Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked by surveys/snap.do, redirects, 'video player', fake Adobe Can't run DDS


  • Please log in to reply
9 replies to this topic

#1 Irisim1

Irisim1

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 20 November 2013 - 04:19 PM

This post is a continuation of the previous one that didn't resolve the problem:
http://www.bleepingcomputer.com/forums/t/514759/hijacked-by-surveyssnapdo-redirects-video-player-fake-adobe-etc/page-3
 
Thanks for all your help!
 
I'm trying to do step 6 -  run DDS but I get this message: DDS is not meant to run in compatibility mode. The program shall now exit.
 
Moderator edit: Moved from the Aii forum to the malware logs forum.
Roger

The latest version of the DDS tool does not work in Windows 8.1

Submit this log

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by nasdaq, 21 November 2013 - 10:21 AM.


BC AdBot (Login to Remove)

 


#2 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 22 November 2013 - 07:41 AM

Hello,

 

Thanks for the instruction, I did not see this note because it was an edit of the post so I didn't get a notification. Here is the FSS log: 

 

Farbar Service Scanner Version: 10-11-2013
Ran by Iris (administrator) on 22-11-2013 at 07:39:40
Running from "C:\Users\Iris\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 08:25] - [2013-08-22 08:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-16 21:02] - [2013-10-08 05:13] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A

C:\Windows\System32\dnsrslvr.dll
[2013-11-16 21:02] - [2013-10-08 00:48] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-13 06:55] - [2013-10-12 16:48] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-16 21:02] - [2013-10-06 21:13] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#3 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 23 November 2013 - 08:35 PM

It's been a few days and gradually the browser shows more and more symptoms of infection. I decided to check the add ons again, and to my surprise discovered Tube Dimmer installed! I know I didn't install it, and anyway, it's a new installation of FF - I uninstalled it before, completely, including preferences and all history and bookmarks! That means that the virus is still hiding somewhere in my computer! (And btw, I did uninstal Tube Dimmer a few days ago but that was from the 'uninstall programs' on the PC, not from the browser)

 

I searched online and found this post, as well as this discussion in google groups:

 

http://productforums.google.com/forum/#!topic/websearch/uzJuhdh6h5A

 

In it, a member recommended using CCleaner:

 

"How to get rid of Tube Dimmer malware:

The program Tube Dimmer is a program that will install itself on your computer without your notification? Tube Dimmer is compatible with your Firefox automatically but attaches to other browsers including Chrome and Explorer? You may try to removed it but it will keep coming back? Your antivirus applications will fail to detect this infection and delete it?  

Tube Dimmer is malware which can affect OS: Win32 (Windows XP, Vista, Seven, 8)

Tube Dimmer is an aggressive application that can bypass the detection of antivirus programs. Once installed, this program can attach itself as an extension or plug-in to all kinds of internet browsers like Internet Explorer, Google Chrome and Mozilla Firefox. It claims to allow computer users to turn off the lights while watching videos on favorite websites such as YouTube, Facebook, and Twitter. But in fact Tube Dimmer is a kind of malware that can cause extensive problems on the computer it is installed on.

Normally, if users open Firefox or other browsers, they find that Tube Dimmer keeps attaching itself to the browsers, and if you remove it from your browsers, Tube Dimmer continually appears again. Why this happen? As a malware this program changes the settings of the original search engine, homepage, DNS, LAN or others. Once these changes occur, if users tab a new search or open a new site, they are redirected to some other malicious sites which contain a ton of popup ads or links. If users click any links, more unknown programs can install on the computer. Besides, users cannot get access to the network because it network sees that there is something attached to that computer each time you try to open a search.

In addition, this program may introduce some other similar malware, adware, hijacker browser, Trojan or viruses, and other infections onto the attacked system. what is worse, this infection is embedded into some codes by cyber criminals who want to gain profits from victims by recording the browsing history and collect the important information such as confidential information from users. And then they can use onto the commercial purpose in the future.

Usually, Tube Dimmer Malware runs into target system without asking your permission. This malware can reach the computer by utilizing the vulnerabilities of the system, or window firewall, attaching with the freeware or shareware, packing with infected websites or spam emails. If you pay no attention searching online, this program can install on your system secretly. Tube Dimmer can modify the settings of the original search engine, homepage, DNS, LAN or others in the backstage.

Now to get to the easy part for you. I spent a 2 days researching the internet and working on my computer trying to rid myself of Tube Dimmer. I downloaded the anti malware and anti spyware programs such as MalwareBytes, and SuperAntivirus Professional that my online research suggested I needed to get rid of it. I even went into my safe mode as they suggested to get rid of stuff that didn't look right because malware can't work in safe mode and therefore you can hopefully find the file without it moving and delete it.

NOTHING got rid of it.  ACCEPT ONE PROGRAM that is free called CCleaner. I was so upset because this program was already on my computer and I didn't try it right off the bat. But after almost 12 hours of researching and working with my computer, I was ready to re-install my system to get rid of it, but I noticed I had CCleaner on my desktop. I really didn't expect it to work since none of the other antivirus, antimalware programs worked, but I went ahead and did two scans.  

It found a bunch of stuff and I deleted it.  I didn't even look to see what it was because Tube Dimmer will use file names that look legitimate like Microsoft.

CCleaner, allows you to choose what part of your system you want to scan.  I scanned all my internet and browser programs since I have 3, and also did a scan on the registry to get any left over registry's and made sure all things found were deleted. After these two scans, I restarted my computer to see if Tube Dimmer would attach itself to my browsers again and it didn't.  It hasn't shown up since no matter how many times I restart my browsers.

Here is the download for free CCleaner: http://ccleaner.en.softonic.com/ (make sure you update it to the most resent updates)

Good Luck, I hope it works for you because if it doesn't your in deep DO DO. An online troubleshoot company wanted $69.00 to fix it for me by remote."

 

 

I am waiting for a reply from a helper in this forum, and I was asked not to make any changes on the system until then, so I'm not taking any action yet.



#4 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 23 November 2013 - 09:04 PM

And: surprise, surprise! Tube Dimmer was there again in addons after being removed once already!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 PM

Posted 24 November 2013 - 02:03 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Very few of our current tools are ready to tackle the Windows 8.1 version.

Try this one.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#6 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 24 November 2013 - 04:13 PM

Hi nasdaq, thank you for helping!

 

Here is the log, and the additional log attached:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by Iris (administrator) on WINDOWS-19FV8JI on 24-11-2013 16:01:59
Running from C:\Users\Iris\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Updater) C:\ProgramData\Updater\updater.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MouseDriver] - C:\Windows\System32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [4384928 2012-08-27] (Dell Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [EPSON TX420 NX420 Series] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCP.EXE /FU "C:\Users\Iris\AppData\Local\Temp\E_S9F3B.tmp" /EF "HKCU"
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [76912 2012-07-13] (cyberlink)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PETN - {C9735335-8CA0-44D2-B7ED-8D53145F583F} - C:\Users\Iris\AppData\Local\TidyNetwork\petn.dll No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\oqt4o5dt.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: WOT - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\oqt4o5dt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: noscript - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\oqt4o5dt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\oqt4o5dt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-24 16:01 - 2013-11-24 16:02 - 00014847 _____ C:\Users\Iris\Desktop\FRST.txt
2013-11-24 16:01 - 2013-11-24 16:01 - 00000000 ____D C:\FRST
2013-11-24 15:59 - 2013-11-24 15:59 - 01958440 _____ (Farbar) C:\Users\Iris\Desktop\FRST64.exe
2013-11-22 07:39 - 2013-11-22 07:39 - 00360775 _____ (Farbar) C:\Users\Iris\Desktop\FSS.exe
2013-11-22 07:39 - 2013-11-22 07:39 - 00003051 _____ C:\Users\Iris\Desktop\FSS.txt
2013-11-20 17:34 - 2013-11-20 17:34 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Iris\Desktop\rkill.com
2013-11-20 16:35 - 2013-11-20 16:35 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-20 16:24 - 2013-11-20 16:24 - 00688992 _____ (Swearware) C:\Users\Iris\Desktop\dds.com
2013-11-20 16:16 - 2013-11-20 16:16 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-20 16:16 - 2013-11-20 16:16 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Mozilla
2013-11-20 16:16 - 2013-11-20 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 15:26 - 2013-11-20 15:26 - 00002054 _____ C:\Users\Iris\Desktop\JRT.txt
2013-11-20 15:17 - 2013-11-20 15:17 - 01034531 _____ (Thisisu) C:\Users\Iris\Desktop\JRT.exe
2013-11-20 15:15 - 2013-11-20 15:15 - 01034531 _____ (Thisisu) C:\Users\Iris\Downloads\JRT.exe
2013-11-20 10:42 - 2013-11-20 10:42 - 00003053 _____ C:\Users\Iris\Downloads\FSS.txt
2013-11-20 10:41 - 2013-11-20 10:42 - 00360775 _____ (Farbar) C:\Users\Iris\Downloads\FSS.exe
2013-11-20 00:44 - 2013-11-20 00:44 - 00282904 _____ (Mozilla) C:\Users\Iris\Desktop\Firefox Setup Stub 25.0.1.exe
2013-11-20 00:21 - 2013-11-20 00:21 - 00000863 _____ C:\Users\Iris\Desktop\ESETscan.txt
2013-11-19 22:48 - 2013-11-19 22:48 - 02347384 _____ (ESET) C:\Users\Iris\Desktop\esetsmartinstaller_enu.exe
2013-11-19 22:48 - 2013-11-19 22:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-19 22:39 - 2013-11-19 22:39 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-19 22:08 - 2013-11-19 22:11 - 00000000 ____D C:\AdwCleaner
2013-11-19 22:08 - 2013-11-19 22:08 - 01085542 _____ C:\Users\Iris\Desktop\AdwCleaner.exe
2013-11-19 22:02 - 2013-11-19 22:02 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Iris\Desktop\tdsskiller.exe
2013-11-19 21:49 - 2013-11-20 17:35 - 00003860 _____ C:\Users\Iris\Desktop\Rkill.txt
2013-11-19 21:49 - 2013-11-19 21:49 - 00000000 ____D C:\Users\Iris\Desktop\rkill
2013-11-19 21:48 - 2013-11-19 21:48 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Iris\Downloads\rkill.com
2013-11-19 21:35 - 2013-11-19 21:35 - 00027910 _____ C:\Users\Iris\Downloads\Result.txt
2013-11-19 21:33 - 2013-11-19 21:33 - 00760937 _____ (Farbar) C:\Users\Iris\Downloads\MiniToolBox.exe
2013-11-19 21:33 - 2013-11-19 21:33 - 00001199 _____ C:\Users\Iris\Desktop\MiniToolBox - Shortcut.lnk
2013-11-19 17:39 - 2013-11-24 15:58 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D20FD748-DD4F-4535-86AA-98867C15643B}
2013-11-19 17:37 - 2013-11-19 17:37 - 00282904 _____ (Mozilla) C:\Users\Iris\Downloads\Firefox Setup Stub 25.0.1.exe
2013-11-19 08:51 - 2013-11-19 08:56 - 00000000 ____D C:\Program Files (x86)\Applian Technologies
2013-11-19 08:50 - 2013-11-20 00:07 - 00000000 ____D C:\ProgramData\Updater
2013-11-19 08:50 - 2013-11-19 08:50 - 00000000 ____D C:\ProgramData\RHelpers
2013-11-19 08:48 - 2013-11-20 15:50 - 00000000 ____D C:\Users\Iris\AppData\Roaming\MyWordTool
2013-11-19 08:48 - 2013-11-19 08:48 - 00003854 _____ C:\WINDOWS\System32\Tasks\TidyNetwork Update
2013-11-16 21:02 - 2013-10-23 06:29 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2013-11-16 21:02 - 2013-10-23 06:21 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-11-16 21:02 - 2013-10-23 06:13 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2013-11-16 21:02 - 2013-10-23 00:27 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-16 21:02 - 2013-10-23 00:09 - 04104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-11-16 21:02 - 2013-10-23 00:04 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-16 21:02 - 2013-10-22 23:55 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-11-16 21:02 - 2013-10-22 23:46 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-11-16 21:02 - 2013-10-22 03:18 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-11-16 21:02 - 2013-10-22 02:55 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-11-16 21:02 - 2013-10-22 01:03 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-11-16 21:02 - 2013-10-22 00:15 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2013-11-16 21:02 - 2013-10-21 23:04 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2013-11-16 21:02 - 2013-10-21 23:02 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-11-16 21:02 - 2013-10-21 22:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2013-11-16 21:02 - 2013-10-21 22:44 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2013-11-16 21:02 - 2013-10-21 21:38 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2013-11-16 21:02 - 2013-10-21 21:22 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-11-16 21:02 - 2013-10-21 21:13 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-11-16 21:02 - 2013-10-21 21:07 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-16 21:02 - 2013-10-21 20:53 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2013-11-16 21:02 - 2013-10-21 20:47 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-16 21:02 - 2013-10-19 04:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-11-16 21:02 - 2013-10-19 03:51 - 00481392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2013-11-16 21:02 - 2013-10-19 02:12 - 00380656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2013-11-16 21:02 - 2013-10-19 01:24 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-11-16 21:02 - 2013-10-18 23:48 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2013-11-16 21:02 - 2013-10-18 23:03 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2013-11-16 21:02 - 2013-10-18 22:57 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-11-16 21:02 - 2013-10-18 22:28 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-11-16 21:02 - 2013-10-18 22:26 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2013-11-16 21:02 - 2013-10-18 22:14 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2013-11-16 21:02 - 2013-10-17 10:42 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2013-11-16 21:02 - 2013-10-17 10:42 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2013-11-16 21:02 - 2013-10-17 09:04 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2013-11-16 21:02 - 2013-10-16 04:34 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2013-11-16 21:02 - 2013-10-16 04:33 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2013-11-16 21:02 - 2013-10-12 22:06 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2013-11-16 21:02 - 2013-10-12 21:43 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-11-16 21:02 - 2013-10-11 10:11 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-11-16 21:02 - 2013-10-11 09:22 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-11-16 21:02 - 2013-10-11 08:24 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-11-16 21:02 - 2013-10-11 08:04 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-11-16 21:02 - 2013-10-11 08:03 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2013-11-16 21:02 - 2013-10-10 11:44 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2013-11-16 21:02 - 2013-10-10 11:26 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-11-16 21:02 - 2013-10-10 11:26 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2013-11-16 21:02 - 2013-10-10 11:23 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-11-16 21:02 - 2013-10-10 09:53 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-11-16 21:02 - 2013-10-10 09:53 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2013-11-16 21:02 - 2013-10-10 06:53 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2013-11-16 21:02 - 2013-10-10 06:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2013-11-16 21:02 - 2013-10-10 06:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2013-11-16 21:02 - 2013-10-10 05:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-11-16 21:02 - 2013-10-10 05:19 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-11-16 21:02 - 2013-10-09 00:40 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-11-16 21:02 - 2013-10-08 06:07 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-11-16 21:02 - 2013-10-08 05:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2013-11-16 21:02 - 2013-10-08 05:13 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-11-16 21:02 - 2013-10-08 01:46 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2013-11-16 21:02 - 2013-10-08 00:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2013-11-16 21:02 - 2013-10-08 00:50 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2013-11-16 21:02 - 2013-10-08 00:48 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2013-11-16 21:02 - 2013-10-08 00:15 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2013-11-16 21:02 - 2013-10-08 00:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2013-11-16 21:02 - 2013-10-07 23:50 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2013-11-16 21:02 - 2013-10-07 23:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2013-11-16 21:02 - 2013-10-07 02:21 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-11-16 21:02 - 2013-10-07 02:21 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-11-16 21:02 - 2013-10-06 21:13 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-11-16 21:02 - 2013-10-05 10:25 - 00371032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-11-16 21:02 - 2013-10-05 10:25 - 00057176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2013-11-16 21:02 - 2013-10-05 09:21 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2013-11-16 21:02 - 2013-10-05 07:05 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2013-11-16 21:02 - 2013-10-05 06:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2013-11-16 21:02 - 2013-10-05 04:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2013-11-16 21:02 - 2013-10-05 04:18 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2013-11-16 21:02 - 2013-10-05 04:07 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-11-16 21:02 - 2013-10-05 03:56 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-16 21:02 - 2013-10-05 03:55 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2013-11-16 21:02 - 2013-10-05 03:40 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2013-11-16 21:02 - 2013-10-05 03:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2013-11-16 21:02 - 2013-10-05 03:21 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-16 21:02 - 2013-10-05 03:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2013-11-16 21:02 - 2013-10-05 02:43 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-16 21:02 - 2013-10-05 02:39 - 06639616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2013-11-16 21:02 - 2013-10-05 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-16 21:02 - 2013-10-05 02:32 - 05769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2013-11-16 21:02 - 2013-10-04 03:10 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2013-11-16 21:02 - 2013-09-19 00:04 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-11-16 21:02 - 2013-09-17 04:06 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-11-16 21:02 - 2013-09-17 04:06 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-11-16 21:02 - 2013-09-17 01:31 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-11-16 21:02 - 2013-09-17 01:31 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-11-16 21:02 - 2013-09-16 23:37 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2013-11-16 21:02 - 2013-09-14 09:07 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2013-11-16 21:02 - 2013-09-14 09:00 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2013-11-16 21:02 - 2013-09-14 07:39 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2013-11-16 21:02 - 2013-09-14 07:33 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2013-11-16 21:02 - 2013-09-14 05:05 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2013-11-16 21:02 - 2013-09-14 04:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2013-11-16 21:02 - 2013-09-13 03:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2013-11-16 21:02 - 2013-09-13 02:47 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2013-11-16 21:02 - 2013-09-12 03:45 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2013-11-16 21:02 - 2013-09-12 03:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2013-11-16 21:02 - 2013-09-12 03:08 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2013-11-16 21:02 - 2013-09-12 03:02 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2013-11-16 21:02 - 2013-09-12 02:44 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2013-11-16 21:02 - 2013-09-12 02:37 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2013-11-16 21:02 - 2013-09-12 02:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2013-11-16 21:02 - 2013-09-12 02:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2013-11-16 21:02 - 2013-09-12 02:16 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2013-11-16 21:02 - 2013-09-12 02:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2013-11-16 21:02 - 2013-09-11 07:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-11-16 21:02 - 2013-09-10 00:26 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2013-11-16 21:02 - 2013-09-09 23:52 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll
2013-11-16 21:02 - 2013-09-09 23:34 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2013-11-16 21:00 - 2013-11-05 15:21 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-16 21:00 - 2013-11-05 13:51 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-16 21:00 - 2013-11-05 11:20 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-16 21:00 - 2013-11-05 11:11 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-16 21:00 - 2013-11-05 09:30 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-16 21:00 - 2013-11-05 09:29 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-16 21:00 - 2013-10-10 06:26 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2013-11-16 21:00 - 2013-10-10 06:05 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2013-11-16 21:00 - 2013-10-10 05:34 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2013-11-16 21:00 - 2013-10-10 05:27 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2013-11-15 19:01 - 2013-11-20 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 06:55 - 2013-11-13 06:55 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-11-13 06:55 - 2013-11-13 06:55 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-11-13 06:55 - 2013-10-19 03:08 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-13 06:55 - 2013-10-19 01:37 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-13 06:55 - 2013-10-19 01:02 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-13 06:55 - 2013-10-19 00:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2013-11-13 06:55 - 2013-10-19 00:19 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-13 06:55 - 2013-10-19 00:10 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-13 06:55 - 2013-10-18 23:52 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-13 06:55 - 2013-10-18 23:44 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-13 06:55 - 2013-10-18 23:37 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-13 06:55 - 2013-10-18 23:31 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-11-13 06:55 - 2013-10-18 22:56 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-13 06:55 - 2013-10-18 22:55 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-11-13 06:55 - 2013-10-18 22:53 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-13 06:55 - 2013-10-18 22:23 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-13 06:55 - 2013-10-18 22:09 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-13 06:55 - 2013-10-18 22:02 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-13 06:55 - 2013-10-16 10:58 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-13 06:55 - 2013-10-16 08:54 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-13 06:55 - 2013-10-12 21:48 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-13 06:55 - 2013-10-12 16:48 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-13 06:55 - 2013-10-12 16:34 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-13 06:55 - 2013-10-05 09:21 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-13 06:55 - 2013-10-05 03:39 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-10 21:32 - 2013-11-10 21:32 - 00000000 ____D C:\Users\Iris\AppData\Local\Intel_Corporation
2013-11-08 22:05 - 2013-11-08 22:05 - 00000000 ____D C:\Users\Public\CyberLink
2013-11-04 08:48 - 2013-11-04 08:49 - 00018561 _____ C:\Users\Iris\Documents\Void Moon.odt
2013-11-03 01:36 - 2013-11-03 01:37 - 98660176 _____ (Apple Inc.) C:\Users\Iris\Downloads\iTunesSetup.exe
2013-10-29 02:40 - 2013-10-29 02:40 - 00000000 __SHD C:\Recovery
2013-10-29 02:39 - 2013-10-30 05:04 - 00000000 ___DC C:\WINDOWS\Panther
2013-10-29 02:38 - 2013-10-29 02:38 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-10-29 02:38 - 2013-10-29 02:38 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-10-29 02:38 - 2013-10-29 02:38 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files\MSBuild
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-29 02:33 - 2013-08-02 23:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-10-29 02:33 - 2013-08-02 23:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-29 02:33 - 2013-08-02 23:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-10-29 02:33 - 2013-08-02 23:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-10-29 02:33 - 2013-08-02 23:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-29 02:33 - 2013-08-02 23:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-10-28 23:29 - 2013-10-28 23:29 - 00001448 _____ C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-28 23:29 - 2013-10-28 23:29 - 00000020 ___SH C:\Users\Iris\ntuser.ini
2013-10-28 23:05 - 2013-10-28 23:05 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-10-28 22:58 - 2012-01-05 14:28 - 02603864 ____N (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2013-10-28 22:58 - 2012-01-05 14:28 - 01468760 ____N (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioIDT64.dll
2013-10-28 22:54 - 2013-10-28 22:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-28 22:54 - 2013-10-28 22:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-28 22:52 - 2013-10-28 22:52 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-10-28 22:50 - 2013-10-28 23:29 - 00000000 ____D C:\Users\Iris
2013-10-28 22:50 - 2013-10-28 23:06 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2013-10-28 22:50 - 2013-10-28 23:06 - 00028578 _____ C:\WINDOWS\diagerr.xml
2013-10-28 22:50 - 2013-10-28 22:52 - 00000000 ___RD C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-28 22:50 - 2013-10-28 22:51 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-28 22:50 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-28 22:50 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-10-28 22:50 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-28 22:50 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-10-28 22:50 - 2013-08-22 10:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-28 22:50 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-28 22:45 - 2013-10-28 22:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2013-10-28 22:44 - 2013-08-29 17:43 - 06599968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2013-10-28 22:44 - 2013-08-29 17:43 - 03452192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2013-10-28 22:44 - 2013-08-29 17:43 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2013-10-28 22:44 - 2013-08-29 17:43 - 01042208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2013-10-28 22:44 - 2013-08-29 17:43 - 00920864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2013-10-28 22:44 - 2013-08-29 17:43 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2013-10-28 22:44 - 2013-08-29 17:43 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2013-10-28 22:44 - 2013-08-29 17:43 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2013-10-28 22:44 - 2013-08-29 15:28 - 03349466 _____ C:\WINDOWS\system32\nvcoproc.bin
2013-10-28 22:43 - 2013-11-24 11:01 - 01935629 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-28 22:43 - 2013-10-28 22:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-28 22:43 - 2013-10-28 22:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-28 22:43 - 2013-10-28 22:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-28 22:43 - 2013-10-28 22:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2013-10-28 22:42 - 2013-10-28 22:53 - 00000000 ____D C:\Program Files\Intel
2013-10-28 22:42 - 2013-10-28 22:53 - 00000000 ____D C:\Program Files (x86)\Intel
2013-10-28 22:42 - 2013-10-28 22:43 - 00000000 ____D C:\Program Files\DellTPad
2013-10-28 22:42 - 2013-10-03 22:43 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2013-10-28 22:42 - 2013-10-03 22:43 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2013-10-28 22:08 - 2013-10-28 23:06 - 00006532 _____ C:\WINDOWS\comsetup.log

==================== One Month Modified Files and Folders =======

2013-11-24 16:02 - 2013-11-24 16:01 - 00014847 _____ C:\Users\Iris\Desktop\FRST.txt
2013-11-24 16:01 - 2013-11-24 16:01 - 00000000 ____D C:\FRST
2013-11-24 16:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-11-24 15:59 - 2013-11-24 15:59 - 01958440 _____ (Farbar) C:\Users\Iris\Desktop\FRST64.exe
2013-11-24 15:58 - 2013-11-19 17:39 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D20FD748-DD4F-4535-86AA-98867C15643B}
2013-11-24 13:25 - 2013-06-29 21:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-24 11:01 - 2013-10-28 22:43 - 01935629 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-24 10:54 - 2013-07-04 10:58 - 00000000 ____D C:\ProgramData\MFAData
2013-11-23 05:20 - 2013-06-28 17:28 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1043673156-2242556650-1862302657-1002
2013-11-23 02:05 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-11-22 17:00 - 2013-06-20 14:12 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-11-22 16:58 - 2013-09-29 23:04 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-22 07:39 - 2013-11-22 07:39 - 00360775 _____ (Farbar) C:\Users\Iris\Desktop\FSS.exe
2013-11-22 07:39 - 2013-11-22 07:39 - 00003051 _____ C:\Users\Iris\Desktop\FSS.txt
2013-11-21 06:51 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-21 06:50 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-11-21 00:16 - 2013-07-01 23:11 - 00000000 ____D C:\Users\Iris\AppData\Roaming\vlc
2013-11-20 17:35 - 2013-11-19 21:49 - 00003860 _____ C:\Users\Iris\Desktop\Rkill.txt
2013-11-20 17:34 - 2013-11-20 17:34 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Iris\Desktop\rkill.com
2013-11-20 16:35 - 2013-11-20 16:35 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-20 16:34 - 2013-09-29 22:55 - 00006920 _____ C:\WINDOWS\PFRO.log
2013-11-20 16:24 - 2013-11-20 16:24 - 00688992 _____ (Swearware) C:\Users\Iris\Desktop\dds.com
2013-11-20 16:16 - 2013-11-20 16:16 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-20 16:16 - 2013-11-20 16:16 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Mozilla
2013-11-20 16:16 - 2013-11-20 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 16:16 - 2013-11-15 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-20 15:50 - 2013-11-19 08:48 - 00000000 ____D C:\Users\Iris\AppData\Roaming\MyWordTool
2013-11-20 15:36 - 2013-08-22 09:46 - 00332165 _____ C:\WINDOWS\setupact.log
2013-11-20 15:26 - 2013-11-20 15:26 - 00002054 _____ C:\Users\Iris\Desktop\JRT.txt
2013-11-20 15:17 - 2013-11-20 15:17 - 01034531 _____ (Thisisu) C:\Users\Iris\Desktop\JRT.exe
2013-11-20 15:15 - 2013-11-20 15:15 - 01034531 _____ (Thisisu) C:\Users\Iris\Downloads\JRT.exe
2013-11-20 10:42 - 2013-11-20 10:42 - 00003053 _____ C:\Users\Iris\Downloads\FSS.txt
2013-11-20 10:42 - 2013-11-20 10:41 - 00360775 _____ (Farbar) C:\Users\Iris\Downloads\FSS.exe
2013-11-20 00:44 - 2013-11-20 00:44 - 00282904 _____ (Mozilla) C:\Users\Iris\Desktop\Firefox Setup Stub 25.0.1.exe
2013-11-20 00:21 - 2013-11-20 00:21 - 00000863 _____ C:\Users\Iris\Desktop\ESETscan.txt
2013-11-20 00:07 - 2013-11-19 08:50 - 00000000 ____D C:\ProgramData\Updater
2013-11-19 22:48 - 2013-11-19 22:48 - 02347384 _____ (ESET) C:\Users\Iris\Desktop\esetsmartinstaller_enu.exe
2013-11-19 22:48 - 2013-11-19 22:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-19 22:39 - 2013-11-19 22:39 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-19 22:11 - 2013-11-19 22:08 - 00000000 ____D C:\AdwCleaner
2013-11-19 22:08 - 2013-11-19 22:08 - 01085542 _____ C:\Users\Iris\Desktop\AdwCleaner.exe
2013-11-19 22:02 - 2013-11-19 22:02 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Iris\Desktop\tdsskiller.exe
2013-11-19 21:49 - 2013-11-19 21:49 - 00000000 ____D C:\Users\Iris\Desktop\rkill
2013-11-19 21:48 - 2013-11-19 21:48 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Iris\Downloads\rkill.com
2013-11-19 21:35 - 2013-11-19 21:35 - 00027910 _____ C:\Users\Iris\Downloads\Result.txt
2013-11-19 21:33 - 2013-11-19 21:33 - 00760937 _____ (Farbar) C:\Users\Iris\Downloads\MiniToolBox.exe
2013-11-19 21:33 - 2013-11-19 21:33 - 00001199 _____ C:\Users\Iris\Desktop\MiniToolBox - Shortcut.lnk
2013-11-19 20:07 - 2013-07-19 18:00 - 00000416 _____ C:\WINDOWS\SysWOW64\AppLog.log
2013-11-19 18:55 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-11-19 18:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2013-11-19 17:40 - 2013-06-29 21:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-19 17:39 - 2013-06-29 21:23 - 00000000 ____D C:\Users\Iris\AppData\Local\Google
2013-11-19 17:37 - 2013-11-19 17:37 - 00282904 _____ (Mozilla) C:\Users\Iris\Downloads\Firefox Setup Stub 25.0.1.exe
2013-11-19 08:56 - 2013-11-19 08:51 - 00000000 ____D C:\Program Files (x86)\Applian Technologies
2013-11-19 08:50 - 2013-11-19 08:50 - 00000000 ____D C:\ProgramData\RHelpers
2013-11-19 08:49 - 2013-09-09 16:40 - 00000000 ____D C:\Users\Iris\AppData\Local\AVG SafeGuard toolbar
2013-11-19 08:48 - 2013-11-19 08:48 - 00003854 _____ C:\WINDOWS\System32\Tasks\TidyNetwork Update
2013-11-19 08:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Resources
2013-11-19 07:30 - 2013-06-30 18:08 - 00000000 ____D C:\Users\Iris\AppData\Local\Adobe
2013-11-19 07:30 - 2013-06-29 21:43 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-11-19 07:25 - 2013-06-28 17:22 - 00000000 ___RD C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-19 07:25 - 2013-06-28 17:22 - 00000000 ___RD C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-19 07:24 - 2013-08-22 09:44 - 00369688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-19 07:22 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-19 07:22 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-19 07:22 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-19 07:22 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-14 08:20 - 2013-09-09 16:40 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2013-11-14 08:20 - 2013-09-09 16:40 - 00003741 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-13 22:20 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-11-13 07:11 - 2013-08-14 09:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 07:09 - 2013-06-29 20:39 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 06:55 - 2013-11-13 06:55 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-11-13 06:55 - 2013-11-13 06:55 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-11-12 18:05 - 2013-07-06 20:43 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-10 21:32 - 2013-11-10 21:32 - 00000000 ____D C:\Users\Iris\AppData\Local\Intel_Corporation
2013-11-09 00:57 - 2013-06-29 21:49 - 00000000 ____D C:\Users\Iris\AppData\Roaming\.minecraft
2013-11-08 22:05 - 2013-11-08 22:05 - 00000000 ____D C:\Users\Public\CyberLink
2013-11-05 18:31 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-05 18:31 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 15:21 - 2013-11-16 21:00 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-05 13:51 - 2013-11-16 21:00 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-05 11:20 - 2013-11-16 21:00 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-05 11:11 - 2013-11-16 21:00 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-05 09:30 - 2013-11-16 21:00 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-05 09:29 - 2013-11-16 21:00 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-04 08:49 - 2013-11-04 08:48 - 00018561 _____ C:\Users\Iris\Documents\Void Moon.odt
2013-11-03 12:13 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-11-03 01:37 - 2013-11-03 01:36 - 98660176 _____ (Apple Inc.) C:\Users\Iris\Downloads\iTunesSetup.exe
2013-10-30 17:30 - 2013-08-13 13:23 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Skype
2013-10-30 16:28 - 2013-06-28 17:21 - 00000000 ____D C:\Users\Iris\AppData\Local\Packages
2013-10-30 05:04 - 2013-10-29 02:39 - 00000000 ___DC C:\WINDOWS\Panther
2013-10-29 02:40 - 2013-10-29 02:40 - 00000000 __SHD C:\Recovery
2013-10-29 02:39 - 2013-08-22 10:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-10-29 02:38 - 2013-10-29 02:38 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-10-29 02:38 - 2013-10-29 02:38 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-10-29 02:38 - 2013-10-29 02:38 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-10-29 02:38 - 2013-10-29 02:38 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-10-29 02:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Camera
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files\MSBuild
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-10-29 02:34 - 2013-10-29 02:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-29 00:07 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\restore
2013-10-28 23:29 - 2013-10-28 23:29 - 00001448 _____ C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-28 23:29 - 2013-10-28 23:29 - 00000020 ___SH C:\Users\Iris\ntuser.ini
2013-10-28 23:29 - 2013-10-28 22:50 - 00000000 ____D C:\Users\Iris
2013-10-28 23:06 - 2013-10-28 22:50 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2013-10-28 23:06 - 2013-10-28 22:50 - 00028578 _____ C:\WINDOWS\diagerr.xml
2013-10-28 23:06 - 2013-10-28 22:08 - 00006532 _____ C:\WINDOWS\comsetup.log
2013-10-28 23:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Registration
2013-10-28 23:05 - 2013-10-28 23:05 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-10-28 23:03 - 2013-06-20 14:28 - 00880342 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2013-10-28 23:02 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media
2013-10-28 23:02 - 2013-08-22 10:36 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-28 23:01 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-10-28 22:57 - 2013-07-07 09:59 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2013-10-28 22:57 - 2013-07-07 09:59 - 00000000 ____D C:\WINDOWS\system32\NV
2013-10-28 22:56 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-10-28 22:56 - 2013-07-27 18:02 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-28 22:56 - 2013-07-06 20:54 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-28 22:56 - 2013-06-20 14:10 - 00000000 ____D C:\WINDOWS\en
2013-10-28 22:54 - 2013-10-28 22:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-28 22:54 - 2013-10-28 22:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-28 22:54 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2013-10-28 22:54 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2013-10-28 22:54 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\system32\WCN
2013-10-28 22:54 - 2013-08-22 10:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log
2013-10-28 22:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2013-10-28 22:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2013-10-28 22:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2013-10-28 22:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\spool
2013-10-28 22:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-10-28 22:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\IME
2013-10-28 22:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2013-10-28 22:54 - 2013-07-02 15:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2013-10-28 22:54 - 2012-07-26 00:37 - 00000000 ____D C:\Users\Default.migrated
2013-10-28 22:53 - 2013-10-28 22:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-28 22:53 - 2013-10-28 22:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-28 22:53 - 2013-10-28 22:42 - 00000000 ____D C:\Program Files\Intel
2013-10-28 22:53 - 2013-10-28 22:42 - 00000000 ____D C:\Program Files (x86)\Intel
2013-10-28 22:53 - 2013-08-22 10:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2013-10-28 22:53 - 2013-08-22 10:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-10-28 22:53 - 2013-08-22 10:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-10-28 22:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Help
2013-10-28 22:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-28 22:53 - 2013-06-20 13:34 - 00000000 ____D C:\ProgramData\PRICache
2013-10-28 22:52 - 2013-10-28 22:52 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-10-28 22:52 - 2013-10-28 22:50 - 00000000 ___RD C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-28 22:52 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-10-28 22:51 - 2013-10-28 22:50 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-28 22:45 - 2013-10-28 22:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2013-10-28 22:45 - 2013-08-22 09:46 - 00000084 _____ C:\WINDOWS\setuperr.log
2013-10-28 22:44 - 2013-10-28 22:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-28 22:43 - 2013-10-28 22:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2013-10-28 22:43 - 2013-10-28 22:42 - 00000000 ____D C:\Program Files\DellTPad
2013-10-28 22:41 - 2013-08-22 08:36 - 00000000 __RHD C:\Users\Default
2013-10-28 22:22 - 2013-06-20 13:34 - 01262819 _____ C:\WINDOWS\WindowsUpdate (1).log
2013-10-28 21:52 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent

Some content of TEMP:
====================
C:\Users\Iris\AppData\Local\Temp\Quarantine.exe
C:\Users\Iris\AppData\Local\Temp\Uresponse.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-11-16 21:02] - [2013-10-22 02:55] - 2328872 ____A (Microsoft Corporation) 63DC38C3E4564B2405D562855643ABA2

C:\Windows\SysWOW64\explorer.exe
[2013-11-16 21:02] - [2013-10-22 01:03] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2013-11-16 21:02] - [2013-10-21 21:38] - 1362944 ____A (Microsoft Corporation) C72456BFFE941714CF05B0AA0BEE5B45

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-21 07:34

==================== End Of Log ============================

Attached Files



#7 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 24 November 2013 - 10:59 PM

A friend suggested to do a system restore. Is that something that could solve the problem?

 

In the past, with a previous computer I just decided to go through formatting the computer. Maybe that's what I should do now - reinstall the OS?

 

Thanks again,

Iris



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 PM

Posted 25 November 2013 - 09:28 AM

A friend suggested to do a system restore. Is that something that could solve the problem?

If you can restore it to a date prior to the start of the current problem.

Let me know which we you go. Or if you want me to look at your last log.

#9 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 25 November 2013 - 03:16 PM

I don't know, I'm not very experienced with that. I don't think I have created a restore point because this computer is relatively new, but my friend says it does it automatically. I will check to see.



#10 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 25 November 2013 - 05:17 PM

OK! I did the system restore to a previous date, and now I'll let it run for a while, we'll see if everything is working properly. I'll report back tomorrow!

Thanks again,

Iris






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users