Onelike.in, onlinehelpdesk.co.in

Shafey · June 17, 2014

Hi,

This is the first time I am reaching out for help, so treat me as a complete noob. My browsers have been running quite slow. Sometime back I picked up an adware which directs searches from the omnibox to onelike.in (this is the first to appear) which leads to the landing page onlinehelpdesk.co.in. I have not found any threads on this on the net, possibly because it affects computers only in India as the .in would indicate.

My efforts so far has consisted of scans with malwarebytes, spybot and adwarecleaner, and none of them have helped. I have tried resetting my browser to default. I have even uninstalled and reinstalled, but the malware keeps coming back after sometime of use. Meanwhile the browsers have been running real slow.

i would appreciate any help I could get.

Thank You.

PS: here is the file from adwarecleaner

# AdwCleaner v3.212 - Report created 17/06/2014 at 04:59:57

# Updated 05/06/2014 by Xplode

# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)

# Username : Shafey - SHAFEY-PC

# Running from : C:\Users\Shafey\Downloads\adwcleaner_3.212.exe

# Option : Clean

***** [ Services ] *****

[x] Not Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DSearchLink

Folder Deleted : C:\Program Files (x86)\SearchProtect

Folder Deleted : C:\Users\Shafey\AppData\Local\SearchProtect

Folder Deleted : C:\Users\Shafey\AppData\LocalLow\Delta

Folder Deleted : C:\Users\Shafey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

File Deleted : C:\Users\Shafey\AppData\Roaming\Mozilla\Firefox\Profiles\bdjwxyk0.default\searchplugins\trovi-search.xml

File Deleted : C:\windows\System32\Tasks\BitGuard

File Deleted : C:\windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\d

Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKCU\Software\9558fdce26ee946

Key Deleted : HKLM\SOFTWARE\9558fdce26ee946

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Shafey\AppData\Roaming\Mozilla\Firefox\Profiles\bdjwxyk0.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Faizi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M22228A14-8FB6-457F-B696-64313E50006E&SearchSource=58&CUI=&UM=5&UP=SP4714267B-8BED-4654-95B3-9B66A755E489&q={searchTerms}&SSPV=

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [6128 octets] - [17/06/2014 04:57:48]

AdwCleaner[s0].txt - [6028 octets] - [17/06/2014 04:59:57]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6088 octets] ##########

Psychotic · June 17, 2014

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please attach this file to your next reply.

AdvancedSetup · June 23, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

AdvancedSetup · July 11, 2014

Topic reopened per request

Shafey · July 12, 2014

Hi,

Here are the scan results.

1. From FRST

____________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014

Ran by Shafey (administrator) on SHAFEY-PC on 10-07-2014 20:43:46

Running from C:\Users\Shafey\Desktop

Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

() C:\ProgramData\ChgService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Users\Shafey\AppData\Roaming\Dashlane\Dashlane.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

(Dropbox, Inc.) C:\Users\Shafey\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

() C:\Program Files\ComicRack\ComicRack.exe

(App Services) C:\ProgramData\Application\ApplicationService.exe

(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

() C:\Users\Shafey\AppData\Roaming\Dashlane\DashlanePlugin.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Shafey\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9744800 2011-03-29] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5399456 2011-03-29] (Lenovo(beijing) Limited)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-29] ()

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [Application Service] => C:\ProgramData\Application\ApplicationService.exe [50688 2014-07-09] (App Services)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [Google Update] => C:\Users\Shafey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-06] (Google Inc.)

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [Dashlane] => C:\Users\Shafey\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-05-27] ()

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [Application Service] => C:\ProgramData\Application\ApplicationService.exe [50688 2014-07-09] (App Services)

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\RunOnce: [uninstall C:\Users\Shafey\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shafey\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64"

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {1cd6b0c4-6483-11e3-822b-20898428bda7} - F:\.\ShowModem.exe

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {285db820-33f7-11e3-84c8-20898428bda7} - F:\AutoRun.exe

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {285db825-33f7-11e3-84c8-20898428bda7} - F:\AutoRun.exe

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {d79c7899-3af1-11e3-a468-20898428bda7} - F:\AutoRun.exe

HKU\S-1-5-21-2892114743-1712468159-3544421845-1000\...\MountPoints2: {d79c789c-3af1-11e3-a468-20898428bda7} - F:\AutoRun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\Shafey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Shafey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Shafey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: EldosIconOverlay -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncRoot -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncSharedPending -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

GroupPolicyUsers\S-1-5-21-2892114743-1712468159-3544421845-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x82F3A513D5B6CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onelike.in/google/?ie=

HKCU\Software\Microsoft\Internet Explorer\Main,FirstHomePage = http://onelike.in/google/?ie=

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://onelike.in/google/?ie=

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://onelike.in/google/?ie=

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://onelike.in/google/?ie=

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {09B16FE2-B7EB-46A5-A4D8-DCD4C5482B80} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Shafey\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Users\Shafey\AppData\Roaming\Mozilla\Firefox\Profiles\bdjwxyk0.default

FF SelectedSearchEngine: Google

FF Homepage: hxxp://onelike.in/google/?mozhm=about:home

FF Keyword.URL: user_pref("keyword.URL", "hxxp://onelike.in/google/?keyWord=");

FF NewTab: hxxp://onelike.in/google/?newtab=

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Shafey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Shafey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Shafey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Shafey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Shafey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Shafey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Dashlane - C:\Users\Shafey\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-05-31]

Chrome:

=======

CHR HomePage:

CHR DefaultSearchKeyword: onelike.in

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (Dashlane) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-05-29]

CHR Extension: (Skype Click to Call) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-06]

CHR Extension: (Google Wallet) - C:\Users\Shafey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Shafey\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-13]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]

==================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [951584 2010-07-30] (Broadcom Corporation.)

R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [114688 2011-08-30] () [File not signed]

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-05] (SurfRight B.V.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2013-05-13] (Google Inc)

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2011-08-03] (QUALCOMM Incorporated)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347456 2012-10-30] (EldoS Corporation)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)

U2 CLKMSVC10_3A60B698;

U2 CLKMSVC10_C3B3B687;

U2 DriverService;

S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

U2 idealife Update Service;

U3 IGRS;

U2 IviRegMgr;

U2 nvUpdatusService;

U2 Oasis2Service;

U2 PCCarerServic;

U2 ReadyComm.DirectRouter;

U2 RichVideo;

S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

U2 RtLedService;

U2 SoftwareService;

U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-10 20:43 - 2014-07-10 20:44 - 00024660 _____ () C:\Users\Shafey\Desktop\FRST.txt

2014-07-10 20:43 - 2014-07-10 20:44 - 00000000 ____D () C:\FRST

2014-07-10 20:41 - 2014-07-10 20:41 - 02084352 _____ (Farbar) C:\Users\Shafey\Desktop\FRST64.exe

2014-07-10 05:53 - 2014-07-10 06:17 - 00000000 ____D () C:\Users\Shafey\Downloads\The Rainmaker

2014-07-10 05:49 - 2014-07-10 05:49 - 00041293 _____ () C:\Users\Shafey\Downloads\[kickass.to]the.rainmaker.dvdrip.ws.english.torrent

2014-07-09 18:47 - 2014-07-09 23:05 - 00000000 ____D () C:\Users\Shafey\Downloads\Limitless (2011)

2014-07-09 18:44 - 2014-07-09 18:49 - 00000000 ____D () C:\Users\Shafey\Downloads\Tron Legacy (2010)

2014-07-09 18:44 - 2014-07-09 18:44 - 00015943 _____ () C:\Users\Shafey\Downloads\[kickass.to]limitless.2011.720p.brrip.x264.yify.torrent

2014-07-09 18:40 - 2014-07-09 18:40 - 00017868 _____ () C:\Users\Shafey\Downloads\[kickass.to]tron.legacy.2010.brrip.720p.mkv.yify.torrent

2014-07-09 06:53 - 2014-07-10 11:09 - 183502806 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E17.HDTV.XviD-LOL.avi

2014-07-09 01:23 - 2014-07-09 01:23 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

2014-07-08 22:53 - 2014-07-08 22:53 - 00000000 ____D () C:\Users\Shafey\Downloads\Transformers.Age.of.Extinction.2014.CAM.ENGLISH.x264-P2P

2014-07-08 22:52 - 2014-07-08 22:52 - 00016297 _____ () C:\Users\Shafey\Downloads\[kickass.to]transformers.age.of.extinction.2014.cam.english.x264.p2p.torrent

2014-07-08 20:59 - 2014-07-09 05:07 - 183512276 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E19.HDTV.XviD-LOL.avi

2014-07-08 20:48 - 2014-07-09 05:47 - 183490646 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E22.HDTV.XviD-LOL.avi

2014-07-08 20:45 - 2014-07-09 06:58 - 183503486 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E16.HDTV.XviD-LOL.avi

2014-07-08 20:44 - 2014-07-10 06:17 - 183503036 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E20.HDTV.XviD-LOL.avi

2014-07-08 20:43 - 2014-07-08 20:43 - 00007640 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e20.hdtv.xvid.lol.avi.torrent

2014-07-08 20:43 - 2014-07-08 20:43 - 00007559 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e19.hdtv.xvid.lol.eztv.torrent

2014-07-08 20:43 - 2014-07-08 20:43 - 00007559 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e17.hdtv.xvid.lol.torrent

2014-07-08 20:43 - 2014-07-08 20:43 - 00007387 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e22.hdtv.xvid.lol.avi.torrent

2014-07-08 20:42 - 2014-07-08 20:42 - 00007640 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e16.hdtv.xvid.lol.avi.torrent

2014-07-08 20:24 - 2014-07-09 05:19 - 183505992 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E05.HDTV.XviD-LOL.avi

2014-07-08 20:23 - 2014-07-08 20:23 - 00007740 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e05.hdtv.xvid.lol.avi.torrent

2014-07-07 23:45 - 2014-07-08 20:17 - 183474820 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E04.HDTV.XviD-LOL.avi

2014-07-07 23:37 - 2014-07-08 17:00 - 183508992 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E03.HDTV.XviD-LOL.avi

2014-07-07 23:37 - 2014-07-08 00:41 - 183527424 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E01.HDTV.XviD-LOL.avi

2014-07-07 23:37 - 2014-07-07 23:37 - 00007660 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e01.hdtv.xvid.lol.torrent

2014-07-07 23:36 - 2014-07-08 01:28 - 183486858 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E02.HDTV.XviD-LOL.avi

2014-07-07 23:36 - 2014-07-07 23:36 - 00007639 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e04.hdtv.xvid.lol.eztv.torrent

2014-07-07 23:35 - 2014-07-07 23:35 - 00007659 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e03.hdtv.xvid.lol.torrent

2014-07-07 23:35 - 2014-07-07 23:35 - 00007639 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.s03e02.hdtv.xvid.lol.avi.torrent

2014-07-07 05:01 - 2014-07-07 05:16 - 00000000 ____D () C:\Users\Shafey\Downloads\30 Rock Season 4

2014-07-07 05:00 - 2014-07-07 05:00 - 00156260 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.season.4.complete.dl.king.torrent

2014-07-06 00:12 - 2014-07-06 16:12 - 00000000 ____D () C:\Users\Shafey\Downloads\30 Rock Season 1 Complete HDTV-soagg

2014-07-05 16:14 - 2014-07-05 23:27 - 00000000 ____D () C:\Users\Shafey\Downloads\[usaBit.com] - Magic.Mike.2012.CAM.AC3.H264-CRYS

2014-07-05 16:12 - 2014-07-05 16:12 - 00028994 _____ () C:\Users\Shafey\Downloads\[kickass.to]magic.mike.2012.cam.ac3.h264.crys.torrent

2014-07-05 15:34 - 2014-07-05 20:15 - 00000000 ____D () C:\Users\Shafey\Downloads\Jack Reacher (2012)

2014-07-05 15:31 - 2014-07-05 15:31 - 00012182 _____ () C:\Users\Shafey\Downloads\[kickass.to]jack.reacher.2012.720p.brrip.x264.yify.torrent

2014-07-05 13:40 - 2014-07-05 13:40 - 00020888 _____ () C:\Users\Shafey\Downloads\[kickass.to]30.rock.season.1.complete.hdtv.soagg.torrent

2014-07-05 00:54 - 2014-07-05 01:41 - 44040950 _____ () C:\Users\Shafey\Downloads\Mighty_Avengers_011_(2014)_(Digital)_(Zone-Empire).cbr

2014-07-05 00:54 - 2014-07-05 01:39 - 39096093 _____ () C:\Users\Shafey\Downloads\Mighty_Avengers_010_(2014)_(Digital)_(Zone-Empire).cbr

2014-07-05 00:53 - 2014-07-05 00:53 - 00014129 _____ () C:\Users\Shafey\Downloads\[kickass.to]mighty.avengers.011.2014.digital.zone.empire.cbr.nem.torrent

2014-07-05 00:53 - 2014-07-05 00:53 - 00012609 _____ () C:\Users\Shafey\Downloads\[kickass.to]mighty.avengers.010.2014.digital.zone.empire.cbr.nem.torrent

2014-07-05 00:18 - 2014-07-05 00:29 - 35691288 _____ () C:\Users\Shafey\Downloads\Avengers_031_(2014)_(Digital)_(Zone-Empire).cbr

2014-07-05 00:18 - 2014-07-05 00:18 - 00011562 _____ () C:\Users\Shafey\Downloads\[kickass.to]avengers.031.2014.digital.zone.empire.cbr.nem.torrent

2014-07-04 18:25 - 2014-07-04 18:27 - 00000000 ____D () C:\Users\Shafey\Downloads\Non Stop (2014)

2014-07-04 18:21 - 2014-07-04 18:21 - 00008810 _____ () C:\Users\Shafey\Downloads\[kickass.to]non.stop.2014.720p.brrip.x264.yify.torrent

2014-07-03 20:16 - 2014-07-09 14:21 - 00000392 _____ () C:\windows\setupact.log

2014-07-03 20:16 - 2014-07-03 20:16 - 00000000 _____ () C:\windows\setuperr.log

2014-07-03 00:02 - 2014-07-03 23:59 - 00000000 ____D () C:\Users\Shafey\Downloads\Transcendence.2014.HDRip.XViD.juggs[ETRG]

2014-07-03 00:01 - 2014-07-03 00:01 - 00057300 _____ () C:\Users\Shafey\Downloads\[kickass.to]transcendence.2014.hdrip.xvid.juggs.etrg.torrent

2014-07-02 00:18 - 2014-07-02 00:18 - 00231134 _____ () C:\Users\Shafey\Downloads\Louis Menand The Marketplace of Ideas Reform and Resistance in the American University Issues of Our Time 2010.epub

2014-07-01 18:19 - 2014-07-01 18:21 - 01346519 _____ () C:\Users\Shafey\Downloads\adwcleaner_3.214.exe

2014-07-01 13:15 - 2014-07-01 18:53 - 00000000 ____D () C:\Users\Shafey\Downloads\Alexander [The Final Cut] (2004)

2014-07-01 01:11 - 2014-07-01 01:11 - 00021392 _____ () C:\Users\Shafey\Downloads\[kickass.to]alexander.revisited.the.final.cut.2004.brrip.72.torrent

2014-06-30 03:35 - 2014-06-30 03:35 - 00745439 _____ () C:\Users\Shafey\Downloads\pg43656-images.epub

2014-06-30 03:24 - 2014-06-30 03:24 - 00397766 _____ () C:\Users\Shafey\Downloads\pg12050.epub

2014-06-29 06:00 - 2014-06-29 06:11 - 43238532 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_032_(2014)_(Digital)_(Nahga-Empire).cbr

2014-06-29 05:48 - 2014-06-29 06:00 - 47339279 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_031_(2014)_(Digital)_(Nahga-Empire).cbr

2014-06-29 05:37 - 2014-06-29 05:48 - 42074348 _____ () C:\Users\Shafey\Downloads\Wonder_Woman_030_(2014)_(Digital)_(Nahga-Empire).cbr

2014-06-29 05:36 - 2014-06-29 05:36 - 00015127 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.031.2014.digital.nahga.empire.cbr.nem.torrent

2014-06-29 05:36 - 2014-06-29 05:36 - 00013867 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.032.2014.digital.nahga.empire.cbr.nem.torrent

2014-06-29 05:36 - 2014-06-29 05:36 - 00013527 _____ () C:\Users\Shafey\Downloads\[kickass.to]wonder.woman.030.2014.digital.nahga.empire.cbr.nem.torrent

2014-06-29 04:26 - 2014-07-04 00:33 - 00000000 ____D () C:\Users\Shafey\Downloads\Fading Gigolo (2014) .720p.BluRay.x264.YIFY

2014-06-29 04:21 - 2014-06-29 04:21 - 00057437 _____ () C:\Users\Shafey\Downloads\Fading_Gigolo_(2014)_.720p.BluRay.x264.YIFY.torrent

2014-06-29 02:33 - 2014-06-29 02:34 - 00024601 _____ () C:\Users\Shafey\Downloads\[kickass.to]ken.park.2002.unrated.300mb.torrent

2014-06-28 17:57 - 2014-06-28 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-28 03:29 - 2014-06-28 03:30 - 00016830 _____ () C:\Users\Shafey\Downloads\[kickass.to]how.to.train.your.dragon.2.2014.cam.400mb.ganool.torrent

2014-06-27 21:32 - 2014-06-27 21:33 - 00014802 _____ () C:\Users\Shafey\Downloads\[kickass.to]armageddon.1998.720p.x264.1280.720.yify.torrent

2014-06-26 18:18 - 2014-06-26 18:18 - 00000000 ____D () C:\Users\Faizi\Documents\BioWare

2014-06-26 18:16 - 2014-06-26 18:16 - 00000000 ____D () C:\Users\Faizi\AppData\Roaming\Malwarebytes

2014-06-26 16:33 - 2014-06-26 16:33 - 00000962 _____ () C:\Users\Public\Desktop\PDF to Word.lnk

2014-06-26 16:33 - 2014-06-26 16:33 - 00000063 _____ () C:\Users\Public\Desktop\Purchase PDF to Word.url

2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\Users\Shafey\Documents\Quick-PDF PDF to Word

2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word

2014-06-26 16:33 - 2014-06-26 16:33 - 00000000 ____D () C:\Program Files (x86)\PDF to Word

2014-06-26 15:29 - 2014-06-26 15:29 - 00000000 ____D () C:\Users\Shafey\Downloads\Quick-PDF PDF To Word Converter 2.2 with WORKING Crack [^YTSA^]

2014-06-26 15:27 - 2014-06-26 15:27 - 00010394 _____ () C:\Users\Shafey\Downloads\[kickass.to]quick.pdf.pdf.to.word.converter.2.2.with.working.crack.ytsa.torrent

2014-06-26 11:30 - 2014-06-26 11:30 - 00122306 _____ () C:\Users\Shafey\Downloads\Basic Research Skills_634974032848281250.pptx

2014-06-24 01:30 - 2014-06-24 01:49 - 46077123 _____ () C:\Users\Shafey\Downloads\Superman-Wonder_Woman_008_(2014)_(2_covers)_(digital-Empire).cbr

2014-06-24 01:28 - 2014-06-24 01:28 - 00014759 _____ () C:\Users\Shafey\Downloads\[kickass.to]superman.wonder.woman.008.2014.2.covers.digital.empire.cbr.torrent

2014-06-24 01:21 - 2014-06-24 01:30 - 00000000 ____D () C:\Users\Shafey\Downloads\Queen 2014 Hindi 720p DvDRip x264 AAC...Hon3y

2014-06-24 01:20 - 2014-06-24 01:20 - 00021469 _____ () C:\Users\Shafey\Downloads\[kickass.to]queen.2014.hindi.720p.dvdrip.x264.aac.hon3y.torrent

2014-06-23 21:22 - 2014-06-23 21:22 - 00016918 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.21.30.adult.xxx.comic.pdf.praky.torrent

2014-06-23 04:00 - 2014-06-23 04:04 - 00000000 ____D () C:\Users\Shafey\Downloads\Vicky.Cristina.Barcelona[2008]DvDrip-aXXo

2014-06-22 13:19 - 2014-06-22 13:25 - 00000000 ____D () C:\Users\Shafey\Downloads\The Girl with the Dragon Tattoo (2011)

2014-06-22 00:48 - 2014-06-22 13:21 - 00000000 ____D () C:\Users\Shafey\Downloads\Cruel.Intentions.3.2004.DVDRip.XViD

2014-06-22 00:43 - 2014-06-22 00:44 - 00057886 _____ () C:\Users\Shafey\Downloads\[kickass.to]cruel.intentions.3.2004.dvdrip.xvid.torrent

2014-06-21 02:39 - 2014-06-21 02:39 - 00020330 _____ () C:\Users\Shafey\Downloads\[kickass.to]the.girl.with.the.dragon.tattoo.2011.720p.brrip.x264.yify.torrent

2014-06-21 02:23 - 2014-06-21 02:23 - 00056782 _____ () C:\Users\Shafey\Downloads\[kickass.to]vicky.cristina.barcelona.2008.dvdrip.axxo.torrent

2014-06-21 02:22 - 2014-06-23 02:01 - 00000000 ____D () C:\Users\Shafey\Downloads\Chloe (2009)

2014-06-21 02:22 - 2014-06-21 23:36 - 733339648 _____ () C:\Users\Shafey\Downloads\Cruel Intentions[1999]DvDrip[Eng]-Stealthmaster.avi

2014-06-21 02:19 - 2014-06-21 02:19 - 00018839 _____ () C:\Users\Shafey\Downloads\[kickass.to]chloe.2009.brrip.720p.mkv.450mb.yify.torrent

2014-06-21 02:18 - 2014-06-21 02:18 - 00028806 _____ () C:\Users\Shafey\Downloads\[kickass.to]cruel.intentions.1999.dvdrip.eng.stealthmaster.torrent

2014-06-21 02:08 - 2014-06-21 02:09 - 00000000 ____D () C:\Users\Shafey\Downloads\Kick-Ass 2 (2013)

2014-06-21 02:04 - 2014-06-21 02:04 - 00008816 _____ () C:\Users\Shafey\Downloads\[kickass.to]kick.ass.2.2013.720p.brrip.x264.yify.torrent

2014-06-21 02:00 - 2014-06-21 23:46 - 00000000 ____D () C:\Users\Shafey\Downloads\This Is the End (2013)

2014-06-21 01:58 - 2014-06-21 01:58 - 00008824 _____ () C:\Users\Shafey\Downloads\[kickass.to]this.is.the.end.2013.720p.brrip.x264.yify.torrent

2014-06-20 23:24 - 2014-06-20 23:24 - 00000179 _____ () C:\Users\Shafey\Downloads\The_Rise_of_English_Studies.enw

2014-06-20 23:23 - 2014-06-20 23:23 - 00000219 _____ () C:\Users\Shafey\Downloads\The_Rise_of_English_Studies.bibtex

2014-06-20 22:19 - 2014-06-20 22:19 - 00000000 ____D () C:\Users\Shafey\Downloads\Femme Fatale (2002)

2014-06-20 22:16 - 2014-06-20 22:16 - 00056749 _____ () C:\Users\Shafey\Downloads\[kickass.to]femme.fatale.2002.dvdrip.brian.de.palma.torrent

2014-06-19 16:31 - 2014-06-19 16:31 - 00013039 _____ () C:\Users\Shafey\Downloads\[kickass.to]kirtu.savita.bhabhi.ep.42.a.mistaken.identity.censored.can.be.a.lot.of.fun.adult.xxx.comic.praky.torrent

2014-06-19 16:23 - 2014-06-19 16:23 - 00002451 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.39.replacement.bride.praky.torrent

2014-06-19 16:21 - 2014-06-19 16:21 - 00002173 _____ () C:\Users\Shafey\Downloads\[kickass.to]savita.bhabhi.ep.43.epic.savita.and.velamma.16.pages.a.torrent

2014-06-18 14:06 - 2014-06-18 14:07 - 00000005 _____ () C:\Users\Shafey\AppData\Roaming\mbam.context.scan

2014-06-18 05:06 - 2014-06-18 05:10 - 00000000 ____D () C:\Users\Shafey\Downloads\Game.Of.Thrones.S04E10.HDTV.x264-ChameE

2014-06-18 05:06 - 2014-06-18 05:06 - 00013662 _____ () C:\Users\Shafey\Downloads\[kickass.to]game.of.thrones.s04e10.hdtv.x264.chamee.torrent

2014-06-18 05:05 - 2014-06-18 05:05 - 00030552 _____ () C:\Users\Shafey\Downloads\[kickass.to]game.of.thrones.s04e09.hdtv.x264.killers.ettv.torrent

2014-06-17 20:40 - 2014-06-17 20:41 - 00318600 _____ (Dropbox, Inc.) C:\Users\Shafey\Downloads\DropboxInstaller (1).exe

2014-06-17 19:21 - 2014-06-18 03:54 - 00000000 ____D () C:\Users\Shafey\Downloads\Waterworld (1995)

2014-06-17 07:47 - 2014-06-17 07:47 - 00001238 _____ () C:\windows\system32\.crusader

2014-06-17 07:23 - 2014-06-23 23:45 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-06-17 07:23 - 2014-06-17 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-06-17 07:23 - 2014-06-17 07:23 - 00000000 ____D () C:\Program Files\HitmanPro

2014-06-17 07:16 - 2014-06-17 07:48 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-06-17 07:16 - 2014-06-17 07:22 - 10971424 _____ (SurfRight B.V.) C:\Users\Shafey\Desktop\HitmanPro_x64.exe

2014-06-17 06:18 - 2014-06-17 06:18 - 00001044 _____ () C:\Users\Shafey\Desktop\JRT.txt

2014-06-17 06:10 - 2014-06-17 06:10 - 00000000 ____D () C:\windows\ERUNT

2014-06-17 06:07 - 2014-06-17 06:07 - 01016261 _____ (Thisisu) C:\Users\Shafey\Desktop\JRT.exe

2014-06-17 04:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll

2014-06-17 04:57 - 2014-06-17 06:24 - 00000000 ____D () C:\AdwCleaner

2014-06-16 04:03 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\Shafey\Downloads\Enemy (2013)

2014-06-15 03:05 - 2014-06-15 03:05 - 00151279 _____ () C:\Users\Shafey\Downloads\Sex differences in rhesus monkey toy preferences parallel those of children.htm

2014-06-15 03:05 - 2014-06-15 03:05 - 00000000 ____D () C:\Users\Shafey\Downloads\Sex differences in rhesus monkey toy preferences parallel those of children_files

2014-06-15 02:57 - 2014-07-10 20:33 - 01524214 _____ () C:\windows\WindowsUpdate.log

2014-06-15 01:36 - 2014-06-15 14:47 - 229283126 _____ () C:\Users\Shafey\Downloads\Louie.S04E12.HDTV.x264-LOL.mp4

2014-06-14 22:01 - 2014-06-16 01:29 - 00000000 ____D () C:\Users\Shafey\Downloads\RoboCop (2014) [1080p]

2014-06-14 21:56 - 2014-06-14 23:42 - 00000000 ____D () C:\Users\Shafey\Downloads\Louie S04E11 HDTV XviD-FUM[ettv]

2014-06-11 19:24 - 2014-06-11 19:24 - 00000084 _____ () C:\Users\Shafey\Downloads\Culler_Literary_in_Theory.txt

2014-06-11 06:58 - 2014-04-25 08:04 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll

2014-06-11 06:58 - 2014-04-25 07:36 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll

2014-06-11 06:57 - 2014-05-30 15:51 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-06-11 06:57 - 2014-05-30 15:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-06-11 06:57 - 2014-05-30 15:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-06-11 06:57 - 2014-05-30 15:15 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-06-11 06:57 - 2014-05-30 15:09 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-06-11 06:57 - 2014-05-30 15:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-06-11 06:57 - 2014-05-30 15:08 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-06-11 06:57 - 2014-05-30 14:58 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-06-11 06:57 - 2014-05-30 14:57 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-06-11 06:57 - 2014-05-30 14:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-06-11 06:57 - 2014-05-30 14:51 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-06-11 06:57 - 2014-05-30 14:51 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-06-11 06:57 - 2014-05-30 14:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-06-11 06:57 - 2014-05-30 14:48 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-06-11 06:57 - 2014-05-30 14:41 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-06-11 06:57 - 2014-05-30 14:38 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-06-11 06:57 - 2014-05-30 14:36 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-06-11 06:57 - 2014-05-30 14:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-06-11 06:57 - 2014-05-30 14:25 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 06:57 - 2014-05-30 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-06-11 06:57 - 2014-05-30 14:16 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-06-11 06:57 - 2014-05-30 14:14 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-06-11 06:57 - 2014-05-30 14:14 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-06-11 06:57 - 2014-05-30 14:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-06-11 06:57 - 2014-05-30 14:12 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-06-11 06:57 - 2014-05-30 14:08 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-06-11 06:57 - 2014-05-30 14:05 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-06-11 06:57 - 2014-05-30 14:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-06-11 06:57 - 2014-05-30 14:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-06-11 06:57 - 2014-05-30 14:00 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-06-11 06:57 - 2014-05-30 13:59 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-06-11 06:57 - 2014-05-30 13:58 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-06-11 06:57 - 2014-05-30 13:57 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-06-11 06:57 - 2014-05-30 13:54 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-06-11 06:57 - 2014-05-30 13:53 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-06-11 06:57 - 2014-05-30 13:46 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-06-11 06:57 - 2014-05-30 13:40 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-11 06:57 - 2014-05-30 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-06-11 06:57 - 2014-05-30 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-06-11 06:57 - 2014-05-30 13:32 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-06-11 06:57 - 2014-05-30 13:26 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-06-11 06:57 - 2014-05-30 13:26 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-06-11 06:57 - 2014-05-30 13:24 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-06-11 06:57 - 2014-05-30 13:20 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-06-11 06:57 - 2014-05-30 13:19 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-06-11 06:57 - 2014-05-30 13:13 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-06-11 06:57 - 2014-05-30 13:10 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-06-11 06:57 - 2014-05-30 13:00 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-06-11 06:57 - 2014-05-30 12:51 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-06-11 06:57 - 2014-05-30 12:45 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-06-11 06:57 - 2014-05-30 12:43 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-06-11 06:57 - 2014-05-30 12:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-06-11 03:21 - 2014-06-08 14:43 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-06-11 03:21 - 2014-06-08 14:38 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-06-11 03:04 - 2014-04-05 08:17 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2014-06-11 03:04 - 2014-04-05 08:17 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 03:03 - 2014-03-26 20:14 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll

2014-06-11 03:03 - 2014-03-26 20:14 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-06-11 03:03 - 2014-03-26 19:57 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll

2014-06-11 03:02 - 2014-03-26 20:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll

2014-06-11 03:02 - 2014-03-26 20:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2014-06-11 03:02 - 2014-03-26 19:57 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2014-06-11 03:02 - 2014-03-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll

2014-06-11 03:02 - 2014-03-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll

2014-06-10 01:12 - 2014-06-10 01:13 - 00000000 ____D () C:\Users\Shafey\Downloads\Game of Thrones S04E09 HDTV x264-KILLERS[ettv]

==================== One Month Modified Files and Folders =======

2014-07-10 20:45 - 2012-12-19 20:35 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\uTorrent

2014-07-10 20:44 - 2014-07-10 20:43 - 00024660 _____ () C:\Users\Shafey\Desktop\FRST.txt

2014-07-10 20:44 - 2014-07-10 20:43 - 00000000 ____D () C:\FRST

2014-07-10 20:44 - 2014-01-19 19:11 - 00000088 _____ () C:\Users\Shafey\AppData\Local\nd.am

2014-07-10 20:43 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\tracing

2014-07-10 20:41 - 2014-07-10 20:41 - 02084352 _____ (Farbar) C:\Users\Shafey\Desktop\FRST64.exe

2014-07-10 20:33 - 2014-06-15 02:57 - 01524214 _____ () C:\windows\WindowsUpdate.log

2014-07-10 20:30 - 2012-12-19 21:56 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-10 20:26 - 2013-04-14 01:13 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000UA.job

2014-07-10 20:21 - 2014-05-01 15:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-07-10 20:21 - 2009-07-14 10:43 - 00006398 _____ () C:\windows\system32\PerfStringBackup.INI

2014-07-10 20:15 - 2012-12-19 21:56 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-10 16:11 - 2012-12-19 20:16 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\vlc

2014-07-10 11:09 - 2014-07-09 06:53 - 183502806 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E17.HDTV.XviD-LOL.avi

2014-07-10 07:26 - 2013-04-14 01:13 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2892114743-1712468159-3544421845-1000Core.job

2014-07-10 06:17 - 2014-07-10 05:53 - 00000000 ____D () C:\Users\Shafey\Downloads\The Rainmaker

2014-07-10 06:17 - 2014-07-08 20:44 - 183503036 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E20.HDTV.XviD-LOL.avi

2014-07-10 05:49 - 2014-07-10 05:49 - 00041293 _____ () C:\Users\Shafey\Downloads\[kickass.to]the.rainmaker.dvdrip.ws.english.torrent

2014-07-09 23:05 - 2014-07-09 18:47 - 00000000 ____D () C:\Users\Shafey\Downloads\Limitless (2011)

2014-07-09 21:02 - 2014-01-19 19:11 - 00000000 ____D () C:\ProgramData\Application

2014-07-09 18:49 - 2014-07-09 18:44 - 00000000 ____D () C:\Users\Shafey\Downloads\Tron Legacy (2010)

2014-07-09 18:44 - 2014-07-09 18:44 - 00015943 _____ () C:\Users\Shafey\Downloads\[kickass.to]limitless.2011.720p.brrip.x264.yify.torrent

2014-07-09 18:40 - 2014-07-09 18:40 - 00017868 _____ () C:\Users\Shafey\Downloads\[kickass.to]tron.legacy.2010.brrip.720p.mkv.yify.torrent

2014-07-09 15:24 - 2014-05-15 12:53 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\DropboxMaster

2014-07-09 15:24 - 2012-12-19 22:16 - 00000000 ___RD () C:\Users\Shafey\Dropbox

2014-07-09 15:24 - 2012-12-19 20:24 - 00000000 ____D () C:\Users\Shafey\AppData\Roaming\Dropbox

2014-07-09 14:28 - 2009-07-14 10:15 - 00013744 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-09 14:28 - 2009-07-14 10:15 - 00013744 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-09 14:21 - 2014-07-03 20:16 - 00000392 _____ () C:\windows\setupact.log

2014-07-09 14:21 - 2013-12-16 20:51 - 00196608 _____ () C:\windows\system32\Ikeext.etl

2014-07-09 14:21 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-07-09 06:58 - 2014-07-08 20:45 - 183503486 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E16.HDTV.XviD-LOL.avi

2014-07-09 05:47 - 2014-07-08 20:48 - 183490646 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E22.HDTV.XviD-LOL.avi

2014-07-09 05:19 - 2014-07-08 20:24 - 183505992 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E05.HDTV.XviD-LOL.avi

2014-07-09 05:07 - 2014-07-08 20:59 - 183512276 _____ () C:\Users\Shafey\Downloads\30.Rock.S03E19.HDTV.XviD-LOL.avi

2014-07-09 02:30 - 2012-12-19 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-07-09 01:24 - 2014-05-01 15:04 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-07-09 01:24 - 2014-05-01 15:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-09 01:24 - 2014-05-01 15:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater