Shafey

Hi Marius, I have finished all the processes you recommended. I think the system is clean now. It does not run any faster but the onelike thing is gone. Thank you very much! I hope that in some future date I would be able to show my appreciation in a more substantive fashion. For now you have my heartfelt thanks. Regards,

What happened to the threats that were found by TDSSkiller and eset ? Are they still there?

CONTENTS OF THE FIXLOG -------------------------------------- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014Ran by Shafey at 2014-07-16 22:32:46 Run:3Running from C:\Users\Shafey\Desktop\frstBoot Mode: Normal============================================== Content of fixlist:*****************C:\ProgramData\ApplicationC:\Users\All Users\Application ***************** C:\ProgramData\Application => Moved successfully."C:\Users\All Users\Application" => File/Directory not found. ==== End of Fixlog ==== CONTENTS OF THE ADWARECLEANER------------------------------------------------------- # AdwCleaner v3.215 - Report created 16/07/2014 at 22:53:11# Updated 09/07/2014 by Xplode# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)# Username : Shafey - SHAFEY-PC# Running from : C:\Users\Shafey\Desktop\adwcleaner_3.215.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Shafey\AppData\Roaming\Mozilla\Firefox\Profiles\bdjwxyk0.default\prefs.js ] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Faizi\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6128 octets] - [17/06/2014 04:57:48]AdwCleaner[R1].txt - [1117 octets] - [17/06/2014 06:22:54]AdwCleaner[R2].txt - [2111 octets] - [16/07/2014 22:44:30]AdwCleaner[s0].txt - [6196 octets] - [17/06/2014 04:59:57]AdwCleaner[s1].txt - [1179 octets] - [17/06/2014 06:24:11]AdwCleaner[s2].txt - [1925 octets] - [16/07/2014 22:53:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1985 octets] ########## CONTENTS OF JRT--------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Basic x64Ran by Shafey on Wed 07/16/2014 at 23:10:36.91~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Shafey\AppData\Roaming\mozilla\firefox\profiles\bdjwxyk0.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/16/2014 at 23:18:34.41End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONTENTS OF CHECKUP--------------------------------- Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Java 7 Update 51 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (30.0) Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Ok. I would remove the threats. I did not do this with eset scan because you had asked to leave found threats unticked. Should I run eset again and clean all the threats found? and then proceed with the steps you have outlined above?

Results of the eset scan. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted applicationC:\ProgramData\Application\ApplicationLayerService.exe MSIL/Agent.FQ wormC:\ProgramData\Application\AppSrv.dll MSIL/Agent.FQ wormC:\Users\All Users\Application\ApplicationLayerService.exe MSIL/Agent.FQ wormC:\Users\All Users\Application\AppSrv.dll MSIL/Agent.FQ wormC:\Users\Shafey\Downloads\ac3filter_2_5b(2).exe Win32/OpenCandy potentially unsafe applicationC:\Users\Shafey\Downloads\ac3filter_2_5b.exe Win32/OpenCandy potentially unsafe applicationC:\Users\Shafey\Downloads\cbsidlm-cbsi134-FreeOCR-SEO-10717191.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationC:\Users\Shafey\Downloads\clipgrab-3.3.0.4.exe Win32/OpenCandy potentially unsafe applicationC:\Users\Shafey\Downloads\clipgrab-3.4.3.exe Win32/OpenCandy potentially unsafe application

I have pasted the log in my original post. Did I miss something? I followed your instructions carefully to the letter.

The contents of the fixlog are pasted above. Pasting again. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014Ran by Shafey at 2014-07-14 06:52:56 Run:1Running from C:\Users\Shafey\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************AlternateDataStreams: C:\ProgramData\Temp:AF4CCAADTask: {DE3CDD57-A6FD-4009-A382-4B3744674EDF} - \EPUpdater No Task File <==== ATTENTIONTask: {AFEAECE7-4A9D-43F2-B871-A01B987CB480} - \BitGuard No Task File <==== ATTENTIONFF Homepage: hxxp://onelike.in/google/?mozhm=about:homeFF Keyword.URL: user_pref("keyword.URL", "hxxp://onelike.in/google/?keyWord=");FF NewTab: hxxp://onelike.in/google/?newtab=SearchScopes: HKLM-x32 - DefaultScope value is missing.HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,FirstHomePage = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://onelike.in/google/?ie=GroupPolicyUsers\S-1-5-21-2892114743-1712468159-3544421845-1001\User: Group Policy restriction detected <======= ATTENTION ***************** C:\ProgramData\Temp => ":AF4CCAAD" ADS removed successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE3CDD57-A6FD-4009-A382-4B3744674EDF}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3CDD57-A6FD-4009-A382-4B3744674EDF}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFEAECE7-4A9D-43F2-B871-A01B987CB480}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFEAECE7-4A9D-43F2-B871-A01B987CB480}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard' => Key deleted successfully.Firefox homepage deleted successfully.Firefox Keyword.URL deleted successfully.Firefox newtab deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\FirstHomePage => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.C:\windows\system32\GroupPolicyUsers\S-1-5-21-2892114743-1712468159-3544421845-1001\User => Moved successfully.C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. The system needed a reboot. ==== End of Fixlog ====

One more thing. In Malwarebytes instead of "Apply actions" I had selected "qurantine all" because the default action suggested was to "ignore once". I felt I had ignored it more than once already and qurantine just seemed the better thing to do.

Thank you for your reply. Your concern over utorrent is well taken. I have uninstalled the program for now, but it is indispensable for my needs and I would install it back once the system is cleaned. (where else can I get free movies? ) I hope when the cleaning process is ended you might advice me on how to stay safe (as far as possible) even with utorrent in use. The scan results are pasted below. --------------------------------------------------- From Malwarebytes Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/14/2014Scan Time: 7:12:40 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.13.07Rootkit Database: v2014.07.09.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Shafey Scan Type: Threat ScanResult: CompletedObjects Scanned: 313966Time Elapsed: 12 min, 17 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 1PUP.Optional.ApplicationService.A, C:\ProgramData\Application\ApplicationService.exe, 1656, Delete-on-Reboot, [48c39e01176463d38fa13ade7e8609f7] Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 2PUP.Optional.ApplicationService.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Application Service, C:\ProgramData\Application\ApplicationService.exe, Quarantined, [48c39e01176463d38fa13ade7e8609f7]PUP.Optional.ApplicationService.A, HKU\S-1-5-21-2892114743-1712468159-3544421845-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Application Service, C:\ProgramData\Application\ApplicationService.exe, Quarantined, [48c39e01176463d38fa13ade7e8609f7] Registry Data: 5PUP.Optional.OneLike.A, HKU\S-1-5-21-2892114743-1712468159-3544421845-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://onelike.in/google/?ie=, Good: (www.google.com), Bad: (http://onelike.in/google/?ie=),Replaced,[a06bdac5601ba2949b44653a52b23fc1] PUP.Optional.OneLike.A, HKU\S-1-5-21-2892114743-1712468159-3544421845-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Secondary Start Pages, http://onelike.in/google/?ie=, Good: (www.google.com), Bad: (http://onelike.in/google/?ie=),Replaced,[83882778b4c79c9a558f4956788cd030] PUP.Optional.OneLike.A, HKU\S-1-5-21-2892114743-1712468159-3544421845-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|FirstHomePage, http://onelike.in/google/?ie=, Good: (www.google.com), Bad: (http://onelike.in/google/?ie=),Replaced,[b952a6f9097272c4a43d445bea1a11ef] PUP.Optional.OneLike.A, HKU\S-1-5-21-2892114743-1712468159-3544421845-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Secondary_Page_URL, http://onelike.in/google/?ie=^^, Good: (www.google.com), Bad: (http://onelike.in/google/?ie=^^),Replaced,[7992306f106b072fe200bce3b84c23dd] PUP.Optional.OneLike.A, HKU\S-1-5-21-2892114743-1712468159-3544421845-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://onelike.in/google/?ie=, Good: (www.google.com), Bad: (http://onelike.in/google/?ie=),Replaced,[b15af4abaad1b97d786b039ca95b817f] Folders: 0(No malicious items detected) Files: 1PUP.Optional.ApplicationService.A, C:\ProgramData\Application\ApplicationService.exe, Delete-on-Reboot, [48c39e01176463d38fa13ade7e8609f7], Physical Sectors: 0(No malicious items detected) (end) From Fixlog --------------------- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014Ran by Shafey at 2014-07-14 06:52:56 Run:1Running from C:\Users\Shafey\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************AlternateDataStreams: C:\ProgramData\Temp:AF4CCAADTask: {DE3CDD57-A6FD-4009-A382-4B3744674EDF} - \EPUpdater No Task File <==== ATTENTIONTask: {AFEAECE7-4A9D-43F2-B871-A01B987CB480} - \BitGuard No Task File <==== ATTENTIONFF Homepage: hxxp://onelike.in/google/?mozhm=about:homeFF Keyword.URL: user_pref("keyword.URL", "hxxp://onelike.in/google/?keyWord=");FF NewTab: hxxp://onelike.in/google/?newtab=SearchScopes: HKLM-x32 - DefaultScope value is missing.HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,FirstHomePage = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://onelike.in/google/?ie=GroupPolicyUsers\S-1-5-21-2892114743-1712468159-3544421845-1001\User: Group Policy restriction detected <======= ATTENTION ***************** C:\ProgramData\Temp => ":AF4CCAAD" ADS removed successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE3CDD57-A6FD-4009-A382-4B3744674EDF}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3CDD57-A6FD-4009-A382-4B3744674EDF}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFEAECE7-4A9D-43F2-B871-A01B987CB480}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFEAECE7-4A9D-43F2-B871-A01B987CB480}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard' => Key deleted successfully.Firefox homepage deleted successfully.Firefox Keyword.URL deleted successfully.Firefox newtab deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\FirstHomePage => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.C:\windows\system32\GroupPolicyUsers\S-1-5-21-2892114743-1712468159-3544421845-1001\User => Moved successfully.C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== P.S. The 'fix' with FRST was done first. The Malwarebytes scan later.

From Addition _______ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014 Ran by Shafey at 2014-07-10 20:45:49 Running from C:\Users\Shafey\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - ) AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Bukhari, Muslim, Malik, and Dawud Hadith Collection (HKLM-x32\...\Bukhari, Muslim, Malik, and Dawud Hadith Collection_is1) (Version: - ImaanStar) CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform) CDisplayEx 1.10.12 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com) ClipGrab 3.4.3 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) ComicRack v0.9.143 (HKLM\...\ComicRack) (Version: v0.9.143 - cYo Soft) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.46.0.50 - Conexant) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dashlane (HKCU\...\Dashlane) (Version: 2.4.1.63897 - Dashlane SAS) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A16B95F-7377-410A-B961-EFD9394E1AF3}) (Version: - Microsoft) Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo) Energy Management (x32 Version: 6.0.1.5 - Lenovo) Hidden FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - ) FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin) FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version: - ) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation) Google Books Downloader version 1.6 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 1.6 - GBOOKSDOWNLOADER.COM) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1119.1 - Lenovo EasyCamera) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - ) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MMX352G 3G USB Manager version 5.499 (HKLM-x32\...\MMX352G 3G USB Manager Normal Version_is1) (Version: - ) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden PDF to Word (HKLM-x32\...\{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1) (Version: - Quick PDF) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) Reliance Netconnect - Broadband+ (HKLM-x32\...\Reliance Netconnect - Broadband+) (Version: 11.030.01.04.114 - Huawei Technologies Co.,Ltd) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.) SugarSync (HKLM-x32\...\SugarSync) (Version: 2.0.24.113934 - SugarSync, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 29-06-2014 23:23:35 Windows Update 03-07-2014 16:31:13 Windows Update 07-07-2014 05:34:10 Windows Update 10-07-2014 10:41:33 Windows Update ==================== Hosts content: ========================== 2009-07-14 08:04 - 2014-02-12 22:03 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {07845042-996C-44CF-B199-4CEC5F90B83F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.) Task: {079E6CA9-0486-498E-9EA6-A6EC9ACB1623} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000Core => C:\Users\Shafey\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.) Task: {0C848D32-5CF2-4013-B30D-5F0BFDE20314} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {10FA0F6C-9249-4DD3-A8C4-5B97B85EEDD2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {1A1FFCDE-DA5F-499A-96E2-5B7E9F56CF46} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {3CDB4C78-4CC7-457D-B2DC-447A395D363A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {45224748-625C-4339-BA5F-98037C34FFEF} - System32\Tasks\auto shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation) Task: {724D2724-16E5-496C-8498-D1D086C93FC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {79DB85C3-EDDF-4DE9-9E7E-6A1536A23A13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {9E8A880C-9B20-495D-96BA-4CB2747BDB05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd) Task: {AFEAECE7-4A9D-43F2-B871-A01B987CB480} - \BitGuard No Task File <==== ATTENTION Task: {B556E287-BF85-4619-B19B-A4FD951C4B79} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000UA => C:\Users\Shafey\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.) Task: {BD7E9DF3-3D91-4D81-936A-4696757E8B29} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {CD9102B8-B98F-4406-9438-D42497150976} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.) Task: {D6F2F2CC-886A-4F29-A9AC-A6EBF0E2B659} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {D81E69A9-73EC-4F7C-B47D-142DC18037DA} - System32\Tasks\{06D73600-0AE6-442D-B8EA-906C38C5E668} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120.259/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12007&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered Task: {DE3CDD57-A6FD-4009-A382-4B3744674EDF} - \EPUpdater No Task File <==== ATTENTION Task: {E8938C75-3B03-43EC-A4B5-984104731B1A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink) Task: {F3971ECE-A093-4318-9BB1-2CD3DAF131B9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000Core.job => C:\Users\Shafey\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000UA.job => C:\Users\Shafey\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-14 16:54 - 2011-08-30 14:28 - 00114688 _____ () C:\ProgramData\ChgService.exe 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-03-29 05:30 - 2011-01-08 06:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2008-12-20 08:50 - 2011-03-29 06:03 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-20 08:50 - 2011-03-29 06:03 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2013-06-08 21:27 - 2014-05-27 20:08 - 00219832 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\Dashlane.exe 2011-07-17 18:45 - 2011-07-17 18:45 - 03530752 _____ () C:\Program Files\ComicRack\ComicRack.exe 2011-07-17 18:45 - 2011-07-17 18:45 - 00035840 _____ () C:\Program Files\ComicRack\ComicRack.Plugins.dll 2014-02-19 02:22 - 2014-05-27 20:08 - 00225464 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\DashlanePlugin.exe 2013-10-30 01:43 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-10-30 01:43 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-10-30 01:43 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-10-30 01:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-10-30 01:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 00255160 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.1.63897.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 00363704 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.1.63897.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 00423608 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.1.63897.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 28239544 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.1.63897.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 00263352 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.1.63897.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 04805304 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.1.63897.dll 2014-05-27 20:07 - 2014-05-27 20:07 - 04319416 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.1.63897.dll 2014-07-09 14:22 - 2014-07-09 14:22 - 00043008 _____ () c:\users\shafey\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiluil5.dll 2013-08-24 00:31 - 2013-10-19 05:25 - 25100288 _____ () C:\Users\Shafey\AppData\Roaming\Dropbox\bin\libcef.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-02-15 00:20 - 2014-02-15 00:20 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll 2011-03-29 05:29 - 2010-11-06 05:20 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 02396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 02021395 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00240659 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00116755 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00291859 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 01371667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 10396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00724499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00555027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00067091 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll 2014-02-05 07:02 - 2014-02-05 07:02 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00072211 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll 2014-02-05 07:01 - 2014-02-05 07:01 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll 2014-06-12 13:10 - 2014-06-05 19:28 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-12 13:10 - 2014-06-05 19:28 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-12 13:10 - 2014-06-05 19:28 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-12 13:10 - 2014-06-05 19:28 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-12 13:10 - 2014-06-05 19:28 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 12154040 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.1.63897.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 02041528 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.1.63897.dll 2014-05-27 20:08 - 2014-05-27 20:08 - 00188600 _____ () C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.2.4.1.63897.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:AF4CCAAD ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^Users^Shafey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: SkyDrive => "C:\Users\Shafey\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SugarSync => "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2014 08:21:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/10/2014 08:21:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/09/2014 08:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/09/2014 08:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/08/2014 08:00:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/08/2014 08:00:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/05/2014 11:38:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/05/2014 11:38:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/03/2014 08:18:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error: (07/03/2014 08:18:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . System errors: ============= Error: (07/09/2014 02:31:13 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.1929.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/08/2014 05:26:56 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (07/07/2014 06:19:42 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (07/06/2014 02:39:04 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (07/05/2014 11:45:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.1578.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/05/2014 11:35:36 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.1578.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/05/2014 11:35:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.1578.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/04/2014 06:10:11 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (07/03/2014 08:17:46 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/30/2014 02:27:11 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Microsoft Office Sessions: ========================= Error: (07/10/2014 08:21:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/10/2014 08:21:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (07/09/2014 08:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/09/2014 08:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (07/08/2014 08:00:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/08/2014 08:00:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (07/05/2014 11:38:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/05/2014 11:38:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (07/03/2014 08:18:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid. Error: (07/03/2014 08:18:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid. ==================== Memory info =========================== Percentage of memory in use: 71% Total physical RAM: 3015.86 MB Available physical RAM: 874.43 MB Total Pagefile: 6118.5 MB Available Pagefile: 2045.89 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:552.22 GB) (Free:110.13 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:13.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 47146F7A) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=552 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ==================== End Of Log ============================ Attaching file from TDSSkiller. TDSSKiller.3.0.0.40_10.07.2014_20.52.14_log.txt

Hi, Here are the scan results. 1. From FRST ____________________ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014Ran by Shafey (administrator) on SHAFEY-PC on 10-07-2014 20:43:46Running from C:\Users\Shafey\DesktopPlatform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe() C:\ProgramData\ChgService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe() C:\Users\Shafey\AppData\Roaming\Dashlane\Dashlane.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe(Dropbox, Inc.) C:\Users\Shafey\AppData\Roaming\Dropbox\bin\Dropbox.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE() C:\Program Files\ComicRack\ComicRack.exe(App Services) C:\ProgramData\Application\ApplicationService.exe(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe() C:\Users\Shafey\AppData\Roaming\Dashlane\DashlanePlugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Users\Shafey\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9744800 2011-03-29] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5399456 2011-03-29] (Lenovo(beijing) Limited)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-29] ()HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [Application Service] => C:\ProgramData\Application\ApplicationService.exe [50688 2014-07-09] (App Services)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [Google Update] => C:\Users\Shafey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-06] (Google Inc.)HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [Dashlane] => C:\Users\Shafey\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-05-27] ()HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [Application Service] => C:\ProgramData\Application\ApplicationService.exe [50688 2014-07-09] (App Services)HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\RunOnce: [uninstall C:\Users\Shafey\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shafey\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64"HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {1cd6b0c4-6483-11e3-822b-20898428bda7} - F:\.\ShowModem.exeHKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {285db820-33f7-11e3-84c8-20898428bda7} - F:\AutoRun.exeHKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {285db825-33f7-11e3-84c8-20898428bda7} - F:\AutoRun.exeHKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {d79c7899-3af1-11e3-a468-20898428bda7} - F:\AutoRun.exeHKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {d79c789c-3af1-11e3-a468-20898428bda7} - F:\AutoRun.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\Users\Shafey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Shafey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Shafey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: EldosIconOverlay -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncSharedPending -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)GroupPolicyUsers\S-1-5-21-2892114743-1712468159-3544421845-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x82F3A513D5B6CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,FirstHomePage = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://onelike.in/google/?ie=HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://onelike.in/google/?ie=HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - {09B16FE2-B7EB-46A5-A4D8-DCD4C5482B80} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searBHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Shafey\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Shafey\AppData\Roaming\Mozilla\Firefox\Profiles\bdjwxyk0.defaultFF SelectedSearchEngine: GoogleFF Homepage: hxxp://onelike.in/google/?mozhm=about:homeFF Keyword.URL: user_pref("keyword.URL", "hxxp://onelike.in/google/?keyWord=");FF NewTab: hxxp://onelike.in/google/?newtab=FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Shafey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Shafey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Shafey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Shafey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Shafey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Shafey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF Extension: Dashlane - C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-05-31] Chrome: =======CHR HomePage: CHR DefaultSearchKeyword: onelike.inCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (Dashlane) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-05-29]CHR Extension: (Skype Click to Call) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-06]CHR Extension: (Google Wallet) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Shafey\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-13]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06] ==================== Services (Whitelisted) ================= R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [951584 2010-07-30] (Broadcom Corporation.)R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [114688 2011-08-30] () [File not signed]R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-05] (SurfRight B.V.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2013-05-13] (Google Inc)S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2011-08-03] (QUALCOMM Incorporated)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347456 2012-10-30] (EldoS Corporation)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 nvUpdatusService; U2 Oasis2Service; U2 PCCarerServic; U2 ReadyComm.DirectRouter; U2 RichVideo; S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]U2 RtLedService; U2 SoftwareService; U2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-10 20:43 - 2014-07-10 20:44 - 00024660 _____ () C:\Users\Shafey\Desktop\FRST.txt2014-07-10 20:43 - 2014-07-10 20:44 - 00000000 ____D () C:\FRST2014-07-10 20:41 - 2014-07-10 20:41 - 02084352 _____ (Farbar) C:\Users\Shafey\Desktop\FRST64.exe2014-07-10 05:53 - 2014-07-10 06:17 - 00000000 ____D () C:\Users\Shafey\Downloads\The Rainmaker2014-07-10 05:49 - 2014-07-10 05:49 - 00041293 _____ () C:\Users\Shafey\Downloads\[kickass.to]the.rainmaker.dvdrip.ws.english.torrent2014-07-09 18:47 - 2014-07-09 23:05 - 00000000 ____D () C:\Users\Shafey\Downloads\Limitless (2011)2014-07-09 18:44 - 2014-07-09 18:49 - 00000000 ____D () C:\Users\Shafey\Downloads\Tron Legacy (2010)2014-07-09 18:44 - 2014-07-09 18:44 - 00015943 _____ () C:\Users\Shafey\Downloads\[kickass.to]limitless.2011.720p.brrip.x264.yify.torrent2014-07-09 18:40 - 2014-07-09 18:40 - 00017868 _____ () C:\Users\Shafey\Downloads\[kickass.to]tron.legacy.2010.brrip.720p.mkv.yify.torrent2014-07-09 06:53 - 2014-07-10 11:09 - 183502806 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E17.HDTV.XviD-LOL.avi2014-07-09 01:23 - 2014-07-09 01:23 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe2014-07-08 22:53 - 2014-07-08 22:53 - 00000000 ____D () C:\Users\Shafey\Downloads\Transformers.Age.of.Extinction.2014.CAM.ENGLISH.x264-P2P2014-07-08 22:52 - 2014-07-08 22:52 - 00016297 _____ () C:\Users\Shafey\Downloads\[kickass.to]transformers.age.of.extinction.2014.cam.english.x264.p2p.torrent2014-07-08 20:59 - 2014-07-09 05:07 - 183512276 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E19.HDTV.XviD-LOL.avi2014-07-08 20:48 - 2014-07-09 05:47 - 183490646 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E22.HDTV.XviD-LOL.avi2014-07-08 20:45 - 2014-07-09 06:58 - 183503486 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E16.HDTV.XviD-LOL.avi2014-07-08 20:44 - 2014-07-10 06:17 - 183503036 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E20.HDTV.XviD-LOL.avi2014-07-08 20:43 - 2014-07-08 20:43 - 00007640 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e20.hdtv.xvid.lol.avi.torrent2014-07-08 20:43 - 2014-07-08 20:43 - 00007559 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e19.hdtv.xvid.lol.eztv.torrent2014-07-08 20:43 - 2014-07-08 20:43 - 00007559 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e17.hdtv.xvid.lol.torrent2014-07-08 20:43 - 2014-07-08 20:43 - 00007387 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e22.hdtv.xvid.lol.avi.torrent2014-07-08 20:42 - 2014-07-08 20:42 - 00007640 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e16.hdtv.xvid.lol.avi.torrent2014-07-08 20:24 - 2014-07-09 05:19 - 183505992 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E05.HDTV.XviD-LOL.avi2014-07-08 20:23 - 2014-07-08 20:23 - 00007740 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e05.hdtv.xvid.lol.avi.torrent2014-07-07 23:45 - 2014-07-08 20:17 - 183474820 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E04.HDTV.XviD-LOL.avi2014-07-07 23:37 - 2014-07-08 17:00 - 183508992 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E03.HDTV.XviD-LOL.avi2014-07-07 23:37 - 2014-07-08 00:41 - 183527424 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E01.HDTV.XviD-LOL.avi2014-07-07 23:37 - 2014-07-07 23:37 - 00007660 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e01.hdtv.xvid.lol.torrent2014-07-07 23:36 - 2014-07-08 01:28 - 183486858 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E02.HDTV.XviD-LOL.avi2014-07-07 23:36 - 2014-07-07 23:36 - 00007639 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e04.hdtv.xvid.lol.eztv.torrent2014-07-07 23:35 - 2014-07-07 23:35 - 00007659 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e03.hdtv.xvid.lol.torrent2014-07-07 23:35 - 2014-07-07 23:35 - 00007639 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e02.hdtv.xvid.lol.avi.torrent2014-07-07 05:01 - 2014-07-07 05:16 - 00000000 ____D () C:\Users\Shafey\Downloads\30 Rock Season 42014-07-07 05:00 - 2014-07-07 05:00 - 00156260 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.season.4.complete.dl.king.torrent2014-07-06 00:12 - 2014-07-06 16:12 - 00000000 ____D () C:\Users\Shafey\Downloads\30 Rock Season 1 Complete HDTV-soagg2014-07-05 16:14 - 2014-07-05 23:27 - 00000000 ____D () C:\Users\Shafey\Downloads\[usaBit.com] - Magic.Mike.2012.CAM.AC3.H264-CRYS2014-07-05 16:12 - 2014-07-05 16:12 - 00028994 _____ () C:\Users\Shafey\Downloads\[kickass.to]magic.mike.2012.cam.ac3.h264.crys.torrent2014-07-05 15:34 - 2014-07-05 20:15 - 00000000 ____D () C:\Users\Shafey\Downloads\Jack Reacher (2012)2014-07-05 15:31 - 2014-07-05 15:31 - 00012182 _____ () C:\Users\Shafey\Downloads\[kickass.to]jack.reacher.2012.720p.brrip.x264.yify.torrent2014-07-05 13:40 - 2014-07-05 13:40 - 00020888 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.season.1.complete.hdtv.soagg.torrent2014-07-05 00:54 - 2014-07-05 01:41 - 44040950 _____ () C:\Users\Shafey\Downloads\Mighty_Avengers_011_(2014)_(Digital)_(Zone-Empire).cbr2014-07-05 00:54 - 2014-07-05 01:39 - 39096093 _____ () C:\Users\Shafey\Downloads\Mighty_Avengers_010_(2014)_(Digital)_(Zone-Empire).cbr2014-07-05 00:53 - 2014-07-05 00:53 - 00014129 _____ () C:\Users\Shafey\Downloads\[kickass.to]mighty.avengers.011.2014.digital.zone.empire.cbr.nem.torrent2014-07-05 00:53 - 2014-07-05 00:53 - 00012609 _____ () C:\Users\Shafey\Downloads\[kickass.to]mighty.avengers.010.2014.digital.zone.empire.cbr.nem.torrent2014-07-05 00:18 - 2014-07-05 00:29 - 35691288 _____ () C:\Users\Shafey\Downloads\Avengers_031_(2014)_(Digital)_(Zone-Empire).cbr2014-07-05 00:18 - 2014-07-05 00:18 - 00011562 _____ () C:\Users\Shafey\Downloads\[kickass.to]avengers.031.2014.digital.zone.empire.cbr.nem.torrent2014-07-04 18:25 - 2014-07-04 18:27 - 00000000 ____D () C:\Users\Shafey\Downloads\Non Stop (2014)2014-07-04 18:21 - 2014-07-04 18:21 - 00008810 _____ () C:\Users\Shafey\Downloads\[kickass.to]non.stop.2014.720p.brrip.x264.yify.torrent2014-07-03 20:16 - 2014-07-09 14:21 - 00000392 _____ () C:\windows\setupact.log2014-07-03 20:16 - 2014-07-03 20:16 - 00000000 _____ () C:\windows\setuperr.log2014-07-03 00:02 - 2014-07-03 23:59 - 00000000 ____D () C:\Users\Shafey\Downloads\Transcendence.2014.HDRip.XViD.juggs[ETRG]2014-07-03 00:01 - 2014-07-03 00:01 - 00057300 _____ () C:\Users\Shafey\Downloads\[kickass.to]transcendence.2014.hdrip.xvid.juggs.etrg.torrent2014-07-02 00:18 - 2014-07-02 00:18 - 00231134 _____ () C:\Users\Shafey\Downloads\Louis Menand The Marketplace of Ideas Reform and Resistance in the American University Issues of Our Time 2010.epub2014-07-01 18:19 - 2014-07-01 18:21 - 01346519 _____ () C:\Users\Shafey\Downloads\adwcleaner_3.214.exe2014-07-01 13:15 - 2014-07-01 18:53 - 00000000 ____D () C:\Users\Shafey\Downloads\Alexander [The Final Cut] (2004)2014-07-01 01:11 - 2014-07-01 01:11 - 00021392 _____ () C:\Users\Shafey\Downloads\[kickass.to]alexander.revisited.the.final.cut.2004.brrip.72.torrent2014-06-30 03:35 - 2014-06-30 03:35 - 00745439 _____ () C:\Users\Shafey\Downloads\pg43656-images.epub2014-06-30 03:24 - 2014-06-30 03:24 - 00397766 _____ () C:\Users\Shafey\Downloads\pg12050.epub2014-06-29 06:00 - 2014-06-29 06:11 - 43238532 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_032_(2014)_(Digital)_(Nahga-Empire).cbr2014-06-29 05:48 - 2014-06-29 06:00 - 47339279 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_031_(2014)_(Digital)_(Nahga-Empire).cbr2014-06-29 05:37 - 2014-06-29 05:48 - 42074348 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_030_(2014)_(Digital)_(Nahga-Empire).cbr2014-06-29 05:36 - 2014-06-29 05:36 - 00015127 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.031.2014.digital.nahga.empire.cbr.nem.torrent2014-06-29 05:36 - 2014-06-29 05:36 - 00013867 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.032.2014.digital.nahga.empire.cbr.nem.torrent2014-06-29 05:36 - 2014-06-29 05:36 - 00013527 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.030.2014.digital.nahga.empire.cbr.nem.torrent2014-06-29 04:26 - 2014-07-04 00:33 - 00000000 ____D () C:\Users\Shafey\Downloads\Fading Gigolo (2014) .720p.BluRay.x264.YIFY2014-06-29 04:21 - 2014-06-29 04:21 - 00057437 _____ () C:\Users\Shafey\Downloads\Fading_Gigolo_(2014)_.720p.BluRay.x264.YIFY.torrent2014-06-29 02:33 - 2014-06-29 02:34 - 00024601 _____ () C:\Users\Shafey\Downloads\[kickass.to]ken.park.2002.unrated.300mb.torrent2014-06-28 17:57 - 2014-06-28 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-06-28 03:29 - 2014-06-28 03:30 - 00016830 _____ () C:\Users\Shafey\Downloads\[kickass.to]how.to.train.your.dragon.2.2014.cam.400mb.ganool.torrent2014-06-27 21:32 - 2014-06-27 21:33 - 00014802 _____ () C:\Users\Shafey\Downloads\[kickass.to]armageddon.1998.720p.x264.1280.720.yify.torrent2014-06-26 18:18 - 2014-06-26 18:18 - 00000000 ____D () C:\Users\Faizi\Documents\BioWare2014-06-26 18:16 - 2014-06-26 18:16 - 00000000 ____D () C:\Users\Faizi\AppData\Roaming\Malwarebytes2014-06-26 16:33 - 2014-06-26 16:33 - 00000962 _____ () C:\Users\Public\Desktop\PDF to Word.lnk2014-06-26 16:33 - 2014-06-26 16:33 - 00000063 _____ () C:\Users\Public\Desktop\Purchase PDF to Word.url2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\Users\Shafey\Documents\Quick-PDF PDF to Word2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\Program Files (x86)\PDF to Word2014-06-26 15:29 - 2014-06-26 15:29 - 00000000 ____D () C:\Users\Shafey\Downloads\Quick-PDF PDF To Word Converter 2.2 with WORKING Crack [^YTSA^]2014-06-26 15:27 - 2014-06-26 15:27 - 00010394 _____ () C:\Users\Shafey\Downloads\[kickass.to]quick.pdf.pdf.to.word.converter.2.2.with.working.crack.ytsa.torrent2014-06-26 11:30 - 2014-06-26 11:30 - 00122306 _____ () C:\Users\Shafey\Downloads\Basic Research Skills_634974032848281250.pptx2014-06-24 01:30 - 2014-06-24 01:49 - 46077123 _____ () C:\Users\Shafey\Downloads\Superman-Wonder_Woman_008_(2014)_(2_covers)_(digital-Empire).cbr2014-06-24 01:28 - 2014-06-24 01:28 - 00014759 _____ () C:\Users\Shafey\Downloads\[kickass.to]superman.wonder.woman.008.2014.2.covers.digital.empire.cbr.torrent2014-06-24 01:21 - 2014-06-24 01:30 - 00000000 ____D () C:\Users\Shafey\Downloads\Queen 2014 Hindi 720p DvDRip x264 AAC...Hon3y2014-06-24 01:20 - 2014-06-24 01:20 - 00021469 _____ () C:\Users\Shafey\Downloads\[kickass.to]queen.2014.hindi.720p.dvdrip.x264.aac.hon3y.torrent2014-06-23 21:22 - 2014-06-23 21:22 - 00016918 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.21.30.adult.xxx.comic.pdf.praky.torrent2014-06-23 04:00 - 2014-06-23 04:04 - 00000000 ____D () C:\Users\Shafey\Downloads\Vicky.Cristina.Barcelona[2008]DvDrip-aXXo2014-06-22 13:19 - 2014-06-22 13:25 - 00000000 ____D () C:\Users\Shafey\Downloads\The Girl with the Dragon Tattoo (2011)2014-06-22 00:48 - 2014-06-22 13:21 - 00000000 ____D () C:\Users\Shafey\Downloads\Cruel.Intentions.3.2004.DVDRip.XViD2014-06-22 00:43 - 2014-06-22 00:44 - 00057886 _____ () C:\Users\Shafey\Downloads\[kickass.to]cruel.intentions.3.2004.dvdrip.xvid.torrent2014-06-21 02:39 - 2014-06-21 02:39 - 00020330 _____ () C:\Users\Shafey\Downloads\[kickass.to]the.girl.with.the.dragon.tattoo.2011.720p.brrip.x264.yify.torrent2014-06-21 02:23 - 2014-06-21 02:23 - 00056782 _____ () C:\Users\Shafey\Downloads\[kickass.to]vicky.cristina.barcelona.2008.dvdrip.axxo.torrent2014-06-21 02:22 - 2014-06-23 02:01 - 00000000 ____D () C:\Users\Shafey\Downloads\Chloe (2009)2014-06-21 02:22 - 2014-06-21 23:36 - 733339648 _____ () C:\Users\Shafey\Downloads\Cruel Intentions[1999]DvDrip[Eng]-Stealthmaster.avi2014-06-21 02:19 - 2014-06-21 02:19 - 00018839 _____ () C:\Users\Shafey\Downloads\[kickass.to]chloe.2009.brrip.720p.mkv.450mb.yify.torrent2014-06-21 02:18 - 2014-06-21 02:18 - 00028806 _____ () C:\Users\Shafey\Downloads\[kickass.to]cruel.intentions.1999.dvdrip.eng.stealthmaster.torrent2014-06-21 02:08 - 2014-06-21 02:09 - 00000000 ____D () C:\Users\Shafey\Downloads\Kick-Ass 2 (2013)2014-06-21 02:04 - 2014-06-21 02:04 - 00008816 _____ () C:\Users\Shafey\Downloads\[kickass.to]kick.ass.2.2013.720p.brrip.x264.yify.torrent2014-06-21 02:00 - 2014-06-21 23:46 - 00000000 ____D () C:\Users\Shafey\Downloads\This Is the End (2013)2014-06-21 01:58 - 2014-06-21 01:58 - 00008824 _____ () C:\Users\Shafey\Downloads\[kickass.to]this.is.the.end.2013.720p.brrip.x264.yify.torrent2014-06-20 23:24 - 2014-06-20 23:24 - 00000179 _____ () C:\Users\Shafey\Downloads\The_Rise_of_English_Studies.enw2014-06-20 23:23 - 2014-06-20 23:23 - 00000219 _____ () C:\Users\Shafey\Downloads\The_Rise_of_English_Studies.bibtex2014-06-20 22:19 - 2014-06-20 22:19 - 00000000 ____D () C:\Users\Shafey\Downloads\Femme Fatale (2002)2014-06-20 22:16 - 2014-06-20 22:16 - 00056749 _____ () C:\Users\Shafey\Downloads\[kickass.to]femme.fatale.2002.dvdrip.brian.de.palma.torrent2014-06-19 16:31 - 2014-06-19 16:31 - 00013039 _____ () C:\Users\Shafey\Downloads\[kickass.to]kirtu.savita.bhabhi.ep.42.a.mistaken.identity.censored.can.be.a.lot.of.fun.adult.xxx.comic.praky.torrent2014-06-19 16:23 - 2014-06-19 16:23 - 00002451 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.39.replacement.bride.praky.torrent2014-06-19 16:21 - 2014-06-19 16:21 - 00002173 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.43.epic.savita.and.velamma.16.pages.a.torrent2014-06-18 14:06 - 2014-06-18 14:07 - 00000005 _____ () C:\Users\Shafey\AppData\Roaming\mbam.context.scan2014-06-18 05:06 - 2014-06-18 05:10 - 00000000 ____D () C:\Users\Shafey\Downloads\Game.Of.Thrones.S04E10.HDTV.x264-ChameE2014-06-18 05:06 - 2014-06-18 05:06 - 00013662 _____ () C:\Users\Shafey\Downloads\[kickass.to]game.of.thrones.s04e10.hdtv.x264.chamee.torrent2014-06-18 05:05 - 2014-06-18 05:05 - 00030552 _____ () C:\Users\Shafey\Downloads\[kickass.to]game.of.thrones.s04e09.hdtv.x264.killers.ettv.torrent2014-06-17 20:40 - 2014-06-17 20:41 - 00318600 _____ (Dropbox, Inc.) C:\Users\Shafey\Downloads\DropboxInstaller (1).exe2014-06-17 19:21 - 2014-06-18 03:54 - 00000000 ____D () C:\Users\Shafey\Downloads\Waterworld (1995)2014-06-17 07:47 - 2014-06-17 07:47 - 00001238 _____ () C:\windows\system32\.crusader2014-06-17 07:23 - 2014-06-23 23:45 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-06-17 07:23 - 2014-06-17 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-06-17 07:23 - 2014-06-17 07:23 - 00000000 ____D () C:\Program Files\HitmanPro2014-06-17 07:16 - 2014-06-17 07:48 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-17 07:16 - 2014-06-17 07:22 - 10971424 _____ (SurfRight B.V.) C:\Users\Shafey\Desktop\HitmanPro_x64.exe2014-06-17 06:18 - 2014-06-17 06:18 - 00001044 _____ () C:\Users\Shafey\Desktop\JRT.txt2014-06-17 06:10 - 2014-06-17 06:10 - 00000000 ____D () C:\windows\ERUNT2014-06-17 06:07 - 2014-06-17 06:07 - 01016261 _____ (Thisisu) C:\Users\Shafey\Desktop\JRT.exe2014-06-17 04:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-06-17 04:57 - 2014-06-17 06:24 - 00000000 ____D () C:\AdwCleaner2014-06-16 04:03 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\Shafey\Downloads\Enemy (2013)2014-06-15 03:05 - 2014-06-15 03:05 - 00151279 _____ () C:\Users\Shafey\Downloads\Sex differences in rhesus monkey toy preferences parallel those of children.htm2014-06-15 03:05 - 2014-06-15 03:05 - 00000000 ____D () C:\Users\Shafey\Downloads\Sex differences in rhesus monkey toy preferences parallel those of children_files2014-06-15 02:57 - 2014-07-10 20:33 - 01524214 _____ () C:\windows\WindowsUpdate.log2014-06-15 01:36 - 2014-06-15 14:47 - 229283126 _____ () C:\Users\Shafey\Downloads\Louie.S04E12.HDTV.x264-LOL.mp42014-06-14 22:01 - 2014-06-16 01:29 - 00000000 ____D () C:\Users\Shafey\Downloads\RoboCop (2014) [1080p]2014-06-14 21:56 - 2014-06-14 23:42 - 00000000 ____D () C:\Users\Shafey\Downloads\Louie S04E11 HDTV XviD-FUM[ettv]2014-06-11 19:24 - 2014-06-11 19:24 - 00000084 _____ () C:\Users\Shafey\Downloads\Culler_Literary_in_Theory.txt2014-06-11 06:58 - 2014-04-25 08:04 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll2014-06-11 06:58 - 2014-04-25 07:36 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll2014-06-11 06:57 - 2014-05-30 15:51 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-06-11 06:57 - 2014-05-30 15:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-06-11 06:57 - 2014-05-30 15:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-06-11 06:57 - 2014-05-30 15:15 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-06-11 06:57 - 2014-05-30 15:09 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-06-11 06:57 - 2014-05-30 15:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-06-11 06:57 - 2014-05-30 15:08 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-06-11 06:57 - 2014-05-30 14:58 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-06-11 06:57 - 2014-05-30 14:57 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-06-11 06:57 - 2014-05-30 14:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-06-11 06:57 - 2014-05-30 14:51 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-06-11 06:57 - 2014-05-30 14:51 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-06-11 06:57 - 2014-05-30 14:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-06-11 06:57 - 2014-05-30 14:48 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-06-11 06:57 - 2014-05-30 14:41 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-06-11 06:57 - 2014-05-30 14:38 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-06-11 06:57 - 2014-05-30 14:36 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-06-11 06:57 - 2014-05-30 14:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-06-11 06:57 - 2014-05-30 14:25 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-06-11 06:57 - 2014-05-30 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-06-11 06:57 - 2014-05-30 14:16 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-06-11 06:57 - 2014-05-30 14:14 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-06-11 06:57 - 2014-05-30 14:14 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-06-11 06:57 - 2014-05-30 14:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-06-11 06:57 - 2014-05-30 14:12 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-06-11 06:57 - 2014-05-30 14:08 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-06-11 06:57 - 2014-05-30 14:05 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-06-11 06:57 - 2014-05-30 14:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-06-11 06:57 - 2014-05-30 14:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-06-11 06:57 - 2014-05-30 14:00 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-06-11 06:57 - 2014-05-30 13:59 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-06-11 06:57 - 2014-05-30 13:58 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-06-11 06:57 - 2014-05-30 13:57 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-06-11 06:57 - 2014-05-30 13:54 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-06-11 06:57 - 2014-05-30 13:53 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-06-11 06:57 - 2014-05-30 13:46 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-06-11 06:57 - 2014-05-30 13:40 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-11 06:57 - 2014-05-30 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-06-11 06:57 - 2014-05-30 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-06-11 06:57 - 2014-05-30 13:32 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-06-11 06:57 - 2014-05-30 13:26 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-06-11 06:57 - 2014-05-30 13:26 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-06-11 06:57 - 2014-05-30 13:24 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-06-11 06:57 - 2014-05-30 13:20 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-06-11 06:57 - 2014-05-30 13:19 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-06-11 06:57 - 2014-05-30 13:13 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-06-11 06:57 - 2014-05-30 13:10 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-06-11 06:57 - 2014-05-30 13:00 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-06-11 06:57 - 2014-05-30 12:51 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-06-11 06:57 - 2014-05-30 12:45 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-06-11 06:57 - 2014-05-30 12:43 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-06-11 06:57 - 2014-05-30 12:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-06-11 03:21 - 2014-06-08 14:43 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-11 03:21 - 2014-06-08 14:38 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-11 03:04 - 2014-04-05 08:17 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2014-06-11 03:04 - 2014-04-05 08:17 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2014-06-11 03:03 - 2014-03-26 20:14 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2014-06-11 03:03 - 2014-03-26 20:14 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2014-06-11 03:03 - 2014-03-26 19:57 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2014-06-11 03:02 - 2014-03-26 20:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll2014-06-11 03:02 - 2014-03-26 20:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll2014-06-11 03:02 - 2014-03-26 19:57 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2014-06-11 03:02 - 2014-03-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll2014-06-11 03:02 - 2014-03-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll2014-06-10 01:12 - 2014-06-10 01:13 - 00000000 ____D () C:\Users\Shafey\Downloads\Game of Thrones S04E09 HDTV x264-KILLERS[ettv] ==================== One Month Modified Files and Folders ======= 2014-07-10 20:45 - 2012-12-19 20:35 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\uTorrent2014-07-10 20:44 - 2014-07-10 20:43 - 00024660 _____ () C:\Users\Shafey\Desktop\FRST.txt2014-07-10 20:44 - 2014-07-10 20:43 - 00000000 ____D () C:\FRST2014-07-10 20:44 - 2014-01-19 19:11 - 00000088 _____ () C:\Users\Shafey\AppData\Local\nd.am2014-07-10 20:43 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\tracing2014-07-10 20:41 - 2014-07-10 20:41 - 02084352 _____ (Farbar) C:\Users\Shafey\Desktop\FRST64.exe2014-07-10 20:33 - 2014-06-15 02:57 - 01524214 _____ () C:\windows\WindowsUpdate.log2014-07-10 20:30 - 2012-12-19 21:56 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-10 20:26 - 2013-04-14 01:13 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000UA.job2014-07-10 20:21 - 2014-05-01 15:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-07-10 20:21 - 2009-07-14 10:43 - 00006398 _____ () C:\windows\system32\PerfStringBackup.INI2014-07-10 20:15 - 2012-12-19 21:56 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-10 16:11 - 2012-12-19 20:16 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\vlc2014-07-10 11:09 - 2014-07-09 06:53 - 183502806 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E17.HDTV.XviD-LOL.avi2014-07-10 07:26 - 2013-04-14 01:13 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000Core.job2014-07-10 06:17 - 2014-07-10 05:53 - 00000000 ____D () C:\Users\Shafey\Downloads\The Rainmaker2014-07-10 06:17 - 2014-07-08 20:44 - 183503036 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E20.HDTV.XviD-LOL.avi2014-07-10 05:49 - 2014-07-10 05:49 - 00041293 _____ () C:\Users\Shafey\Downloads\[kickass.to]the.rainmaker.dvdrip.ws.english.torrent2014-07-09 23:05 - 2014-07-09 18:47 - 00000000 ____D () C:\Users\Shafey\Downloads\Limitless (2011)2014-07-09 21:02 - 2014-01-19 19:11 - 00000000 ____D () C:\ProgramData\Application2014-07-09 18:49 - 2014-07-09 18:44 - 00000000 ____D () C:\Users\Shafey\Downloads\Tron Legacy (2010)2014-07-09 18:44 - 2014-07-09 18:44 - 00015943 _____ () C:\Users\Shafey\Downloads\[kickass.to]limitless.2011.720p.brrip.x264.yify.torrent2014-07-09 18:40 - 2014-07-09 18:40 - 00017868 _____ () C:\Users\Shafey\Downloads\[kickass.to]tron.legacy.2010.brrip.720p.mkv.yify.torrent2014-07-09 15:24 - 2014-05-15 12:53 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\DropboxMaster2014-07-09 15:24 - 2012-12-19 22:16 - 00000000 ___RD () C:\Users\Shafey\Dropbox2014-07-09 15:24 - 2012-12-19 20:24 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\Dropbox2014-07-09 14:28 - 2009-07-14 10:15 - 00013744 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-09 14:28 - 2009-07-14 10:15 - 00013744 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-09 14:21 - 2014-07-03 20:16 - 00000392 _____ () C:\windows\setupact.log2014-07-09 14:21 - 2013-12-16 20:51 - 00196608 _____ () C:\windows\system32\Ikeext.etl2014-07-09 14:21 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-07-09 06:58 - 2014-07-08 20:45 - 183503486 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E16.HDTV.XviD-LOL.avi2014-07-09 05:47 - 2014-07-08 20:48 - 183490646 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E22.HDTV.XviD-LOL.avi2014-07-09 05:19 - 2014-07-08 20:24 - 183505992 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E05.HDTV.XviD-LOL.avi2014-07-09 05:07 - 2014-07-08 20:59 - 183512276 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E19.HDTV.XviD-LOL.avi2014-07-09 02:30 - 2012-12-19 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-07-09 01:24 - 2014-05-01 15:04 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-07-09 01:24 - 2014-05-01 15:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-09 01:24 - 2014-05-01 15:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-07-09 01:23 - 2014-07-09 01:23 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe2014-07-08 22:53 - 2014-07-08 22:53 - 00000000 ____D () C:\Users\Shafey\Downloads\Transformers.Age.of.Extinction.2014.CAM.ENGLISH.x264-P2P2014-07-08 22:52 - 2014-07-08 22:52 - 00016297 _____ () C:\Users\Shafey\Downloads\[kickass.to]transformers.age.of.extinction.2014.cam.english.x264.p2p.torrent2014-07-08 20:43 - 2014-07-08 20:43 - 00007640 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e20.hdtv.xvid.lol.avi.torrent2014-07-08 20:43 - 2014-07-08 20:43 - 00007559 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e19.hdtv.xvid.lol.eztv.torrent2014-07-08 20:43 - 2014-07-08 20:43 - 00007559 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e17.hdtv.xvid.lol.torrent2014-07-08 20:43 - 2014-07-08 20:43 - 00007387 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e22.hdtv.xvid.lol.avi.torrent2014-07-08 20:42 - 2014-07-08 20:42 - 00007640 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e16.hdtv.xvid.lol.avi.torrent2014-07-08 20:23 - 2014-07-08 20:23 - 00007740 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e05.hdtv.xvid.lol.avi.torrent2014-07-08 20:17 - 2014-07-07 23:45 - 183474820 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E04.HDTV.XviD-LOL.avi2014-07-08 17:00 - 2014-07-07 23:37 - 183508992 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E03.HDTV.XviD-LOL.avi2014-07-08 01:28 - 2014-07-07 23:36 - 183486858 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E02.HDTV.XviD-LOL.avi2014-07-08 00:41 - 2014-07-07 23:37 - 183527424 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E01.HDTV.XviD-LOL.avi2014-07-07 23:37 - 2014-07-07 23:37 - 00007660 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e01.hdtv.xvid.lol.torrent2014-07-07 23:36 - 2014-07-07 23:36 - 00007639 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e04.hdtv.xvid.lol.eztv.torrent2014-07-07 23:35 - 2014-07-07 23:35 - 00007659 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e03.hdtv.xvid.lol.torrent2014-07-07 23:35 - 2014-07-07 23:35 - 00007639 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e02.hdtv.xvid.lol.avi.torrent2014-07-07 05:16 - 2014-07-07 05:01 - 00000000 ____D () C:\Users\Shafey\Downloads\30 Rock Season 42014-07-07 05:00 - 2014-07-07 05:00 - 00156260 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.season.4.complete.dl.king.torrent2014-07-06 16:12 - 2014-07-06 00:12 - 00000000 ____D () C:\Users\Shafey\Downloads\30 Rock Season 1 Complete HDTV-soagg2014-07-05 23:27 - 2014-07-05 16:14 - 00000000 ____D () C:\Users\Shafey\Downloads\[usaBit.com] - Magic.Mike.2012.CAM.AC3.H264-CRYS2014-07-05 20:15 - 2014-07-05 15:34 - 00000000 ____D () C:\Users\Shafey\Downloads\Jack Reacher (2012)2014-07-05 16:12 - 2014-07-05 16:12 - 00028994 _____ () C:\Users\Shafey\Downloads\[kickass.to]magic.mike.2012.cam.ac3.h264.crys.torrent2014-07-05 15:31 - 2014-07-05 15:31 - 00012182 _____ () C:\Users\Shafey\Downloads\[kickass.to]jack.reacher.2012.720p.brrip.x264.yify.torrent2014-07-05 13:40 - 2014-07-05 13:40 - 00020888 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.season.1.complete.hdtv.soagg.torrent2014-07-05 01:41 - 2014-07-05 00:54 - 44040950 _____ () C:\Users\Shafey\Downloads\Mighty_Avengers_011_(2014)_(Digital)_(Zone-Empire).cbr2014-07-05 01:39 - 2014-07-05 00:54 - 39096093 _____ () C:\Users\Shafey\Downloads\Mighty_Avengers_010_(2014)_(Digital)_(Zone-Empire).cbr2014-07-05 00:53 - 2014-07-05 00:53 - 00014129 _____ () C:\Users\Shafey\Downloads\[kickass.to]mighty.avengers.011.2014.digital.zone.empire.cbr.nem.torrent2014-07-05 00:53 - 2014-07-05 00:53 - 00012609 _____ () C:\Users\Shafey\Downloads\[kickass.to]mighty.avengers.010.2014.digital.zone.empire.cbr.nem.torrent2014-07-05 00:29 - 2014-07-05 00:18 - 35691288 _____ () C:\Users\Shafey\Downloads\Avengers_031_(2014)_(Digital)_(Zone-Empire).cbr2014-07-05 00:18 - 2014-07-05 00:18 - 00011562 _____ () C:\Users\Shafey\Downloads\[kickass.to]avengers.031.2014.digital.zone.empire.cbr.nem.torrent2014-07-04 18:27 - 2014-07-04 18:25 - 00000000 ____D () C:\Users\Shafey\Downloads\Non Stop (2014)2014-07-04 18:21 - 2014-07-04 18:21 - 00008810 _____ () C:\Users\Shafey\Downloads\[kickass.to]non.stop.2014.720p.brrip.x264.yify.torrent2014-07-04 00:33 - 2014-06-29 04:26 - 00000000 ____D () C:\Users\Shafey\Downloads\Fading Gigolo (2014) .720p.BluRay.x264.YIFY2014-07-03 23:59 - 2014-07-03 00:02 - 00000000 ____D () C:\Users\Shafey\Downloads\Transcendence.2014.HDRip.XViD.juggs[ETRG]2014-07-03 20:16 - 2014-07-03 20:16 - 00000000 _____ () C:\windows\setuperr.log2014-07-03 00:01 - 2014-07-03 00:01 - 00057300 _____ () C:\Users\Shafey\Downloads\[kickass.to]transcendence.2014.hdrip.xvid.juggs.etrg.torrent2014-07-02 00:18 - 2014-07-02 00:18 - 00231134 _____ () C:\Users\Shafey\Downloads\Louis Menand The Marketplace of Ideas Reform and Resistance in the American University Issues of Our Time 2010.epub2014-07-01 18:53 - 2014-07-01 13:15 - 00000000 ____D () C:\Users\Shafey\Downloads\Alexander [The Final Cut] (2004)2014-07-01 18:21 - 2014-07-01 18:19 - 01346519 _____ () C:\Users\Shafey\Downloads\adwcleaner_3.214.exe2014-07-01 16:56 - 2014-05-03 13:39 - 00000000 ____D () C:\Users\Shafey\Desktop\Nabila2014-07-01 01:11 - 2014-07-01 01:11 - 00021392 _____ () C:\Users\Shafey\Downloads\[kickass.to]alexander.revisited.the.final.cut.2004.brrip.72.torrent2014-06-30 13:26 - 2012-12-22 05:25 - 00000000 ____D () C:\Users\Shafey\.FBReader2014-06-30 03:35 - 2014-06-30 03:35 - 00745439 _____ () C:\Users\Shafey\Downloads\pg43656-images.epub2014-06-30 03:24 - 2014-06-30 03:24 - 00397766 _____ () C:\Users\Shafey\Downloads\pg12050.epub2014-06-29 10:57 - 2014-05-01 13:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-06-29 06:11 - 2014-06-29 06:00 - 43238532 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_032_(2014)_(Digital)_(Nahga-Empire).cbr2014-06-29 06:00 - 2014-06-29 05:48 - 47339279 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_031_(2014)_(Digital)_(Nahga-Empire).cbr2014-06-29 05:48 - 2014-06-29 05:37 - 42074348 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_030_(2014)_(Digital)_(Nahga-Empire).cbr2014-06-29 05:36 - 2014-06-29 05:36 - 00015127 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.031.2014.digital.nahga.empire.cbr.nem.torrent2014-06-29 05:36 - 2014-06-29 05:36 - 00013867 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.032.2014.digital.nahga.empire.cbr.nem.torrent2014-06-29 05:36 - 2014-06-29 05:36 - 00013527 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.030.2014.digital.nahga.empire.cbr.nem.torrent2014-06-29 04:21 - 2014-06-29 04:21 - 00057437 _____ () C:\Users\Shafey\Downloads\Fading_Gigolo_(2014)_.720p.BluRay.x264.YIFY.torrent2014-06-29 02:34 - 2014-06-29 02:33 - 00024601 _____ () C:\Users\Shafey\Downloads\[kickass.to]ken.park.2002.unrated.300mb.torrent2014-06-28 17:57 - 2014-06-28 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-06-28 03:30 - 2014-06-28 03:29 - 00016830 _____ () C:\Users\Shafey\Downloads\[kickass.to]how.to.train.your.dragon.2.2014.cam.400mb.ganool.torrent2014-06-27 21:33 - 2014-06-27 21:32 - 00014802 _____ () C:\Users\Shafey\Downloads\[kickass.to]armageddon.1998.720p.x264.1280.720.yify.torrent2014-06-26 18:18 - 2014-06-26 18:18 - 00000000 ____D () C:\Users\Faizi\Documents\BioWare2014-06-26 18:16 - 2014-06-26 18:16 - 00000000 ____D () C:\Users\Faizi\AppData\Roaming\Malwarebytes2014-06-26 18:16 - 2014-01-12 18:19 - 00001232 __RSH () C:\Users\Faizi\ntuser.pol2014-06-26 18:16 - 2014-01-12 18:18 - 00000000 ____D () C:\Users\Faizi2014-06-26 16:58 - 2011-03-29 05:52 - 00000000 ____D () C:\ProgramData\Temp2014-06-26 16:33 - 2014-06-26 16:33 - 00000962 _____ () C:\Users\Public\Desktop\PDF to Word.lnk2014-06-26 16:33 - 2014-06-26 16:33 - 00000063 _____ () C:\Users\Public\Desktop\Purchase PDF to Word.url2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\Users\Shafey\Documents\Quick-PDF PDF to Word2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\Program Files (x86)\PDF to Word2014-06-26 15:29 - 2014-06-26 15:29 - 00000000 ____D () C:\Users\Shafey\Downloads\Quick-PDF PDF To Word Converter 2.2 with WORKING Crack [^YTSA^]2014-06-26 15:27 - 2014-06-26 15:27 - 00010394 _____ () C:\Users\Shafey\Downloads\[kickass.to]quick.pdf.pdf.to.word.converter.2.2.with.working.crack.ytsa.torrent2014-06-26 11:30 - 2014-06-26 11:30 - 00122306 _____ () C:\Users\Shafey\Downloads\Basic Research Skills_634974032848281250.pptx2014-06-24 01:49 - 2014-06-24 01:30 - 46077123 _____ () C:\Users\Shafey\Downloads\Superman-Wonder_Woman_008_(2014)_(2_covers)_(digital-Empire).cbr2014-06-24 01:30 - 2014-06-24 01:21 - 00000000 ____D () C:\Users\Shafey\Downloads\Queen 2014 Hindi 720p DvDRip x264 AAC...Hon3y2014-06-24 01:28 - 2014-06-24 01:28 - 00014759 _____ () C:\Users\Shafey\Downloads\[kickass.to]superman.wonder.woman.008.2014.2.covers.digital.empire.cbr.torrent2014-06-24 01:20 - 2014-06-24 01:20 - 00021469 _____ () C:\Users\Shafey\Downloads\[kickass.to]queen.2014.hindi.720p.dvdrip.x264.aac.hon3y.torrent2014-06-24 00:44 - 2013-09-29 19:43 - 00000000 ____D () C:\windows\Minidump2014-06-23 23:45 - 2014-06-17 07:23 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-06-23 21:22 - 2014-06-23 21:22 - 00016918 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.21.30.adult.xxx.comic.pdf.praky.torrent2014-06-23 04:04 - 2014-06-23 04:00 - 00000000 ____D () C:\Users\Shafey\Downloads\Vicky.Cristina.Barcelona[2008]DvDrip-aXXo2014-06-23 02:01 - 2014-06-21 02:22 - 00000000 ____D () C:\Users\Shafey\Downloads\Chloe (2009)2014-06-22 13:25 - 2014-06-22 13:19 - 00000000 ____D () C:\Users\Shafey\Downloads\The Girl with the Dragon Tattoo (2011)2014-06-22 13:21 - 2014-06-22 00:48 - 00000000 ____D () C:\Users\Shafey\Downloads\Cruel.Intentions.3.2004.DVDRip.XViD2014-06-22 00:44 - 2014-06-22 00:43 - 00057886 _____ () C:\Users\Shafey\Downloads\[kickass.to]cruel.intentions.3.2004.dvdrip.xvid.torrent2014-06-21 23:46 - 2014-06-21 02:00 - 00000000 ____D () C:\Users\Shafey\Downloads\This Is the End (2013)2014-06-21 23:36 - 2014-06-21 02:22 - 733339648 _____ () C:\Users\Shafey\Downloads\Cruel Intentions[1999]DvDrip[Eng]-Stealthmaster.avi2014-06-21 02:39 - 2014-06-21 02:39 - 00020330 _____ () C:\Users\Shafey\Downloads\[kickass.to]the.girl.with.the.dragon.tattoo.2011.720p.brrip.x264.yify.torrent2014-06-21 02:23 - 2014-06-21 02:23 - 00056782 _____ () C:\Users\Shafey\Downloads\[kickass.to]vicky.cristina.barcelona.2008.dvdrip.axxo.torrent2014-06-21 02:19 - 2014-06-21 02:19 - 00018839 _____ () C:\Users\Shafey\Downloads\[kickass.to]chloe.2009.brrip.720p.mkv.450mb.yify.torrent2014-06-21 02:18 - 2014-06-21 02:18 - 00028806 _____ () C:\Users\Shafey\Downloads\[kickass.to]cruel.intentions.1999.dvdrip.eng.stealthmaster.torrent2014-06-21 02:09 - 2014-06-21 02:08 - 00000000 ____D () C:\Users\Shafey\Downloads\Kick-Ass 2 (2013)2014-06-21 02:04 - 2014-06-21 02:04 - 00008816 _____ () C:\Users\Shafey\Downloads\[kickass.to]kick.ass.2.2013.720p.brrip.x264.yify.torrent2014-06-21 01:58 - 2014-06-21 01:58 - 00008824 _____ () C:\Users\Shafey\Downloads\[kickass.to]this.is.the.end.2013.720p.brrip.x264.yify.torrent2014-06-20 23:24 - 2014-06-20 23:24 - 00000179 _____ () C:\Users\Shafey\Downloads\The_Rise_of_English_Studies.enw2014-06-20 23:23 - 2014-06-20 23:23 - 00000219 _____ () C:\Users\Shafey\Downloads\The_Rise_of_English_Studies.bibtex2014-06-20 22:19 - 2014-06-20 22:19 - 00000000 ____D () C:\Users\Shafey\Downloads\Femme Fatale (2002)2014-06-20 22:16 - 2014-06-20 22:16 - 00056749 _____ () C:\Users\Shafey\Downloads\[kickass.to]femme.fatale.2002.dvdrip.brian.de.palma.torrent2014-06-20 21:32 - 2014-06-16 04:03 - 00000000 ____D () C:\Users\Shafey\Downloads\Enemy (2013)2014-06-20 19:25 - 2012-12-19 21:56 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-20 19:25 - 2012-12-19 21:56 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-19 16:31 - 2014-06-19 16:31 - 00013039 _____ () C:\Users\Shafey\Downloads\[kickass.to]kirtu.savita.bhabhi.ep.42.a.mistaken.identity.censored.can.be.a.lot.of.fun.adult.xxx.comic.praky.torrent2014-06-19 16:23 - 2014-06-19 16:23 - 00002451 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.39.replacement.bride.praky.torrent2014-06-19 16:21 - 2014-06-19 16:21 - 00002173 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.43.epic.savita.and.velamma.16.pages.a.torrent2014-06-18 14:07 - 2014-06-18 14:06 - 00000005 _____ () C:\Users\Shafey\AppData\Roaming\mbam.context.scan2014-06-18 07:21 - 2013-04-14 01:13 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000UA2014-06-18 07:21 - 2013-04-14 01:13 - 00003492 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000Core2014-06-18 05:10 - 2014-06-18 05:06 - 00000000 ____D () C:\Users\Shafey\Downloads\Game.Of.Thrones.S04E10.HDTV.x264-ChameE2014-06-18 05:06 - 2014-06-18 05:06 - 00013662 _____ () C:\Users\Shafey\Downloads\[kickass.to]game.of.thrones.s04e10.hdtv.x264.chamee.torrent2014-06-18 05:05 - 2014-06-18 05:05 - 00030552 _____ () C:\Users\Shafey\Downloads\[kickass.to]game.of.thrones.s04e09.hdtv.x264.killers.ettv.torrent2014-06-18 03:54 - 2014-06-17 19:21 - 00000000 ____D () C:\Users\Shafey\Downloads\Waterworld (1995)2014-06-17 20:50 - 2012-12-19 20:25 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-06-17 20:41 - 2014-06-17 20:40 - 00318600 _____ (Dropbox, Inc.) C:\Users\Shafey\Downloads\DropboxInstaller (1).exe2014-06-17 07:48 - 2014-06-17 07:16 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-17 07:47 - 2014-06-17 07:47 - 00001238 _____ () C:\windows\system32\.crusader2014-06-17 07:23 - 2014-06-17 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-06-17 07:23 - 2014-06-17 07:23 - 00000000 ____D () C:\Program Files\HitmanPro2014-06-17 07:22 - 2014-06-17 07:16 - 10971424 _____ (SurfRight B.V.) C:\Users\Shafey\Desktop\HitmanPro_x64.exe2014-06-17 06:24 - 2014-06-17 04:57 - 00000000 ____D () C:\AdwCleaner2014-06-17 06:18 - 2014-06-17 06:18 - 00001044 _____ () C:\Users\Shafey\Desktop\JRT.txt2014-06-17 06:10 - 2014-06-17 06:10 - 00000000 ____D () C:\windows\ERUNT2014-06-17 06:07 - 2014-06-17 06:07 - 01016261 _____ (Thisisu) C:\Users\Shafey\Desktop\JRT.exe2014-06-16 01:29 - 2014-06-14 22:01 - 00000000 ____D () C:\Users\Shafey\Downloads\RoboCop (2014) [1080p]2014-06-15 14:47 - 2014-06-15 01:36 - 229283126 _____ () C:\Users\Shafey\Downloads\Louie.S04E12.HDTV.x264-LOL.mp42014-06-15 03:05 - 2014-06-15 03:05 - 00151279 _____ () C:\Users\Shafey\Downloads\Sex differences in rhesus monkey toy preferences parallel those of children.htm2014-06-15 03:05 - 2014-06-15 03:05 - 00000000 ____D () C:\Users\Shafey\Downloads\Sex differences in rhesus monkey toy preferences parallel those of children_files2014-06-14 23:42 - 2014-06-14 21:56 - 00000000 ____D () C:\Users\Shafey\Downloads\Louie S04E11 HDTV XviD-FUM[ettv]2014-06-11 19:24 - 2014-06-11 19:24 - 00000084 _____ () C:\Users\Shafey\Downloads\Culler_Literary_in_Theory.txt2014-06-11 17:45 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\rescache2014-06-11 07:01 - 2013-07-18 03:00 - 00000000 ____D () C:\windows\system32\MRT2014-06-11 06:59 - 2012-12-23 06:24 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-06-11 06:58 - 2012-12-19 20:17 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-06-11 06:56 - 2014-04-30 16:00 - 00000000 ___SD () C:\windows\system32\CompatTel2014-06-10 02:41 - 2014-06-09 12:09 - 00000000 ____D () C:\Users\Shafey\Downloads\World War Z (2013)2014-06-10 01:13 - 2014-06-10 01:12 - 00000000 ____D () C:\Users\Shafey\Downloads\Game of Thrones S04E09 HDTV x264-KILLERS[ettv] Files to move or delete:====================C:\ProgramData\ChgService.exe Some content of TEMP:====================C:\Users\Shafey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiluil5.dllC:\Users\Shafey\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 03:52 ==================== End Of Log ============================ TDSSKiller.3.0.0.40_10.07.2014_20.52.14_log.txt

Hi, This is the first time I am reaching out for help, so treat me as a complete noob. My browsers have been running quite slow. Sometime back I picked up an adware which directs searches from the omnibox to onelike.in (this is the first to appear) which leads to the landing page onlinehelpdesk.co.in. I have not found any threads on this on the net, possibly because it affects computers only in India as the .in would indicate. My efforts so far has consisted of scans with malwarebytes, spybot and adwarecleaner, and none of them have helped. I have tried resetting my browser to default. I have even uninstalled and reinstalled, but the malware keeps coming back after sometime of use. Meanwhile the browsers have been running real slow. i would appreciate any help I could get. Thank You. PS: here is the file from adwarecleaner # AdwCleaner v3.212 - Report created 17/06/2014 at 04:59:57# Updated 05/06/2014 by Xplode# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)# Username : Shafey - SHAFEY-PC# Running from : C:\Users\Shafey\Downloads\adwcleaner_3.212.exe# Option : Clean ***** [ Services ] ***** [x] Not Deleted : CltMngSvc ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\DSearchLinkFolder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Users\Shafey\AppData\Local\SearchProtectFolder Deleted : C:\Users\Shafey\AppData\LocalLow\DeltaFolder Deleted : C:\Users\Shafey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuardFile Deleted : C:\Users\Shafey\AppData\Roaming\Mozilla\Firefox\Profiles\bdjwxyk0.default\searchplugins\trovi-search.xmlFile Deleted : C:\windows\System32\Tasks\BitGuardFile Deleted : C:\windows\System32\Tasks\EPUpdater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\dKey Deleted : HKLM\SOFTWARE\Classes\iLivid.torrentKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCSKey Deleted : HKCU\Software\9558fdce26ee946Key Deleted : HKLM\SOFTWARE\9558fdce26ee946Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\DeltaKey Deleted : HKCU\Software\ilividKey Deleted : HKCU\Software\SoftonicKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\Shafey\AppData\Roaming\Mozilla\Firefox\Profiles\bdjwxyk0.default\prefs.js ] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Faizi\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [ File : C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M22228A14-8FB6-457F-B696-64313E50006E&SearchSource=58&CUI=&UM=5&UP=SP4714267B-8BED-4654-95B3-9B66A755E489&q={searchTerms}&SSPV=Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfglDeleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [6128 octets] - [17/06/2014 04:57:48]AdwCleaner[s0].txt - [6028 octets] - [17/06/2014 04:59:57] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6088 octets] ##########