmm.sys [X]
Task: {CF0235AD-85CB-4DF3-8889-154326E28726} - \Windows System Services -> No File <==== ATTENTION
C:\Users\jdog3\AppData\Roaming\skypefiles
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4288253323-1802736211-3084792629-1001\Software\Microsoft\Windows\CurrentVersion\Run\\skypefile => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
aswVmm => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF0235AD-85CB-4DF3-8889-154326E28726}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF0235AD-85CB-4DF3-8889-154326E28726}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows System Services" => key removed successfully
"C:\Users\jdog3\AppData\Roaming\skypefiles" => not found.
"C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 3048541 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40496797 B
Java, Flash, Steam htmlcache => 80660276 B
Windows/system/drivers => 60854 B
Edge => 126470 B
Chrome => 433190853 B
Firefox => 6862117 B
Opera => 11800288 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 7548 B
NetworkService => 54280 B
defaultuser0 => 128 B
jdog3 => 96903320 B
 
RecycleBin => 167243431 B
EmptyTemp: => 801.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 02:47:41 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 11 December 2016 - 08:57 AM

Please run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 17 December 2016 - 08:54 AM

Are you still with me?

#6 jdog31804

jdog31804
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 17 December 2016 - 01:22 PM

Yea

 

Are you still with me?

. I didn't see you're message. 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 18 December 2016 - 08:27 AM

Run the Zoek tool and give me feedback on how the computer is running.

#8 jdog31804

jdog31804
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 18 December 2016 - 09:38 AM

Run the Zoek tool and give me feedback on how the computer is running.

So far it's working better no ads yet. 

 

 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by jdog3 on Sun 12/18/2016 at  1:31:25.77.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jdog3\Desktop\zoek (1).exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2016-12-08-193304.log 9218 bytes
 
==== System Restore Info ======================
 
12/18/2016 1:32:37 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Razer deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} deleted successfully
C:\Users\jdog3\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-4288253323-1802736211-3084792629-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{634DBD43-9899-40DE-97E4-539183BDAD7D} deleted successfully
HKEY_USERS\S-1-5-21-4288253323-1802736211-3084792629-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F21D393-D1C7-408D-BE51-81A196304ADC} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Added to C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Razer not found
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} not found
C:\PROGRA~2\VstPlugins deleted
C:\Users\jdog3\AppData\Roaming\discord deleted
C:\install.exe deleted
C:\PROGRA~3\ProductData deleted
C:\END deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default
- HackBar - %ProfilePath%\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default
6AA7BCD40ED4F133D4ACC4F7B337674E - C:\Users\jdog3\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\NPRobloxProxy.dll - Roblox Launcher Plugin
5CC69A389B56347B51416671B31859AC - C:\Users\jdog3\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\NPRobloxProxy64.dll - Roblox Launcher Plugin
 
 
==== Chromium Look ======================
 
 
Material Simple Dark Grey - jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm
Chrome Media Router - jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bh-cdn.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bh-cdn.com_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ram-idle-le.en.softonic.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ram-idle-le.en.softonic.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6KEU8TQO will be deleted at reboot
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6YK0BYYG will be deleted at reboot
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\KD4KZADG will be deleted at reboot
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\LG7C4TLI will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\jdog3\AppData\Local\Mozilla\Firefox\Profiles\n6naw4w5.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\jdog3\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=208 folders=79 80062404 bytes)
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\jdog3\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6KEU8TQO" not found
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6YK0BYYG" not found
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\KD4KZADG" not found
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\LG7C4TLI" not found
 
==== EOF on Sun 12/18/2016 at  9:31:05.39 ======================


#9 jdog31804

jdog31804
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 18 December 2016 - 09:57 AM

 

Run the Zoek tool and give me feedback on how the computer is running.

So far it's working better no ads yet. 

 

 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by jdog3 on Sun 12/18/2016 at  1:31:25.77.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jdog3\Desktop\zoek (1).exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2016-12-08-193304.log 9218 bytes
 
==== System Restore Info ======================
 
12/18/2016 1:32:37 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Razer deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} deleted successfully
C:\Users\jdog3\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-4288253323-1802736211-3084792629-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{634DBD43-9899-40DE-97E4-539183BDAD7D} deleted successfully
HKEY_USERS\S-1-5-21-4288253323-1802736211-3084792629-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F21D393-D1C7-408D-BE51-81A196304ADC} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Added to C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Razer not found
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} not found
C:\PROGRA~2\VstPlugins deleted
C:\Users\jdog3\AppData\Roaming\discord deleted
C:\install.exe deleted
C:\PROGRA~3\ProductData deleted
C:\END deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default
- HackBar - %ProfilePath%\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\jdog3\AppData\Roaming\Mozilla\Firefox\Profiles\n6naw4w5.default
6AA7BCD40ED4F133D4ACC4F7B337674E - C:\Users\jdog3\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\NPRobloxProxy.dll - Roblox Launcher Plugin
5CC69A389B56347B51416671B31859AC - C:\Users\jdog3\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\NPRobloxProxy64.dll - Roblox Launcher Plugin
 
 
==== Chromium Look ======================
 
 
Material Simple Dark Grey - jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm
Chrome Media Router - jdog3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bh-cdn.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bh-cdn.com_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ram-idle-le.en.softonic.com_0.localstorage deleted successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ram-idle-le.en.softonic.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6KEU8TQO will be deleted at reboot
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6YK0BYYG will be deleted at reboot
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\KD4KZADG will be deleted at reboot
C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\LG7C4TLI will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\jdog3\AppData\Local\Mozilla\Firefox\Profiles\n6naw4w5.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\jdog3\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\jdog3\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=208 folders=79 80062404 bytes)
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\jdog3\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6KEU8TQO" not found
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\6YK0BYYG" not found
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\KD4KZADG" not found
"C:\Users\jdog3\AppData\Local\Microsoft\Windows\INetCache\IE\LG7C4TLI" not found
 
==== EOF on Sun 12/18/2016 at  9:31:05.39 ======================

 

It's back again ads are here. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 18 December 2016 - 01:58 PM

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Keep me posted.

#11 jdog31804

jdog31804
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 18 December 2016 - 08:14 PM

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Keep me posted.

Didn't Work. Still ads 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 19 December 2016 - 09:57 AM



Check if there is an extension with the “Installed by enterprise policy” text

Refer to this topic.
https://malwaretips.com/blogs/installed-enterprise-policy-removal/

If you do then please let me know the name and the ID string that you will find.
---


If connected via Wfi to a router it might just be that the router is compromised.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#13 jdog31804

jdog31804
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 19 December 2016 - 10:45 AM

Check if there is an extension with the “Installed by enterprise policy” text

Refer to this topic.
https://malwaretips.com/blogs/installed-enterprise-policy-removal/

If you do then please let me know the name and the ID string that you will find.
---


If connected via Wfi to a router it might just be that the router is compromised.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

No installed by enterprise policy extension, but router isn't compromised no one else gets ad's ad their connected to the router. if its just local anyway i can scan my router? P.S. I'm connected through Ethernet to it.


Edited by jdog31804, 19 December 2016 - 10:46 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 20 December 2016 - 09:31 AM

Can you bypass the router and connect directly to the modem?

#15 jdog31804

jdog31804
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 21 December 2016 - 04:04 PM

Can you bypass the router and connect directly to the modem?

What do you mean how?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users