Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help me Diagnose this, Thanks in advance


  • This topic is locked This topic is locked
4 replies to this topic

#1 TheRightAccount

TheRightAccount

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 01 July 2014 - 05:51 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:51:08, on 01/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EMET 4.1\EMET_Agent.exe
C:\Program Files\1Password\Agile1pAgent.exe
C:\Program Files\Hotspot Shield\bin\hsscp.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Users\Iyke\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Cloudfogger\Cloudfogger.exe
C:\Program Files\Cloudfogger\Cloudfogger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Users\Iyke\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Yealt - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\system32\yealt.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ͬ²½Ò»¼ü°²×°Ö§³Ö - {F72C8153-7140-4FEE-8F69-CA4579D71195} - C:\Program Files\Tongbu\Addin\tbIEAddin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EMET 4.1 Update 1 Agent] "C:\Program Files\EMET 4.1\EMET_agent.exe"
O4 - HKLM\..\Run: [Agile1pAgent] C:\Program Files\1Password\Agile1pAgent.exe
O4 - HKLM\..\Run: [ShazzleMailClient] C:\Program Files\Shazzle\ShazzleMailClient\ShazzleMailClient.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Iyke\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [pronto] "C:\Program Files\Blackboard\Blackboard IM\blackboardim.exe"
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Cloudfogger] "C:\Program Files\Cloudfogger\Cloudfogger.exe" --silent --autostart
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - Startup: Dropbox.lnk = Iyke\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O9 - Extra 'Tools' menuitem: 1Password    Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: 1Password (Agile1Password) - AgileBits - C:\Program Files\1Password\Agile1pService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: PostgreSQL-9.1 (Postgresql-9.1) - PostgreSQL Global Development Group - C:\Program Files\AccessData\PostgreSQL\9.1\bin\pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: vToolbarUpdater18.1.7 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe

--
End of file - 12452 bytes
 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:20 PM

Posted 05 July 2014 - 10:58 AM

Hello and welcome to Bleeping Computer,
 
Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 TheRightAccount

TheRightAccount
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 06 July 2014 - 04:35 PM

​Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Iyke (administrator) on AU-PC on 06-07-2014 22:20:42
Running from C:\Users\Iyke\Downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AgileBits) C:\Program Files\1Password\Agile1pService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla server.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(PostgreSQL Global Development Group) C:\Program Files\AccessData\PostgreSQL\9.1\bin\postgres.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\AccessData\PostgreSQL\9.1\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\AccessData\PostgreSQL\9.1\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\AccessData\PostgreSQL\9.1\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\AccessData\PostgreSQL\9.1\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\AccessData\PostgreSQL\9.1\bin\postgres.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(AgileBits) C:\Program Files\1Password\Agile1pAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(VMware, Inc.) I:\Vmware\vmplayer.exe
(VMware, Inc.) I:\Vmware\vmware-authd.exe
(VMware, Inc.) I:\Vmware\vmware-unity-helper.exe
(VMware, Inc.) I:\Vmware\vmware-vmx.exe
(VMware, Inc.) I:\Vmware\vprintproxy.exe
(Shazzle, LLC) C:\Program Files\Shazzle\ShazzleMailClient\ShazzleMailClient.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-03] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Agile1pAgent] => C:\Program Files\1Password\Agile1pAgent.exe [2214664 2013-02-12] (AgileBits)
HKLM\...\Run: [ShazzleMailClient] => C:\Program Files\Shazzle\ShazzleMailClient\ShazzleMailClient.exe [4409792 2014-06-06] (Shazzle, LLC)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508144 2014-05-31] (QFX Software Corporation)
HKLM\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files\EMET 4.1\EMET_agent.exe [88272 2014-05-28] (Microsoft Corporation)
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [Akamai NetSession Interface] => "C:\Users\Iyke\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [pronto] => "C:\Program Files\Blackboard\Blackboard IM\blackboardim.exe"
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [3123744 2013-05-23] (Disc Soft Ltd)
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [Cloudfogger] => C:\Program Files\Cloudfogger\Cloudfogger.exe [7173456 2013-02-25] (Cloudfogger GmbH)
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [GarenaPlus] => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\MountPoints2: {23cdad34-7c8d-11e1-9ecd-705ab6d1db5b} - E:\AutoInstall.exe
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\MountPoints2: {87f6a50a-e085-11e2-bdf0-705ab6d1db5b} - H:\Autorun.exe
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\MountPoints2: {e1904ed3-4937-11e2-b5b5-705ab6d1db5b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1017397317-292039383-3600675228-1004\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Iyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Iyke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  0Cloudfogger -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  1Cloudfogger -> {14A3EC74-D852-416A-9691-AC3096EE1953} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  2Cloudfogger -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFBC585A4B256CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie
URLSearchHook: HKCU - (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} -  No File
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={575C7AF2-9F67-49DB-A6F6-96BC69732458}&mid=54e9c8831bb247d1b8cea113f03532a8-087b96e90489116a2561d00fb383aa210e3efc55&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-30 11:16:25&v=18.1.7.598&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {08B5E300-F992-43F1-84AB-39271C7104D7} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={575C7AF2-9F67-49DB-A6F6-96BC69732458}&mid=54e9c8831bb247d1b8cea113f03532a8-087b96e90489116a2561d00fb383aa210e3efc55&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-30 11:16:25&v=18.1.7.598&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Yealt Class - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\system32\yealt.dll (Yealt)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files\1Password\Agile1pIE.dll (AgileBits)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ͬ²½Ò»¼ü°²×°Ö§³Ö - {F72C8153-7140-4FEE-8F69-CA4579D71195} - C:\Program Files\Tongbu\Addin\tbIEAddin.dll (同步网络平台)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: https://duckduckgo.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @t.garena.com/garenatalk - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin: @tongbu.com/tongbu,version=0.1 - C:\Program Files\Tongbu\Addin\npTongbuAddin.dll (同步网络平台)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Iyke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\donottrackplus@abine.com [2014-06-23]
FF Extension: MaskMe - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\idme@abine.com [2014-06-30]
FF Extension: AVG Do Not Track - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} [2014-06-23]
FF Extension: Firebug - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-28]
FF Extension: Ghostery - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\firefox@ghostery.com.xpi [2014-06-23]
FF Extension: MEGA - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\firefox@mega.co.nz.xpi [2014-06-25]
FF Extension: 1Password - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\onepassword@agilebits.com.xpi [2014-06-30]
FF Extension: TrackMeNot - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-07-01]
FF Extension: User Agent Overrider - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\useragentoverrider@qixinglu.com.xpi [2014-07-01]
FF Extension: RefControl - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2014-07-01]
FF Extension: NoScript - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-01]
FF Extension: Adblock Plus - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01]
FF Extension: BetterPrivacy - C:\Users\Iyke\AppData\Roaming\Mozilla\Firefox\Profiles\8jsgblzf.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-07-01]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-06-23]
FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files\SearchPredict\PRFireFox
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SPEEDbit Video Downloader\SPFireFox
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598 [2014-06-03]

========================== Services (Whitelisted) =================

R2 Agile1Password; C:\Program Files\1Password\Agile1pService.exe [768776 2013-02-12] (AgileBits)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2569144 2012-09-06] (WIBU-SYSTEMS AG)
R3 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-05-23] (Disc Soft Ltd)
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R2 NMSAccessU; C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe [71096 2007-10-12] ()
S2 Postgresql-9.1; C:\Program Files\AccessData\PostgreSQL\9.1\bin\pg_ctl.exe [99840 2013-07-19] (PostgreSQL Global Development Group) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [601072 2014-05-29] (Paramount Software UK Ltd)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VMAuthdService; I:\Vmware\vmware-authd.exe [86744 2014-04-14] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-04-14] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-04-14] (VMware, Inc.)
R2 vToolbarUpdater18.1.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-03] (AVG Secure Search)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [25728 2009-12-24] (Google Inc)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-06-03] (AVG Technologies)
R1 cbdisk2; C:\Windows\system32\drivers\cbdisk2.sys [186504 2012-10-17] (EldoS Corporation)
R1 CBFilterFS; C:\Windows\system32\drivers\cbfltfs.sys [115928 2013-01-07] (EldoS Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299528 2012-12-04] (EldoS Corporation)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [185544 2014-01-01] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2014-03-17] (Disc Soft Ltd)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-03-17] (Disc Soft Ltd)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2010-07-16] (CACE Technologies, Inc.)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [108032 2010-02-04] (QUALCOMM Incorporated)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [26456 2014-04-14] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2014-04-14] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2014-04-14] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-04-14] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\DRIVERS\vmusb.sys [32320 2014-02-27] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-04-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxDRV; \??\G:\VirtualBox\Portable-VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys [X]
S2 VBoxUSBMon; \??\G:\VirtualBox\Portable-VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-06 22:20 - 2014-07-06 22:21 - 00026472 _____ () C:\Users\Iyke\Downloads\FRST.txt
2014-07-06 22:20 - 2014-07-06 22:20 - 00000000 ____D () C:\FRST
2014-07-06 22:19 - 2014-07-06 22:19 - 01074688 _____ (Farbar) C:\Users\Iyke\Downloads\FRST.exe
2014-07-06 21:42 - 2014-07-06 21:42 - 00000000 ____H () C:\ProgramData\cm-lock
2014-07-05 22:48 - 2014-07-05 22:48 - 00689141 _____ () C:\Users\Iyke\Downloads\1b-digital data arithmetic.pptx
2014-07-05 12:29 - 2014-07-05 12:29 - 02834946 _____ () C:\Users\Iyke\Downloads\1a-Introduction to module & digital data.pptx
2014-07-04 13:19 - 2014-07-04 13:19 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-04 13:19 - 2014-07-04 13:19 - 00000000 ___RD () C:\Program Files\Skype
2014-07-04 13:19 - 2014-07-04 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-04 13:19 - 2014-07-04 13:19 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-04 11:22 - 2012-03-19 10:28 - 553330517 _____ () C:\Users\Iyke\Downloads\uniq.txt
2014-07-04 11:09 - 2014-07-04 11:21 - 155863572 _____ () C:\Users\Iyke\Downloads\lolwtfhax.rar
2014-07-04 05:27 - 2014-07-04 05:27 - 00111008 _____ () C:\Users\Iyke\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-04 03:02 - 2014-07-06 21:42 - 00000728 _____ () C:\Windows\setupact.log
2014-07-04 03:02 - 2014-07-04 03:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-04 03:01 - 2014-07-04 03:03 - 01760128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-03 22:14 - 2014-07-03 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-07-03 22:14 - 2014-07-03 22:14 - 00000000 ____D () C:\Program Files\EMET 4.1
2014-07-02 20:39 - 2014-07-02 20:39 - 00000000 ____D () C:\Users\Iyke\Documents\Reflect
2014-07-02 18:58 - 2014-07-02 18:58 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-07-02 18:58 - 2014-07-02 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2014-07-02 18:58 - 2014-07-02 18:58 - 00000000 ____D () C:\Program Files\Macrium
2014-07-02 18:39 - 2014-07-02 19:59 - 00000000 ____D () C:\ProgramData\Macrium
2014-07-02 18:39 - 2014-07-02 18:54 - 00000000 ____D () C:\Users\Iyke\Downloads\Macrium
2014-07-02 18:31 - 2014-07-02 18:31 - 02292720 _____ (Paramount Software UK Ltd) C:\Users\Iyke\Downloads\reflectdl.exe
2014-07-02 17:40 - 2014-07-02 17:45 - 00000000 ____D () C:\Users\Iyke\New folder
2014-07-02 17:37 - 2014-07-02 17:37 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-02 09:27 - 2014-07-02 09:27 - 00000747 _____ () C:\Users\Iyke\Desktop\vmplayer - Shortcut.lnk
2014-07-02 09:24 - 2014-07-02 09:24 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\QFX Software
2014-07-02 09:24 - 2014-07-02 09:24 - 00000000 ____D () C:\ProgramData\QFX Software
2014-07-02 01:29 - 2014-07-02 01:29 - 00001216 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-07-02 01:29 - 2014-07-02 01:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1
2014-07-02 01:29 - 2014-07-02 01:29 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2014-07-02 01:29 - 2013-09-30 16:26 - 02881848 _____ () C:\Windows\system32\pwNative.exe
2014-07-02 01:29 - 2013-09-30 16:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2014-07-02 01:29 - 2013-09-30 16:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys
2014-07-02 01:10 - 2014-04-14 16:40 - 00026456 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-07-02 01:10 - 2013-10-08 18:20 - 00063824 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-07-02 01:10 - 2013-10-08 18:20 - 00063568 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-07-02 01:09 - 2014-04-14 16:41 - 00776920 _____ (VMware, Inc.) C:\Windows\system32\vnetlib.dll
2014-07-02 01:09 - 2014-04-14 16:41 - 00437976 _____ (VMware, Inc.) C:\Windows\system32\vmnat.exe
2014-07-02 01:09 - 2014-04-14 16:41 - 00359128 _____ (VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
2014-07-02 01:09 - 2014-04-14 16:41 - 00026968 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-07-02 01:09 - 2014-02-27 18:40 - 00043840 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-07-02 01:08 - 2014-02-27 18:40 - 00032320 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys
2014-07-02 01:05 - 2014-07-02 01:08 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-02 00:00 - 2014-07-03 18:04 - 00001580 _____ () C:\Windows\Sandboxie.ini
2014-07-02 00:00 - 2014-07-01 23:58 - 00001058 _____ () C:\Users\Iyke\Desktop\Sandboxed Web Browser.lnk
2014-07-01 23:59 - 2014-07-01 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-01 23:58 - 2014-07-01 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2014-07-01 23:58 - 2014-07-01 23:58 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-01 23:58 - 2014-07-01 23:58 - 00000000 ____D () C:\Program Files\KeyScrambler
2014-07-01 23:58 - 2013-05-31 15:53 - 00209016 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys
2014-07-01 23:57 - 2014-07-01 23:57 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-07-01 23:57 - 2014-07-01 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KLC
2014-07-01 23:57 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\temp.000
2014-07-01 23:57 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\system32\wbemdisp.TLB
2014-07-01 14:20 - 2014-07-01 16:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 14:20 - 2014-07-01 14:20 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 14:20 - 2014-07-01 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 14:20 - 2014-07-01 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 14:20 - 2014-07-01 14:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-01 14:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 14:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-01 14:20 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-01 13:08 - 2014-07-01 15:24 - 957798400 _____ () C:\Users\Iyke\Downloads\tails-i386-1.0.1.iso
2014-07-01 08:45 - 2014-07-01 23:51 - 00012454 _____ () C:\Users\Iyke\Downloads\hijackthis.log
2014-07-01 08:44 - 2014-07-01 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Iyke\Downloads\HijackThis.exe
2014-06-30 19:26 - 2014-07-06 21:47 - 00000000 ___RD () C:\Users\Iyke\Dropbox
2014-06-30 19:26 - 2014-06-30 19:26 - 00001043 _____ () C:\Users\Iyke\Desktop\Dropbox.lnk
2014-06-30 19:25 - 2014-07-06 21:47 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\DropboxMaster
2014-06-30 19:25 - 2014-06-30 19:25 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-30 19:22 - 2014-07-06 21:47 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Dropbox
2014-06-30 10:46 - 2012-10-17 12:28 - 00186504 _____ (EldoS Corporation) C:\Windows\system32\Drivers\cbdisk2.sys
2014-06-30 04:47 - 2014-06-30 10:29 - 4093575168 _____ () C:\Users\Iyke\Downloads\AD_FTK_5.4.0.iso
2014-06-29 18:33 - 2014-06-29 18:33 - 00000000 ____D () C:\Users\Iyke\.android
2014-06-29 17:47 - 2014-06-29 17:56 - 00000000 ____D () C:\adb-toolkit
2014-06-29 13:04 - 2014-06-29 13:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_smhwadb_01005.Wdf
2014-06-29 07:23 - 2014-06-29 07:23 - 00000000 ____D () C:\adbtk
2014-06-28 22:44 - 2014-06-28 22:44 - 00000000 ____D () C:\Windows\system32\Hotspot Shield
2014-06-28 16:18 - 2010-02-04 16:21 - 00108032 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\smhwser.sys
2014-06-28 16:18 - 2009-12-24 20:00 - 00025728 _____ (Google Inc) C:\Windows\system32\Drivers\smhwadb.sys
2014-06-28 16:18 - 2009-12-24 04:00 - 01419232 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01005.dll
2014-06-27 03:34 - 2014-06-27 14:40 - 00000000 ____D () C:\Users\Iyke\Downloads\Tools
2014-06-26 00:07 - 2014-07-01 13:45 - 00000000 ____D () C:\Users\Iyke\Downloads\New folder
2014-06-25 23:34 - 2014-06-25 23:35 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Jitsi
2014-06-25 23:33 - 2014-06-25 23:34 - 00000000 ____D () C:\Users\Iyke\AppData\Local\Jitsi
2014-06-25 21:47 - 2014-07-02 18:10 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\GarenaPlus
2014-06-25 21:31 - 2014-07-02 18:26 - 00000000 ____D () C:\Program Files\Garena Plus
2014-06-25 21:30 - 2014-07-02 18:10 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-06-25 16:37 - 2014-07-02 00:22 - 00000000 ____D () C:\Users\Iyke\Downloads\nsa ebooks
2014-06-24 08:17 - 2014-06-24 08:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-24 08:17 - 2010-02-19 00:00 - 01302600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01007.dll
2014-06-24 08:17 - 2010-02-19 00:00 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-06-24 08:17 - 2010-02-19 00:00 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-06-24 08:17 - 2010-02-19 00:00 - 00581192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2014-06-24 08:16 - 2014-06-24 08:17 - 00000501 _____ () C:\NSI_DriverInstall.log
2014-06-24 08:16 - 2014-06-24 08:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-06-24 08:16 - 2010-02-19 00:00 - 00581192 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-06-24 08:13 - 2012-10-11 03:44 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-24 08:13 - 2012-10-11 03:44 - 00851176 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-06-24 08:09 - 2014-06-24 08:36 - 00000000 ____D () C:\Program Files\Kingo Android ROOT
2014-06-24 08:09 - 2014-06-24 08:09 - 00000000 ____D () C:\Users\Iyke\Documents\wmshua
2014-06-24 08:09 - 2014-06-24 08:09 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\ZJMedia
2014-06-24 08:09 - 2014-06-24 08:09 - 00000000 ____D () C:\Users\Iyke\AppData\Local\ZJMedia
2014-06-23 05:55 - 2014-06-23 05:56 - 00000000 ____D () C:\Users\Iyke\Desktop\Tor Browser
2014-06-23 05:23 - 2014-06-30 20:25 - 00000000 ____D () C:\Users\Iyke\Documents\1Password
2014-06-23 05:04 - 2014-06-23 05:04 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Agile Web Solutions
2014-06-23 04:49 - 2014-06-23 04:49 - 00000000 ____D () C:\Users\Iyke\AppData\Local\ShazzleMailClient
2014-06-23 04:44 - 2014-06-23 04:44 - 00002102 _____ () C:\Users\Public\Desktop\ShazzleMailClient.lnk
2014-06-23 04:44 - 2014-06-23 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shazzle
2014-06-23 04:44 - 2014-06-23 04:44 - 00000000 ____D () C:\Program Files\Shazzle
2014-06-23 04:29 - 2014-06-23 04:29 - 00000992 _____ () C:\Users\Iyke\Desktop\CCleaner.lnk
2014-06-23 04:19 - 2014-06-23 04:19 - 00001087 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-06-23 04:17 - 2014-05-17 03:33 - 00039624 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-06-23 04:15 - 2014-06-23 04:15 - 00001751 _____ () C:\Users\Iyke\Desktop\I2P router console.lnk
2014-06-23 04:13 - 2014-06-23 04:14 - 00000000 ____D () C:\Program Files\i2p
2014-06-23 04:13 - 2014-06-23 04:13 - 00001798 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jitsi.lnk
2014-06-23 04:13 - 2014-06-23 04:13 - 00001786 _____ () C:\Users\Public\Desktop\Jitsi.lnk
2014-06-23 04:13 - 2014-06-23 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P
2014-06-23 04:12 - 2014-06-23 04:13 - 00000000 ____D () C:\Program Files\Jitsi
2014-06-23 04:11 - 2014-06-23 04:12 - 00000000 ____D () C:\Program Files\1Password
2014-06-23 04:11 - 2014-06-23 04:11 - 00000986 _____ () C:\Users\Iyke\Desktop\1Password.lnk
2014-06-23 04:11 - 2014-06-23 04:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Password
2014-06-23 04:11 - 2013-02-09 10:54 - 01593096 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatCrypt2.dll
2014-06-23 04:11 - 2011-03-03 06:03 - 02371584 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatZip2.dll
2014-06-23 04:08 - 2014-06-23 05:40 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-06-23 04:08 - 2014-06-23 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2014-06-23 04:07 - 2014-06-23 04:17 - 00000000 ____D () C:\Program Files\Hotspot Shield
2014-06-23 04:07 - 2014-06-23 04:07 - 00000946 _____ () C:\Users\Iyke\Desktop\DiskCryptor.lnk
2014-06-23 04:07 - 2014-06-23 04:07 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Hotspot Shield
2014-06-23 04:07 - 2014-06-23 04:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCryptor
2014-06-23 04:07 - 2014-06-23 04:07 - 00000000 ____D () C:\Program Files\dcrypt
2014-06-23 04:07 - 2014-01-01 11:19 - 00185544 _____ () C:\Windows\system32\Drivers\dcrypt.sys
2014-06-23 02:04 - 2014-07-06 21:45 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Cloudfogger
2014-06-23 02:04 - 2014-07-06 21:45 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-23 02:04 - 2014-06-23 02:04 - 00000000 ____D () C:\Users\Iyke\AppData\Local\CrashRpt
2014-06-23 01:49 - 2014-06-23 01:49 - 00002585 _____ () C:\Users\Iyke\Desktop\EMET GUI.lnk
2014-06-23 01:44 - 2014-06-23 01:44 - 00001032 _____ () C:\Users\Iyke\Desktop\Cloudfogger.lnk
2014-06-23 01:44 - 2014-06-23 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudfogger
2014-06-23 01:44 - 2014-06-23 01:44 - 00000000 ____D () C:\Program Files\Cloudfogger
2014-06-23 01:44 - 2013-01-07 15:55 - 00115928 _____ (EldoS Corporation) C:\Windows\system32\Drivers\cbfltfs.sys
2014-06-23 01:44 - 2012-12-04 14:50 - 00223592 _____ (EldoS Corporation) C:\Windows\system32\CbFsNetRdr3.dll
2014-06-23 01:44 - 2012-12-04 14:44 - 00299528 _____ (EldoS Corporation) C:\Windows\system32\Drivers\cbfs3.sys
2014-06-19 02:00 - 2014-07-06 06:56 - 00000000 ____D () C:\Users\Iyke\AppData\Local\Adobe
2014-06-19 01:18 - 2014-06-23 04:46 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-19 00:36 - 2014-06-19 00:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-06-16 23:30 - 2014-06-16 23:30 - 00001231 _____ () C:\Users\Iyke\Desktop\ygopro_vs - Shortcut.lnk
2014-06-13 18:31 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 18:31 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 18:31 - 2014-05-30 10:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 18:31 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 18:31 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 18:31 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 18:31 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 18:31 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 18:31 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 18:31 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 18:31 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 18:31 - 2014-05-30 09:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 18:31 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 18:31 - 2014-05-30 09:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 18:31 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 18:31 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 18:31 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 18:31 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 18:31 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 18:31 - 2014-05-30 08:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 18:31 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 18:31 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 18:31 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 18:31 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 18:31 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 18:31 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 18:31 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 18:31 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 18:30 - 2014-05-08 10:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 18:30 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-13 18:30 - 2014-04-05 03:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 18:30 - 2014-04-05 03:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 18:30 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 18:30 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 18:30 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 18:30 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-06 22:22 - 2012-09-10 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 22:21 - 2014-07-06 22:20 - 00026472 _____ () C:\Users\Iyke\Downloads\FRST.txt
2014-07-06 22:20 - 2014-07-06 22:20 - 00000000 ____D () C:\FRST
2014-07-06 22:19 - 2014-07-06 22:19 - 01074688 _____ (Farbar) C:\Users\Iyke\Downloads\FRST.exe
2014-07-06 22:06 - 2011-12-13 18:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-06 21:54 - 2014-03-10 22:47 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\VMware
2014-07-06 21:53 - 2014-03-10 22:47 - 00000000 ____D () C:\Users\Iyke\AppData\Local\VMware
2014-07-06 21:48 - 2011-12-13 17:40 - 01650193 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 21:47 - 2014-06-30 19:26 - 00000000 ___RD () C:\Users\Iyke\Dropbox
2014-07-06 21:47 - 2014-06-30 19:25 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\DropboxMaster
2014-07-06 21:47 - 2014-06-30 19:22 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Dropbox
2014-07-06 21:45 - 2014-06-23 02:04 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Cloudfogger
2014-07-06 21:45 - 2014-06-23 02:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-06 21:42 - 2014-07-06 21:42 - 00000000 ____H () C:\ProgramData\cm-lock
2014-07-06 21:42 - 2014-07-04 03:02 - 00000728 _____ () C:\Windows\setupact.log
2014-07-06 21:42 - 2014-03-17 12:34 - 00000000 ____D () C:\pgData91
2014-07-06 21:42 - 2014-03-10 22:41 - 00000000 ____D () C:\ProgramData\VMware
2014-07-06 21:42 - 2013-09-03 01:55 - 00000198 _____ () C:\Windows\Tasks\AutoKMS.job
2014-07-06 21:42 - 2013-06-08 01:29 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-07-06 21:42 - 2013-06-03 17:45 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-07-06 21:42 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 17:58 - 2009-07-14 05:34 - 00023504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 17:58 - 2009-07-14 05:34 - 00023504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 06:56 - 2014-06-19 02:00 - 00000000 ____D () C:\Users\Iyke\AppData\Local\Adobe
2014-07-05 22:48 - 2014-07-05 22:48 - 00689141 _____ () C:\Users\Iyke\Downloads\1b-digital data arithmetic.pptx
2014-07-05 19:00 - 2011-12-27 16:49 - 00000370 _____ () C:\Windows\Tasks\At1.job
2014-07-05 12:29 - 2014-07-05 12:29 - 02834946 _____ () C:\Users\Iyke\Downloads\1a-Introduction to module & digital data.pptx
2014-07-05 01:55 - 2013-09-03 01:55 - 00000198 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-07-04 22:56 - 2011-12-24 19:04 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Skype
2014-07-04 20:55 - 2014-04-24 20:14 - 00000000 ____D () C:\Users\Iyke\Desktop\PracticeWebsite14
2014-07-04 15:52 - 2014-03-26 03:39 - 00000000 ____D () C:\Users\Iyke\AppData\Local\CrashDumps
2014-07-04 13:20 - 2012-03-10 10:08 - 00000000 ____D () C:\ProgramData\Skype
2014-07-04 13:19 - 2014-07-04 13:19 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-04 13:19 - 2014-07-04 13:19 - 00000000 ___RD () C:\Program Files\Skype
2014-07-04 13:19 - 2014-07-04 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-04 13:19 - 2014-07-04 13:19 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-04 11:21 - 2014-07-04 11:09 - 155863572 _____ () C:\Users\Iyke\Downloads\lolwtfhax.rar
2014-07-04 10:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-07-04 10:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-04 08:09 - 2014-04-29 02:44 - 00000944 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-04 08:09 - 2014-03-31 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-04 05:27 - 2014-07-04 05:27 - 00111008 _____ () C:\Users\Iyke\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-04 03:03 - 2014-07-04 03:01 - 01760128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-04 03:02 - 2014-07-04 03:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 22:14 - 2014-07-03 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-07-03 22:14 - 2014-07-03 22:14 - 00000000 ____D () C:\Program Files\EMET 4.1
2014-07-03 18:04 - 2014-07-02 00:00 - 00001580 _____ () C:\Windows\Sandboxie.ini
2014-07-03 14:04 - 2011-12-25 22:27 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\uTorrent
2014-07-02 20:39 - 2014-07-02 20:39 - 00000000 ____D () C:\Users\Iyke\Documents\Reflect
2014-07-02 19:59 - 2014-07-02 18:39 - 00000000 ____D () C:\ProgramData\Macrium
2014-07-02 18:58 - 2014-07-02 18:58 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-07-02 18:58 - 2014-07-02 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2014-07-02 18:58 - 2014-07-02 18:58 - 00000000 ____D () C:\Program Files\Macrium
2014-07-02 18:54 - 2014-07-02 18:39 - 00000000 ____D () C:\Users\Iyke\Downloads\Macrium
2014-07-02 18:31 - 2014-07-02 18:31 - 02292720 _____ (Paramount Software UK Ltd) C:\Users\Iyke\Downloads\reflectdl.exe
2014-07-02 18:26 - 2014-06-25 21:31 - 00000000 ____D () C:\Program Files\Garena Plus
2014-07-02 18:26 - 2014-03-17 12:26 - 00000000 ____D () C:\Program Files\AccessData
2014-07-02 18:23 - 2014-03-17 11:55 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\DAEMON Tools Lite
2014-07-02 18:10 - 2014-06-25 21:47 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\GarenaPlus
2014-07-02 18:10 - 2014-06-25 21:30 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-07-02 17:45 - 2014-07-02 17:40 - 00000000 ____D () C:\Users\Iyke\New folder
2014-07-02 17:40 - 2011-12-21 16:45 - 00000000 ____D () C:\Users\Iyke
2014-07-02 17:37 - 2014-07-02 17:37 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-02 09:27 - 2014-07-02 09:27 - 00000747 _____ () C:\Users\Iyke\Desktop\vmplayer - Shortcut.lnk
2014-07-02 09:24 - 2014-07-02 09:24 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\QFX Software
2014-07-02 09:24 - 2014-07-02 09:24 - 00000000 ____D () C:\ProgramData\QFX Software
2014-07-02 01:29 - 2014-07-02 01:29 - 00001216 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-07-02 01:29 - 2014-07-02 01:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1
2014-07-02 01:29 - 2014-07-02 01:29 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2014-07-02 01:08 - 2014-07-02 01:05 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-02 01:08 - 2011-12-13 17:56 - 00791752 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 00:42 - 2014-03-10 22:57 - 00000000 ____D () C:\Users\Iyke\Documents\Virtual Machines
2014-07-02 00:22 - 2014-06-25 16:37 - 00000000 ____D () C:\Users\Iyke\Downloads\nsa ebooks
2014-07-01 23:59 - 2014-07-01 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-01 23:58 - 2014-07-02 00:00 - 00001058 _____ () C:\Users\Iyke\Desktop\Sandboxed Web Browser.lnk
2014-07-01 23:58 - 2014-07-01 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2014-07-01 23:58 - 2014-07-01 23:58 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-01 23:58 - 2014-07-01 23:58 - 00000000 ____D () C:\Program Files\KeyScrambler
2014-07-01 23:57 - 2014-07-01 23:57 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-07-01 23:57 - 2014-07-01 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KLC
2014-07-01 23:51 - 2014-07-01 08:45 - 00012454 _____ () C:\Users\Iyke\Downloads\hijackthis.log
2014-07-01 17:10 - 2013-12-17 13:59 - 00000000 ____D () C:\Program Files\Nosibay
2014-07-01 16:35 - 2014-07-01 14:20 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 15:24 - 2014-07-01 13:08 - 957798400 _____ () C:\Users\Iyke\Downloads\tails-i386-1.0.1.iso
2014-07-01 14:20 - 2014-07-01 14:20 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 14:20 - 2014-07-01 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 14:20 - 2014-07-01 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 14:20 - 2014-07-01 14:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-01 13:45 - 2014-06-26 00:07 - 00000000 ____D () C:\Users\Iyke\Downloads\New folder
2014-07-01 13:45 - 2012-01-01 14:40 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\vlc
2014-07-01 11:09 - 2014-03-11 20:02 - 00000951 _____ () C:\Users\Iyke\Desktop\Notes.txt
2014-07-01 08:44 - 2014-07-01 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Iyke\Downloads\HijackThis.exe
2014-06-30 20:25 - 2014-06-23 05:23 - 00000000 ____D () C:\Users\Iyke\Documents\1Password
2014-06-30 19:26 - 2014-06-30 19:26 - 00001043 _____ () C:\Users\Iyke\Desktop\Dropbox.lnk
2014-06-30 19:25 - 2014-06-30 19:25 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-30 10:44 - 2014-03-17 13:07 - 00000000 ____D () C:\ProgramData\AccessData
2014-06-30 10:29 - 2014-06-30 04:47 - 4093575168 _____ () C:\Users\Iyke\Downloads\AD_FTK_5.4.0.iso
2014-06-30 00:30 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-29 18:33 - 2014-06-29 18:33 - 00000000 ____D () C:\Users\Iyke\.android
2014-06-29 17:56 - 2014-06-29 17:47 - 00000000 ____D () C:\adb-toolkit
2014-06-29 13:04 - 2014-06-29 13:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_smhwadb_01005.Wdf
2014-06-29 07:23 - 2014-06-29 07:23 - 00000000 ____D () C:\adbtk
2014-06-28 22:44 - 2014-06-28 22:44 - 00000000 ____D () C:\Windows\system32\Hotspot Shield
2014-06-27 14:40 - 2014-06-27 03:34 - 00000000 ____D () C:\Users\Iyke\Downloads\Tools
2014-06-25 23:35 - 2014-06-25 23:34 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Jitsi
2014-06-25 23:34 - 2014-06-25 23:33 - 00000000 ____D () C:\Users\Iyke\AppData\Local\Jitsi
2014-06-25 18:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-24 08:36 - 2014-06-24 08:09 - 00000000 ____D () C:\Program Files\Kingo Android ROOT
2014-06-24 08:17 - 2014-06-24 08:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-24 08:17 - 2014-06-24 08:16 - 00000501 _____ () C:\NSI_DriverInstall.log
2014-06-24 08:16 - 2014-06-24 08:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-06-24 08:09 - 2014-06-24 08:09 - 00000000 ____D () C:\Users\Iyke\Documents\wmshua
2014-06-24 08:09 - 2014-06-24 08:09 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\ZJMedia
2014-06-24 08:09 - 2014-06-24 08:09 - 00000000 ____D () C:\Users\Iyke\AppData\Local\ZJMedia
2014-06-24 01:17 - 2011-12-21 16:45 - 00000000 ____D () C:\Users\Iyke\AppData\Local\VirtualStore
2014-06-23 05:56 - 2014-06-23 05:55 - 00000000 ____D () C:\Users\Iyke\Desktop\Tor Browser
2014-06-23 05:40 - 2014-06-23 04:08 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-06-23 05:04 - 2014-06-23 05:04 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Agile Web Solutions
2014-06-23 04:49 - 2014-06-23 04:49 - 00000000 ____D () C:\Users\Iyke\AppData\Local\ShazzleMailClient
2014-06-23 04:48 - 2013-10-20 12:55 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Notepad++
2014-06-23 04:46 - 2014-06-19 01:18 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-23 04:44 - 2014-06-23 04:44 - 00002102 _____ () C:\Users\Public\Desktop\ShazzleMailClient.lnk
2014-06-23 04:44 - 2014-06-23 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shazzle
2014-06-23 04:44 - 2014-06-23 04:44 - 00000000 ____D () C:\Program Files\Shazzle
2014-06-23 04:29 - 2014-06-23 04:29 - 00000992 _____ () C:\Users\Iyke\Desktop\CCleaner.lnk
2014-06-23 04:19 - 2014-06-23 04:19 - 00001087 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-06-23 04:17 - 2014-06-23 04:07 - 00000000 ____D () C:\Program Files\Hotspot Shield
2014-06-23 04:15 - 2014-06-23 04:15 - 00001751 _____ () C:\Users\Iyke\Desktop\I2P router console.lnk
2014-06-23 04:14 - 2014-06-23 04:13 - 00000000 ____D () C:\Program Files\i2p
2014-06-23 04:13 - 2014-06-23 04:13 - 00001798 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jitsi.lnk
2014-06-23 04:13 - 2014-06-23 04:13 - 00001786 _____ () C:\Users\Public\Desktop\Jitsi.lnk
2014-06-23 04:13 - 2014-06-23 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P
2014-06-23 04:13 - 2014-06-23 04:12 - 00000000 ____D () C:\Program Files\Jitsi
2014-06-23 04:12 - 2014-06-23 04:11 - 00000000 ____D () C:\Program Files\1Password
2014-06-23 04:11 - 2014-06-23 04:11 - 00000986 _____ () C:\Users\Iyke\Desktop\1Password.lnk
2014-06-23 04:11 - 2014-06-23 04:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Password
2014-06-23 04:08 - 2014-06-23 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2014-06-23 04:07 - 2014-06-23 04:07 - 00000946 _____ () C:\Users\Iyke\Desktop\DiskCryptor.lnk
2014-06-23 04:07 - 2014-06-23 04:07 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Hotspot Shield
2014-06-23 04:07 - 2014-06-23 04:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCryptor
2014-06-23 04:07 - 2014-06-23 04:07 - 00000000 ____D () C:\Program Files\dcrypt
2014-06-23 02:04 - 2014-06-23 02:04 - 00000000 ____D () C:\Users\Iyke\AppData\Local\CrashRpt
2014-06-23 01:49 - 2014-06-23 01:49 - 00002585 _____ () C:\Users\Iyke\Desktop\EMET GUI.lnk
2014-06-23 01:44 - 2014-06-23 01:44 - 00001032 _____ () C:\Users\Iyke\Desktop\Cloudfogger.lnk
2014-06-23 01:44 - 2014-06-23 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudfogger
2014-06-23 01:44 - 2014-06-23 01:44 - 00000000 ____D () C:\Program Files\Cloudfogger
2014-06-20 04:19 - 2014-03-25 22:32 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-06-19 22:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-19 15:43 - 2014-01-07 18:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 00:55 - 2014-06-19 00:36 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-06-18 14:29 - 2012-09-10 20:12 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-18 14:29 - 2011-12-13 19:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 14:22 - 2013-06-19 19:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 01:37 - 2013-10-31 08:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 23:37 - 2014-05-18 02:40 - 00000000 ____D () C:\Windows\Minidump
2014-06-17 22:38 - 2012-09-05 08:15 - 00000000 ____D () C:\Users\Iyke\AppData\Roaming\Audacity
2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-06-16 23:30 - 2014-06-16 23:30 - 00001231 _____ () C:\Users\Iyke\Desktop\ygopro_vs - Shortcut.lnk
2014-06-14 17:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-06-14 03:26 - 2013-08-15 00:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-14 03:09 - 2011-12-13 20:20 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\au\AppData\Local\Temp\avguidx.dll
C:\Users\au\AppData\Local\Temp\CommonInstaller.exe
C:\Users\au\AppData\Local\Temp\iGearedHelper.dll
C:\Users\au\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\au\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\au\AppData\Local\Temp\utt1263.tmp.exe
C:\Users\Iyke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqrswmp.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 18:38

==================== End Of Log ============================

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:20 PM

Posted 07 July 2014 - 02:37 PM

Please run the following:

Download attached fixlist.txt file and save it to the Downloads folder as that is where FRST.exe is saved.

Attached File  FixList.txt   3.12KB   2 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT


Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:20 PM

Posted 17 July 2014 - 12:38 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users