Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Popups


  • This topic is locked This topic is locked
51 replies to this topic

#1 elenapena85

elenapena85

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 07 December 2013 - 10:17 AM

Over the last two days I keep getting popups on my laptop. I have  tried running Windows Defence but nothing comes up. My Windows Firewall and popup blocker are both on.

 

Windows 7

 

 

IE 11

 

 

 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 07 December 2013 - 12:48 PM

Hello elenapena85,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 elenapena85

elenapena85
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 07 December 2013 - 03:24 PM

Hello Fireman,

Thank for you help.

 

 

Should I delete any of the files ? 

 

please find my logs below

 

 

# AdwCleaner v3.014 - Report created 07/12/2013 at 20:07:28
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : elena - ELENA-PC
# Running from : C:\Users\elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXKD162Q\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\roboot64.exe
Folder Found C:\Users\elena\AppData\Roaming\Systweak

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1630 octets] - [07/12/2013 20:07:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1690 octets] ##########

 

 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : elena [Admin rights]
Mode : Scan -- Date : 12/07/2013 20:18:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 08 December 2013 - 07:40 PM

1.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

2.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Things to include in your next reply::

AdwCleaner log

Roguekiller log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 elenapena85

elenapena85
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 09 December 2013 - 07:17 PM

hi,

 

I'm still getting popups.

 

elena

 

 

# AdwCleaner v3.014 - Report created 10/12/2013 at 00:09:09
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : elena - ELENA-PC
# Running from : C:\Users\elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SR1RNI65\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1774 octets] - [07/12/2013 20:07:28]
AdwCleaner[R1].txt - [1834 octets] - [09/12/2013 10:14:26]
AdwCleaner[R2].txt - [1894 octets] - [09/12/2013 23:44:32]
AdwCleaner[R3].txt - [1058 octets] - [10/12/2013 00:08:25]
AdwCleaner[S0].txt - [1985 octets] - [09/12/2013 23:56:00]
AdwCleaner[S1].txt - [981 octets] - [10/12/2013 00:09:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1040 octets] ##########

 

 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : elena [Admin rights]
Mode : Scan -- Date : 12/10/2013 00:02:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

 

 

 

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) W



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 09 December 2013 - 09:18 PM

Do you have a USB Flash Drive you can use?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 elenapena85

elenapena85
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 10 December 2013 - 05:27 AM

no  I don't have a usb flash drive,



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 10 December 2013 - 02:32 PM

  • Download Malwarebytes Anti-Rootkit from HERE

      
  • Unzip the contents to a folder in a convenient location.
      
  • Open the folder where the contents were unzipped and run mbar.exe
      
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
      
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
      
  • Wait while the system shuts down and the cleanup process is performed.
      
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
      
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 elenapena85

elenapena85
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 10 December 2013 - 07:05 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
elena :: ELENA-PC [administrator]

10/12/2013 23:13:01
mbar-log-2013-12-10 (23-13-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 236720
Time elapsed: 11 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
elena :: ELENA-PC [administrator]

10/12/2013 23:50:27
mbar-log-2013-12-10 (23-50-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 236565
Time elapsed: 11 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 11 December 2013 - 05:55 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 elenapena85

elenapena85
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 11 December 2013 - 08:14 PM

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 2806.71 MB
Available physical RAM: 1560.12 MB
Total Pagefile: 5611.6 MB
Available Pagefile: 4108.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:226.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E0E70F70)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013
Ran by elena (administrator) on ELENA-PC on 12-12-2013 01:00:53
Running from C:\Users\elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABG3UKUS
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-03-09] (Siber Systems)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-15] (Google Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {7F0FD8B9-AE2F-4FBE-B1A9-BC1E58DDCB37} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: Boroowwse2save - {28CDFD40-DB25-40D7-11C6-BF6BEDDDCE38} - C:\ProgramData\Boroowwse2save\51485d5998b5f.dll No File
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Drive) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Gmail) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Boroowwse2save) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pninlbnbhajmiknalalnblmfamfkdobm\1
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-12 01:00 - 2013-12-12 01:00 - 00000000 ____D C:\FRST
2013-12-10 23:12 - 2013-12-11 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-10 23:12 - 2013-12-10 23:50 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-10 23:10 - 2013-12-11 00:02 - 00000000 ____D C:\Users\elena\Desktop\mbar
2013-12-10 23:10 - 2013-12-10 23:49 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-10 00:13 - 2013-12-10 00:13 - 00001120 _____ C:\Users\elena\Desktop\AdwCleaner[S1].txt
2013-12-10 00:03 - 2013-12-10 00:03 - 00001978 _____ C:\Users\elena\Desktop\RKreport[0]_D_12102013_000306.txt
2013-12-10 00:02 - 2013-12-10 00:02 - 00001880 _____ C:\Users\elena\Desktop\RKreport[0]_S_12102013_000252.txt
2013-12-08 16:01 - 2013-12-08 16:01 - 00000000 ____D C:\Users\elena\AppData\Local\{F1C53ADB-1DBA-454A-851F-3B95FE1190B8}
2013-12-07 20:18 - 2013-12-07 20:18 - 00001847 _____ C:\Users\elena\Desktop\RKreport[0]_S_12072013_201831.txt
2013-12-07 20:16 - 2013-12-10 00:03 - 00000000 ____D C:\Users\elena\Desktop\RK_Quarantine
2013-12-07 20:07 - 2013-12-10 00:09 - 00000000 ____D C:\AdwCleaner
2013-12-04 00:55 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-04 00:53 - 2013-12-04 00:53 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-04 00:53 - 2013-12-04 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-04 00:53 - 2013-12-04 00:53 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-04 00:53 - 2013-12-04 00:53 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-04 00:53 - 2013-12-04 00:53 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-04 00:51 - 2013-12-04 00:55 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-15 21:28 - 2013-11-15 21:28 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-15 21:27 - 2013-11-15 21:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-15 21:27 - 2013-11-15 21:28 - 00000000 ____D C:\Program Files\iTunes
2013-11-15 21:27 - 2013-11-15 21:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-15 21:27 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files\iPod
2013-11-13 21:04 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 21:04 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 21:04 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 21:04 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 21:04 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 21:04 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 21:04 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 21:04 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 21:04 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 21:03 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 21:03 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 21:03 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 21:03 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 21:03 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 21:03 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 21:03 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 21:03 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 21:03 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 21:03 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 21:03 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 21:03 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 21:03 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 21:03 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 21:03 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 21:03 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 21:03 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 21:03 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 21:03 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 21:03 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 21:03 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-12 01:00 - 2013-12-12 01:00 - 00000000 ____D C:\FRST
2013-12-12 00:56 - 2009-07-14 05:13 - 00727334 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 00:55 - 2010-12-07 10:31 - 01223283 _____ C:\Windows\WindowsUpdate.log
2013-12-12 00:54 - 2013-10-29 16:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 00:54 - 2011-03-15 07:01 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 22:00 - 2011-03-15 07:01 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 10:53 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 10:53 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 10:46 - 2013-10-29 16:38 - 00003528 _____ C:\Windows\setupact.log
2013-12-11 10:46 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 00:02 - 2013-12-10 23:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-11 00:02 - 2013-12-10 23:10 - 00000000 ____D C:\Users\elena\Desktop\mbar
2013-12-10 23:50 - 2013-12-10 23:12 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-10 23:49 - 2013-12-10 23:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-10 21:54 - 2013-10-29 16:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:54 - 2013-10-29 16:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 21:54 - 2013-10-29 16:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 00:13 - 2013-12-10 00:13 - 00001120 _____ C:\Users\elena\Desktop\AdwCleaner[S1].txt
2013-12-10 00:09 - 2013-12-07 20:07 - 00000000 ____D C:\AdwCleaner
2013-12-10 00:03 - 2013-12-10 00:03 - 00001978 _____ C:\Users\elena\Desktop\RKreport[0]_D_12102013_000306.txt
2013-12-10 00:03 - 2013-12-07 20:16 - 00000000 ____D C:\Users\elena\Desktop\RK_Quarantine
2013-12-10 00:02 - 2013-12-10 00:02 - 00001880 _____ C:\Users\elena\Desktop\RKreport[0]_S_12102013_000252.txt
2013-12-09 23:35 - 2013-09-14 11:07 - 00000000 ____D C:\Users\elena\Desktop\mm
2013-12-08 23:33 - 2011-05-23 19:43 - 00000000 ____D C:\Users\elena\AppData\Roaming\SoftGrid Client
2013-12-08 16:01 - 2013-12-08 16:01 - 00000000 ____D C:\Users\elena\AppData\Local\{F1C53ADB-1DBA-454A-851F-3B95FE1190B8}
2013-12-08 11:08 - 2011-03-22 17:31 - 00000000 ____D C:\Users\elena\AppData\Local\Adobe
2013-12-07 20:18 - 2013-12-07 20:18 - 00001847 _____ C:\Users\elena\Desktop\RKreport[0]_S_12072013_201831.txt
2013-12-07 20:16 - 2013-09-24 16:13 - 00001878 _____ C:\Users\elena\Desktop\ipad password.txt
2013-12-07 14:03 - 2011-07-07 22:06 - 00000000 ____D C:\Users\elena\Desktop\CV
2013-12-05 21:06 - 2011-03-15 07:01 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 21:06 - 2011-03-15 07:01 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-04 09:30 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-12-04 07:58 - 2011-09-16 20:23 - 00001417 _____ C:\Users\elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 07:57 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-04 00:55 - 2013-12-04 00:51 - 00007785 _____ C:\Windows\IE11_main.log
2013-12-04 00:53 - 2013-12-04 00:53 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-04 00:53 - 2013-12-04 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-04 00:53 - 2013-12-04 00:53 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-04 00:53 - 2013-12-04 00:53 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-04 00:53 - 2013-12-04 00:53 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-29 23:13 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-22 19:01 - 2012-06-06 16:02 - 00000000 ____D C:\Users\elena\Documents\My Kindle Content
2013-11-18 22:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-17 11:56 - 2011-02-28 05:03 - 00075232 _____ C:\Users\elena\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-16 23:09 - 2011-03-02 22:28 - 00027506 _____ C:\Users\elena\AppData\Roaming\wklnhst.dat
2013-11-16 23:07 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-15 21:28 - 2013-11-15 21:28 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-15 21:28 - 2013-11-15 21:27 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-15 21:28 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files\iTunes
2013-11-15 21:28 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-15 21:27 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files\iPod
2013-11-14 01:16 - 2013-08-15 20:57 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 01:14 - 2011-04-08 06:42 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\elena\AppData\Local\Temp\ntdll_dump.dll
C:\Users\elena\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-10 11:29

==================== End Of Log ============================



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 11 December 2013 - 11:32 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

[attachment=144859:fixlist.txt]

 

 

Are the popups still happening? If so is it happening in one certain browser?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 elenapena85

elenapena85
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 December 2013 - 05:27 PM

hi,

 

popups are still happening but now only when I'm on  http://www.tvmuse.eu/ , http://www.free-tv-video-online.me/ and http://www.alluc.to/.

 

I know these are not safest websites but i have used them for years and i never had a problem.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013 03
Ran by elena (administrator) on ELENA-PC on 12-12-2013 22:07:45
Running from C:\Users\elena\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-03-09] (Siber Systems)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-15] (Google Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {7F0FD8B9-AE2F-4FBE-B1A9-BC1E58DDCB37} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: Boroowwse2save - {28CDFD40-DB25-40D7-11C6-BF6BEDDDCE38} - C:\ProgramData\Boroowwse2save\51485d5998b5f.dll No File
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Drive) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Gmail) - C:\Users\elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-12 22:04 - 2013-12-12 22:07 - 00011274 _____ C:\Users\elena\Desktop\FRST.txt
2013-12-12 22:04 - 2013-12-12 22:05 - 00024474 _____ C:\Users\elena\Desktop\Addition.txt
2013-12-12 22:03 - 2013-12-12 22:04 - 01927274 _____ (Farbar) C:\Users\elena\Desktop\FRST64.exe
2013-12-12 03:10 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:10 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:10 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:10 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:09 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:09 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:09 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:09 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:09 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:09 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:09 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:09 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:09 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:09 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:09 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:09 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:09 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:09 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:09 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:09 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:09 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:09 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:09 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:09 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:09 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:09 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:09 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:09 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:09 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:09 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:09 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:09 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:09 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:09 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:09 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 01:03 - 2013-12-12 01:03 - 00046817 _____ C:\Users\elena\Desktop\3..txt
2013-12-12 01:02 - 2013-12-12 01:02 - 00000841 _____ C:\Users\elena\Desktop\2..txt
2013-12-12 01:00 - 2013-12-12 01:00 - 00000000 ____D C:\FRST
2013-12-11 21:58 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 21:58 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 21:58 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 21:58 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 21:58 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 21:58 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 21:58 - 2013-10-30 01:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 21:58 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 21:58 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 21:58 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 21:58 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 21:58 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 21:58 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 21:58 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 21:58 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 21:58 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 21:58 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 21:58 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 21:58 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 23:12 - 2013-12-11 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-10 23:12 - 2013-12-10 23:50 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-10 23:10 - 2013-12-11 00:02 - 00000000 ____D C:\Users\elena\Desktop\mbar
2013-12-10 23:10 - 2013-12-10 23:49 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-10 00:13 - 2013-12-10 00:13 - 00001120 _____ C:\Users\elena\Desktop\AdwCleaner[S1].txt
2013-12-10 00:03 - 2013-12-10 00:03 - 00001978 _____ C:\Users\elena\Desktop\RKreport[0]_D_12102013_000306.txt
2013-12-10 00:02 - 2013-12-10 00:02 - 00001880 _____ C:\Users\elena\Desktop\RKreport[0]_S_12102013_000252.txt
2013-12-08 16:01 - 2013-12-08 16:01 - 00000000 ____D C:\Users\elena\AppData\Local\{F1C53ADB-1DBA-454A-851F-3B95FE1190B8}
2013-12-07 20:18 - 2013-12-07 20:18 - 00001847 _____ C:\Users\elena\Desktop\RKreport[0]_S_12072013_201831.txt
2013-12-07 20:16 - 2013-12-10 00:03 - 00000000 ____D C:\Users\elena\Desktop\RK_Quarantine
2013-12-07 20:07 - 2013-12-10 00:09 - 00000000 ____D C:\AdwCleaner
2013-12-04 00:55 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-04 00:53 - 2013-12-04 00:53 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 00:51 - 2013-12-04 00:55 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-15 21:28 - 2013-11-15 21:28 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-15 21:27 - 2013-11-15 21:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-15 21:27 - 2013-11-15 21:28 - 00000000 ____D C:\Program Files\iTunes
2013-11-15 21:27 - 2013-11-15 21:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-15 21:27 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files\iPod
2013-11-13 21:04 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 21:04 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 21:04 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 21:04 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 21:04 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 21:04 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 21:04 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 21:04 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 21:04 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 21:03 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 21:03 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 21:03 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 21:03 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 21:03 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 21:03 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 21:03 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 21:03 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 21:03 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 21:03 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 21:03 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 21:03 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 21:03 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 21:03 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 21:03 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 21:03 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 21:03 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 21:03 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 21:03 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 21:03 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 21:03 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-12 22:07 - 2013-12-12 22:04 - 00011274 _____ C:\Users\elena\Desktop\FRST.txt
2013-12-12 22:05 - 2013-12-12 22:04 - 00024474 _____ C:\Users\elena\Desktop\Addition.txt
2013-12-12 22:04 - 2013-12-12 22:03 - 01927274 _____ (Farbar) C:\Users\elena\Desktop\FRST64.exe
2013-12-12 21:58 - 2010-12-07 10:31 - 01879559 _____ C:\Windows\WindowsUpdate.log
2013-12-12 21:19 - 2013-10-29 16:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 21:11 - 2011-03-15 07:01 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 21:11 - 2011-03-15 07:01 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 15:14 - 2009-07-14 05:13 - 00727334 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 09:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 08:16 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:16 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:11 - 2013-10-29 16:38 - 00003640 _____ C:\Windows\setupact.log
2013-12-12 08:11 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 08:11 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 08:11 - 2009-07-14 04:45 - 00319776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 01:03 - 2013-12-12 01:03 - 00046817 _____ C:\Users\elena\Desktop\3..txt
2013-12-12 01:02 - 2013-12-12 01:02 - 00000841 _____ C:\Users\elena\Desktop\2..txt
2013-12-12 01:00 - 2013-12-12 01:00 - 00000000 ____D C:\FRST
2013-12-11 00:02 - 2013-12-10 23:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-11 00:02 - 2013-12-10 23:10 - 00000000 ____D C:\Users\elena\Desktop\mbar
2013-12-10 23:50 - 2013-12-10 23:12 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-10 23:49 - 2013-12-10 23:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-10 21:54 - 2013-10-29 16:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:54 - 2013-10-29 16:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 21:54 - 2013-10-29 16:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 00:13 - 2013-12-10 00:13 - 00001120 _____ C:\Users\elena\Desktop\AdwCleaner[S1].txt
2013-12-10 00:09 - 2013-12-07 20:07 - 00000000 ____D C:\AdwCleaner
2013-12-10 00:03 - 2013-12-10 00:03 - 00001978 _____ C:\Users\elena\Desktop\RKreport[0]_D_12102013_000306.txt
2013-12-10 00:03 - 2013-12-07 20:16 - 00000000 ____D C:\Users\elena\Desktop\RK_Quarantine
2013-12-10 00:02 - 2013-12-10 00:02 - 00001880 _____ C:\Users\elena\Desktop\RKreport[0]_S_12102013_000252.txt
2013-12-09 23:35 - 2013-09-14 11:07 - 00000000 ____D C:\Users\elena\Desktop\mm
2013-12-08 23:33 - 2011-05-23 19:43 - 00000000 ____D C:\Users\elena\AppData\Roaming\SoftGrid Client
2013-12-08 16:01 - 2013-12-08 16:01 - 00000000 ____D C:\Users\elena\AppData\Local\{F1C53ADB-1DBA-454A-851F-3B95FE1190B8}
2013-12-08 11:08 - 2011-03-22 17:31 - 00000000 ____D C:\Users\elena\AppData\Local\Adobe
2013-12-07 20:18 - 2013-12-07 20:18 - 00001847 _____ C:\Users\elena\Desktop\RKreport[0]_S_12072013_201831.txt
2013-12-07 20:16 - 2013-09-24 16:13 - 00001878 _____ C:\Users\elena\Desktop\ipad password.txt
2013-12-07 14:03 - 2011-07-07 22:06 - 00000000 ____D C:\Users\elena\Desktop\CV
2013-12-05 21:06 - 2011-03-15 07:01 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 21:06 - 2011-03-15 07:01 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-04 07:58 - 2011-09-16 20:23 - 00001417 _____ C:\Users\elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 07:57 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-04 00:55 - 2013-12-04 00:51 - 00007785 _____ C:\Windows\IE11_main.log
2013-12-04 00:53 - 2013-12-04 00:53 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 00:53 - 2013-12-04 00:53 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 00:53 - 2013-12-04 00:53 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 00:53 - 2013-12-04 00:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 00:53 - 2013-12-04 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 00:53 - 2013-12-04 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-29 23:13 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 11:54 - 2013-12-12 03:09 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:19 - 2013-12-12 03:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:18 - 2013-12-12 03:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 10:11 - 2013-12-12 03:09 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:48 - 2013-12-12 03:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:46 - 2013-12-12 03:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:41 - 2013-12-12 03:09 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:29 - 2013-12-12 03:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:27 - 2013-12-12 03:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:23 - 2013-12-12 03:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:21 - 2013-12-12 03:09 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:18 - 2013-12-12 03:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:18 - 2013-12-12 03:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:16 - 2013-12-12 03:09 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 08:57 - 2013-12-12 03:09 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 08:38 - 2013-12-12 03:09 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 08:38 - 2013-12-12 03:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 08:35 - 2013-12-12 03:09 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 08:32 - 2013-12-12 03:09 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 08:28 - 2013-12-12 03:09 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 08:16 - 2013-12-12 03:09 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 08:02 - 2013-12-12 03:09 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 07:48 - 2013-12-12 03:09 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 07:32 - 2013-12-12 03:09 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 07:26 - 2013-12-12 03:09 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 07:07 - 2013-12-12 03:09 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 06:40 - 2013-12-12 03:09 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 06:34 - 2013-12-12 03:09 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 06:34 - 2013-12-12 03:09 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 06:33 - 2013-12-12 03:09 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 06:27 - 2013-12-12 03:09 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 18:26 - 2013-12-11 21:58 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 17:47 - 2013-12-11 21:58 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-22 19:01 - 2012-06-06 16:02 - 00000000 ____D C:\Users\elena\Documents\My Kindle Content
2013-11-18 22:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-17 11:56 - 2011-02-28 05:03 - 00075232 _____ C:\Users\elena\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-16 23:09 - 2011-03-02 22:28 - 00027506 _____ C:\Users\elena\AppData\Roaming\wklnhst.dat
2013-11-16 23:07 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-15 21:28 - 2013-11-15 21:28 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-15 21:28 - 2013-11-15 21:27 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-15 21:28 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files\iTunes
2013-11-15 21:28 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-15 21:27 - 2013-11-15 21:27 - 00000000 ____D C:\Program Files\iPod
2013-11-14 01:16 - 2013-08-15 20:57 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 01:14 - 2011-04-08 06:42 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 02:23 - 2013-12-11 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-11-12 02:07 - 2013-12-11 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-10 11:29

==================== End Of Log ============================



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 12 December 2013 - 10:40 PM

Can you tell what the popups are? Can you tell me which browser this is happening in?

 

Please download SC-Cleaner to your desktop then run it.


Edited by fireman4it, 12 December 2013 - 10:43 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:43 AM

Posted 15 December 2013 - 10:01 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users