TechSpot

Difficult rootkit infestation, causes bluescreens

By Chromana
May 27, 2013
  1. Now I consider myself a geek and I'm usually the go-to guy for other people who need tech help but I'm pretty stumped by this. I could continue trying out random removal tools but I figured asking the pros would be beneficial!

    Running Windows 8 on a laptop. I got infected by a normally perfectly good website which must have become compromised. I use Chrome and Avast AV so I'm surprised I wasn't notified during the infection. First Chome crashed then my computer bluescreened within a minute of going to the infected website.

    Symptoms and things tried:
    • After logging onto the computer it will bluescreen after about 20-40 seconds. Usually with error 0x000021A but sometimes with some other error like vital_service_died (or something like that). It doesn't crash if left on the login screen.
    • When Windows restarts after the bluescreen it runs the drive checker on boot to check for drive errors. I've let this run a couple times and nothing bad is ever found. I just skip it now.
    • I managed to get the computer to always load into safe mode w/ networking which is (almost) completely stable. I'm typing this message from there right now.
    • Running a full Avast AV scan in safe mode reveals 119 infected files which it labels as being rootkits. It doesn't give any actual rootkit names. It suggests to let Avast run on boot to remove the items but my computer always bluescreens while shutting down or restarting (even from safe mode) so Avast has been unable to do a boot scan.
    • Malwarebytes comes up with no infections (I'll attach the log anyway).
    • I got Kaspersky TDSSKiller which finds 82 infections all of which it calls "Suspicious object, medium risk". I chose to copy all the objects to quarantine Then I restarted and scanned again but everything was still there.
    • I got AVG boot scan which runs off of a bootable CD. It found nothing.
    Many thanks for any help!
     
  2. Chromana

    Chromana TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.28.01

    Windows 8 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 10.0.9200.16580
    Alex :: ALEX-LAPTOP [administrator]

    28/05/2013 02:45:59
    mbam-log-2013-05-28 (02-45-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239956
    Time elapsed: 3 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. Chromana

    Chromana TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
    Run by Alex at 2:50:04 on 2013-05-28
    Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.44.2057.18.3582.2280 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:Tabs
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Spotify Web Helper] "C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [EsternTimesMouseExRun] "C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" -runauto
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{B269AA37-70F9-4A27-BDE8-440C0016DB96} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{DA97F45A-7EB6-435F-BB66-D8BB6D08E724} : DHCPNameServer = 192.168.42.129
    TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\35B4956373648353 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\44550275962756C6563737 : DHCPNameServer = 129.234.4.13 129.234.4.9
    TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\5616374736F6163747D277966696 : DHCPNameServer = 10.101.0.1
    TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\D4F6E6E69772373556879775966696 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\D4F6E6E697723775966696 : DHCPNameServer = 192.168.43.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\98jau3jq.default\
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-4-3 65336]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\Drivers\nvoclk64.sys [2009-9-15 42088]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\Drivers\rtl8192se.sys [2012-6-2 1239144]
    S1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-30 1025808]
    S1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-1-30 377920]
    S2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-1-30 33400]
    S2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-30 80816]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-3 45248]
    S2 PhantomEPP;PhantomEPP;C:\Windows\System32\Drivers\PhantomEPP_amd64.sys [2013-1-22 25944]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-4-3 178624]
    S3 Phantom1394_x64;Phantom1394_x64;C:\Windows\System32\Drivers\Phantom1394_x64.sys [2010-10-22 53080]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-1-17 222208]
    S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
    FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
    FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-05-28 01:44:50--------d-----w-C:\Users\Alex\AppData\Roaming\Malwarebytes
    2013-05-28 01:44:4425928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-05-28 01:44:44--------d-----w-C:\ProgramData\Malwarebytes
    2013-05-28 01:44:44--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-28 01:32:50--------d-----w-C:\TDSSKiller_Quarantine
    2013-05-27 19:12:26--------d-sh--w-C:\found.000
    2013-05-27 19:02:19--------d-sh--w-C:\found.003
    2013-05-27 18:51:17--------d-sh--w-C:\found.002
    2013-05-27 18:25:28--------d-sh--w-C:\found.001
    2013-05-24 03:51:40--------d-----w-C:\cppincludes
    2013-05-23 21:45:06--------d-----w-C:\Program Files (x86)\Geeks3D
    2013-05-16 15:16:59670208----a-w-C:\Windows\SysWow64\SearchIndexer.exe
    2013-05-14 23:19:531455368----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-14 23:18:582851840----a-w-C:\Windows\System32\esent.dll
    2013-05-14 23:18:582382336----a-w-C:\Windows\SysWow64\esent.dll
    2013-05-12 19:55:06--------d-----w-C:\Users\Alex\AppData\Roaming\Litecoin
    2013-05-12 19:54:57--------d-----w-C:\Program Files (x86)\Litecoin
    2013-05-01 14:45:56--------d-----w-C:\Users\Alex\AppData\Roaming\Sibelius Software
    2013-05-01 14:45:50--------d-----w-C:\Program Files (x86)\Sibelius Software
    .
    ==================== Find3M ====================
    .
    2013-05-07 20:07:5078200----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-07 20:07:50693112----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-23 11:01:10971680----a-w-C:\Windows\System32\deployJava1.dll
    2013-04-23 11:00:4495648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-23 11:00:43866720----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-23 11:00:43788896----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-04-13 05:56:35444416----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-04-09 23:16:583958784----a-w-C:\Windows\System32\jscript9.dll
    2013-04-09 22:30:261767424----a-w-C:\Windows\SysWow64\wininet.dll
    2013-04-09 22:29:442877440----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-04-09 05:33:02489576----a-w-C:\Windows\System32\AudioEng.dll
    2013-04-09 05:33:02446792----a-w-C:\Windows\System32\AudioSes.dll
    2013-04-09 05:33:02253544----a-w-C:\Windows\System32\audiodg.exe
    2013-04-09 05:27:43284424----a-w-C:\Windows\System32\drivers\spaceport.sys
    2013-04-09 05:20:0286280----a-w-C:\Windows\System32\kdnet.dll
    2013-04-09 05:20:02306952----a-w-C:\Windows\System32\kd_02_10ec.dll
    2013-04-09 05:18:0577960----a-w-C:\Windows\System32\kdvm.dll
    2013-04-09 04:51:51367616----a-w-C:\Windows\System32\conhost.exe
    2013-04-09 04:50:53414720----a-w-C:\Windows\System32\GenuineCenter.dll
    2013-04-09 04:50:0396256----a-w-C:\Windows\System32\mssprxy.dll
    2013-04-09 04:50:03745984----a-w-C:\Windows\System32\mssvp.dll
    2013-04-09 04:50:032107904----a-w-C:\Windows\System32\mssrch.dll
    2013-04-09 04:50:0265024----a-w-C:\Windows\System32\msscntrs.dll
    2013-04-09 04:50:02435200----a-w-C:\Windows\System32\mssph.dll
    2013-04-09 04:50:0213824----a-w-C:\Windows\System32\msshooks.dll
    2013-04-09 04:49:541444864----a-w-C:\Windows\System32\MSAudDecMFT.dll
    2013-04-09 04:49:45468992----a-w-C:\Windows\System32\MFMediaEngine.dll
    2013-04-09 04:49:45281088----a-w-C:\Windows\System32\mfreadwrite.dll
    2013-04-09 04:49:36817152----a-w-C:\Windows\System32\kerberos.dll
    2013-04-09 04:49:33210432----a-w-C:\Windows\System32\iuilp.dll
    2013-04-09 04:49:1650176----a-w-C:\Windows\System32\fmifs.dll
    2013-04-09 04:49:16231936----a-w-C:\Windows\System32\fhengine.dll
    2013-04-09 04:49:09172544----a-w-C:\Windows\System32\dwmredir.dll
    2013-04-09 04:49:06196096----a-w-C:\Windows\System32\dmvdsitf.dll
    2013-04-09 04:48:432303488----a-w-C:\Windows\System32\authui.dll
    2013-04-09 04:48:42785408----a-w-C:\Windows\System32\audiosrv.dll
    2013-04-09 04:48:42169472----a-w-C:\Windows\System32\AudioEndpointBuilder.dll
    2013-04-09 04:48:34419840----a-w-C:\Windows\System32\intl.cpl
    2013-04-09 02:34:4983968----a-w-C:\Windows\System32\drivers\hidclass.sys
    2013-04-09 02:34:4227648----a-w-C:\Windows\System32\drivers\hidusb.sys
    2013-04-09 02:34:3095744----a-w-C:\Windows\System32\drivers\hidbth.sys
    2013-04-09 02:33:4160416----a-w-C:\Windows\System32\drivers\ndproxy.sys
    2013-04-09 02:33:05623104----a-w-C:\Windows\System32\drivers\srv2.sys
    2013-04-09 02:32:02805376----a-w-C:\Windows\System32\drivers\PEAuth.sys
    2013-04-09 02:31:14247808----a-w-C:\Windows\System32\drivers\srvnet.sys
    2013-04-09 02:31:0183456----a-w-C:\Windows\System32\drivers\wanarp.sys
    2013-04-08 23:44:25123880----a-w-C:\Windows\SysWow64\wscapi.dll
    2013-04-08 23:39:141408896----a-w-C:\Windows\SysWow64\ntdll.dll
    2013-04-08 23:37:29426024----a-w-C:\Windows\SysWow64\AudioEng.dll
    2013-04-08 23:37:29324368----a-w-C:\Windows\SysWow64\AudioSes.dll
    2013-04-08 21:52:16302592----a-w-C:\Windows\SysWow64\SearchProtocolHost.exe
    2013-04-08 21:52:16171008----a-w-C:\Windows\SysWow64\SearchFilterHost.exe
    2013-04-08 21:52:16106496----a-w-C:\Windows\SysWow64\Robocopy.exe
    2013-04-08 21:52:06364544----a-w-C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-04-04 23:30:17503080----a-w-C:\Windows\System32\ci.dll
    2013-04-02 14:09:524550656----a-w-C:\Windows\SysWow64\GPhotos.scr
    2013-03-15 22:05:16252928----a-w-C:\Windows\SysWow64\rsaenh.dll
    2013-03-15 00:17:18861184----a-w-C:\Windows\System32\drivers\http.sys
    2013-03-14 23:05:562272320----a-w-C:\Windows\SysWow64\VsGraphicsHelper.dll
    2013-03-06 22:33:2170992----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2013-03-06 22:33:2165336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
    2013-03-06 22:33:21178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
    2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr
    2013-03-06 07:10:10112872----a-w-C:\Windows\System32\consent.exe
    2013-03-06 06:29:1570144----a-w-C:\Windows\System32\appinfo.dll
    2013-03-02 10:57:48337128----a-w-C:\Windows\System32\drivers\USBXHCI.SYS
    2013-03-02 10:57:4677544----a-w-C:\Windows\System32\drivers\storahci.sys
    2013-03-02 10:57:46332520----a-w-C:\Windows\System32\drivers\storport.sys
    2013-03-02 10:45:20148712----a-w-C:\Windows\System32\drivers\tpm.sys
    2013-03-02 10:45:19194792----a-w-C:\Windows\System32\drivers\sdbus.sys
    2013-03-02 10:45:10125160----a-w-C:\Windows\System32\drivers\dumpsd.sys
    2013-03-02 10:39:39495336----a-w-C:\Windows\System32\drivers\vhdmp.sys
    2013-03-02 10:39:3869864----a-w-C:\Windows\System32\drivers\pdc.sys
    2013-03-02 10:39:32327912----a-w-C:\Windows\System32\drivers\Classpnp.sys
    2013-03-02 09:59:372231528----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-03-02 09:59:36411880----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-03-02 08:24:0834304----a-w-C:\Windows\SysWow64\wuapp.exe
    2013-03-02 08:23:4383968----a-w-C:\Windows\SysWow64\wudriver.dll
    2013-03-02 08:23:43125952----a-w-C:\Windows\SysWow64\wuwebv.dll
    2013-03-02 08:23:30893952----a-w-C:\Windows\SysWow64\winmde.dll
    2013-03-02 08:23:301338880----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
    2013-03-02 08:23:28601088----a-w-C:\Windows\SysWow64\Windows.Globalization.dll
    2013-03-02 08:23:28504320----a-w-C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
    2013-03-02 08:23:19246784----a-w-C:\Windows\SysWow64\ubpm.dll
    2013-03-02 08:23:04356352----a-w-C:\Windows\SysWow64\SettingSync.dll
    2013-03-02 08:23:04100864----a-w-C:\Windows\SysWow64\SettingSyncInfo.dll
    2013-03-02 08:23:00375808----a-w-C:\Windows\SysWow64\ReAgent.dll
    2013-03-02 08:22:36357888----a-w-C:\Windows\SysWow64\netcfgx.dll
    2013-03-02 08:22:325091840----a-w-C:\Windows\SysWow64\mstscax.dll
    2013-03-02 08:22:17850944----a-w-C:\Windows\SysWow64\mfasfsrcsnk.dll
    2013-03-02 08:21:56550912----a-w-C:\Windows\SysWow64\drvstore.dll
    2013-03-02 08:21:5236352----a-w-C:\Windows\SysWow64\DevDispItemProvider.dll
    2013-03-02 08:21:40309760----a-w-C:\Windows\SysWow64\BCP47Langs.dll
    2013-03-02 08:21:32145408----a-w-C:\Windows\SysWow64\powercfg.cpl
    2013-03-02 02:45:26240640----a-w-C:\Windows\System32\fsquirt.exe
    2013-03-02 02:44:385978624----a-w-C:\Windows\System32\mstscax.dll
    2013-03-02 02:44:291151488----a-w-C:\Windows\System32\mcmde.dll
    2013-03-02 02:44:291048576----a-w-C:\Windows\System32\mfasfsrcsnk.dll
    .
    ============= FINISH: 2:50:15.77 ===============
     
  4. Chromana

    Chromana TS Rookie Topic Starter

    Here's the attach.txt file from DDS.
     

    Attached Files:

  5. Chromana

    Chromana TS Rookie Topic Starter

    Ok so I've read different advice elsewhere which says to paste the attach.txt file instead of attaching it so here it is:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro with Media Center
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15/01/2013 14:37:34
    System Uptime: 28/05/2013 02:34:40 (0 hours ago)
    .
    Motherboard: MiTAC | | Notebook PC
    Processor: Intel(R) Core(TM)2 Duo CPU T9500 @ 2.60GHz | Socket 479 | 2600/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 48.125 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Tools for .Net 3.5
    7-Zip 9.20 (x64 edition)
    AC3Filter 2.5b
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 12.0
    Android SDK Tools
    Anker Precision Laser Gaming Mouse version 1.1
    µTorrent
    Audacity 2.0.2
    avast! Free Antivirus
    Bandicam
    Bandisoft MPEG-1 Decoder
    Bass Audio Decoder (remove only)
    Batman: Arkham Asylum GOTY Edition
    BBC iPlayer Desktop
    Belarc Advisor 8.3
    Blend for Visual Studio 2012
    Blend for Visual Studio 2012 ENU resources
    Blend for Visual Studio Add-in for Adobe FXG Import
    Blend for Visual Studio SDK for .NET 4.5
    Blend for Visual Studio SDK for Silverlight 5
    Blender
    CCleaner
    CD Audio Reader Filter (remove only)
    CPUID CPU-Z 1.62.0
    CrystalDiskMark 3.0.2d
    D3DX10
    DCoder Image Source (remove only)
    DirectVobSub (remove only)
    Dotfuscator and Analytics Community Edition
    DScaler 5 Mpeg Decoders
    Entity Framework Designer for Visual Studio 2012 - enu
    ffdshow v1.2.4453 [2012-05-21]
    FFMPEG Core Files (remove only)
    FileZilla Client 3.6.0.2
    Foxit PDF Preview Handler
    Foxit Reader
    Free Alarm Clock 2.7.1
    Gabest MPEG Splitter (remove only)
    Geeks3D.com FurMark 1.10.6
    GIMP 2.8.2
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Update Helper
    GPL Ghostscript
    Haali Media Splitter
    HexChat (x64)
    Java 7 Update 21
    Java 7 Update 21 (64-bit)
    Java Auto Updater
    Java SE Development Kit 7 Update 11 (64-bit)
    JavaScript Tooling
    LAME v3.99.3 (for Windows)
    LAV Filters 0.55.3
    Litecoin
    LocalESPC
    LocalESPCui for en-us
    MadVR (remove only)
    Malwarebytes Anti-Malware version 1.75.0.1300
    MediaMonkey 4.0
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 SDK
    Microsoft Application Error Reporting
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Help Viewer 2.0
    Microsoft NuGet - Visual Studio 2012
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Portable Library Multi-Targeting Pack
    Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    Microsoft Report Viewer Add-On for Visual Studio 2012
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Express LocalDB
    Microsoft SQL Server 2012 Management Objects
    Microsoft SQL Server 2012 Management Objects (x64)
    Microsoft SQL Server 2012 T-SQL Language Service
    Microsoft SQL Server 2012 Transact-SQL ScriptDom
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft System CLR Types for SQL Server 2012
    Microsoft System CLR Types for SQL Server 2012 (x64)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
    Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2012 Compilers
    Microsoft Visual C++ 2012 Compilers - ENU Resources
    Microsoft Visual C++ 2012 Core Libraries
    Microsoft Visual C++ 2012 Extended Libraries
    Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86-x64 Compilers
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Visual Studio 2012 Devenv
    Microsoft Visual Studio 2012 Devenv Resources
    Microsoft Visual Studio 2012 Performance Collection Tools
    Microsoft Visual Studio 2012 Performance Collection Tools - ENU
    Microsoft Visual Studio 2012 Preparation
    Microsoft Visual Studio 2012 Shell (Minimum)
    Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    Microsoft Visual Studio 2012 Shell (Minimum) Resources
    Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    Microsoft Visual Studio Professional 2012
    Microsoft Visual Studio Professional 2012 - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Object Model
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    Microsoft Web Deploy dbSqlPackage Provider - enu
    Morrowind
    Movie Maker
    Mozilla Firefox 20.0.1 (x86 en-US)
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    NetBeans IDE 7.2.1
    Network Addon Mod 31
    Nexus Mod Manager
    Notepad++
    NVIDIA 3D Vision Driver 310.90
    NVIDIA Control Panel 310.90
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA Graphics Driver 310.90
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA MediaShield
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA System Monitor
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    OpenHaptics Academic edition v3.10.5
    OpenSource AVI Splitter (remove only)
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    OpenSource Flash Video Splitter (remove only)
    Paint.NET v3.5.10
    PDFill PDF Editor with FREE Writer and FREE Tools
    PHANToM Device Drivers
    Photo Common
    Photo Gallery
    Picasa 3
    PreEmptive Analytics Visual Studio Components
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Sibelius Scorch (Firefox, Opera, Netscape, Chrome only)
    SimCity 4 Deluxe
    Sky Go Desktop
    Skype™ 6.3
    Spotify
    Steam
    swMSM
    Synaptics Pointing Device Driver
    The Elder Scrolls V: Skyrim
    Traffic Simulator Configuration Tool
    Unity Web Player
    Update for (KB2504637)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio 2012 (KB2781514)
    Visual Studio 2012 Prerequisites
    Visual Studio 2012 Prerequisites - ENU Language Pack
    Visual Studio 2012 Update 2 (KB2707250)
    Visual Studio Extensions for Windows Library for JavaScript
    VLC media player 2.0.6
    WCF Data Services 5.0 (for OData v3) Primary Components
    WCF Data Services Tools for Microsoft Visual Studio 2012
    WCF RIA Services V1.0 SP2
    Windows App Certification Kit Native Components
    Windows App Certification Kit x64
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Runtime Intellisense Content - en-us
    Windows Software Development Kit
    Windows Software Development Kit DirectX x64 Remote
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Windows Store Apps
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    Windows XP Targeting with C++
    WinRAR 4.20 (64-bit)
    Zoom Player (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/05/2013 02:50:08, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000000019. The name of the file is "<unable to determine file name>". The corrupted index attribute is ":$O:$INDEX_ALLOCATION".
    28/05/2013 02:50:08, Error: Ntfs [131] - The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
    28/05/2013 02:50:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    28/05/2013 02:50:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    28/05/2013 02:45:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    28/05/2013 02:45:20, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    28/05/2013 02:36:06, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    28/05/2013 02:34:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    28/05/2013 02:34:41, Error: Microsoft-Windows-Ntfs [98] - Volume C: (\Device\HarddiskVolume2) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
    28/05/2013 02:34:41, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    28/05/2013 02:34:22, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: SanDisk SDSSDX240GG25 Firmware Version: R211 Serial Number: 124888401004 Port: 0
    28/05/2013 02:34:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wcmsvc service.
    28/05/2013 02:24:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa8005ff6940, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-6630-01.
    28/05/2013 02:24:07, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.
    27/05/2013 21:25:56, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa8005fe2600, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-6505-01.
    27/05/2013 21:18:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a00c9d0540, 0xffffffffc0000006, 0x000007ffb7159e22, 0x000000a12637a940). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-9547-01.
    27/05/2013 20:11:50, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    27/05/2013 20:11:50, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a log-on failure.
    27/05/2013 20:09:48, Error: Service Control Manager [7000] - The PhantomEPP service failed to start due to the following error: A device attached to the system is not functioning.
    27/05/2013 20:09:48, Error: PhantomEPP [1] - The driver could no load because there are no available parallel ports.
    27/05/2013 20:07:27, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: One or more arguments are invalid
    27/05/2013 20:07:27, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: One or more arguments are invalid
    27/05/2013 20:07:17, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000b4e9. The name of the file is "\Windows\SysWOW64\winsta.dll".
    27/05/2013 20:07:14, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000b651. The name of the file is "\Windows\WinSxS\amd64_microsoft-windows-srumon_31bf3856ad364e35_6.2.9200.16384_none_4342c767a6549c93\srumsvc.dll".
    27/05/2013 20:07:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a002c59790, 0xffffffffc0000006, 0x000007fc790fec2c, 0x000000919cb5f090). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10717-02.
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Power service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Local Session Manager service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Background Tasks Infrastructure Service service terminated unexpectedly. It has done this 1 time(s).
    27/05/2013 20:03:44, Error: Service Control Manager [7000] - The Spot Verifier service failed to start due to the following error: The system cannot find the path specified.
    27/05/2013 20:02:59, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000b8d5. The name of the file is "<unable to determine file name>".
    27/05/2013 20:02:58, Error: Service Control Manager [7023] - The Windows Error Reporting Service service terminated with the following error: Windows Error Reporting Service is not a valid Win32 application.
    27/05/2013 20:02:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a0027a3790, 0xffffffffc0000006, 0x000007fc85fcec2c, 0x000000238947ef40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10717-01.
    27/05/2013 19:41:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa80040cf080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-8252-01.
    27/05/2013 19:41:13, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume \\?\Volume{56d4ddb1-5f20-11e2-be65-806e6f6e6963}. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.
    27/05/2013 19:41:13, Error: Microsoft-Windows-Ntfs [98] - Volume \\?\Volume{56d4ddb1-5f20-11e2-be65-806e6f6e6963} (\Device\HarddiskVolume1) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
    27/05/2013 19:39:35, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xed000000017ca2. The name of the file is "<unable to determine file name>".
    27/05/2013 19:38:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa80064f5080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10623-01.
    27/05/2013 19:26:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a000b4b4b0, 0xffffffffc0000006, 0x000007fdd623ec2c, 0x000000040688f170). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10654-01.
    27/05/2013 19:15:36, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000001755. The name of the file is "\Windows\SysWOW64\en-US". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
    27/05/2013 19:15:29, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "<unable to determine file name>". The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".
    27/05/2013 19:15:29, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000001755. The name of the file is "\Windows\SysWOW64\en-US". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION". The corrupted index block is located at Vcn 0x6, Lcn 0xffffffffffffffff. The corruption begins at offset 3208 within the index block.
    27/05/2013 19:15:29, Error: LsaSrv [5000] - The security package Kerberos generated an exception. The exception information is the data.
    27/05/2013 19:15:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    27/05/2013 19:15:28, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    27/05/2013 19:15:15, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x100000000174d. The name of the file is "\Windows\SysWOW64\en-GB". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION". The corrupted index block is located at Vcn 0x6, Lcn 0xffffffffffffffff. The corruption begins at offset 2512 within the index block.
    27/05/2013 19:15:12, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x100000000174d. The name of the file is "\Windows\SysWOW64\en-GB". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
    27/05/2013 19:15:06, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
    27/05/2013 19:12:53, Error: volmgr [46] - Crash dump initialization failed!
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  7. Chromana

    Chromana TS Rookie Topic Starter

    I'm getting 404'd on the RougeKiller download links. Do you have another link?
    Link finally worked.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  9. Chromana

    Chromana TS Rookie Topic Starter

    Roguekiller report #1:

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Safe mode with network support
    User : Alex [Admin rights]
    Mode : Scan -- Date : 05/28/2013 03:43:01
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SanDisk SDSSDX240GG2 SCSI Disk Device +++++
    --- User ---
    [MBR] 65761251099df4a307247a4ccc1cb418
    [BSP] e93f77bb38b945d9ba7d58c3981be815 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 228584 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_05282013_02d0343.txt >>
    RKreport[1]_S_05282013_02d0343.txt
     
  10. Chromana

    Chromana TS Rookie Topic Starter

    RogueKiller report 2:

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Safe mode with network support
    User : Alex [Admin rights]
    Mode : Remove -- Date : 05/28/2013 03:44:06
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SanDisk SDSSDX240GG2 SCSI Disk Device +++++
    --- User ---
    [MBR] 65761251099df4a307247a4ccc1cb418
    [BSP] e93f77bb38b945d9ba7d58c3981be815 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 228584 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_05282013_02d0344.txt >>
    RKreport[1]_S_05282013_02d0343.txt ; RKreport[2]_D_05282013_02d0344.txt
     
  11. Chromana

    Chromana TS Rookie Topic Starter

    Malwarebytes Anti-Rootkit says nothing was found... I think it would be a good idea to restart and then scan with Avast again to see what it says but I'll wait for orders from you :)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
     
  13. Chromana

    Chromana TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
    Ran by Alex (administrator) on 28-05-2013 04:08:16
    Running from C:\Users\Alex\Downloads
    Windows 8 Pro with Media Center (X64) OS Language: English(UK)
    Internet Explorer Version 9
    Boot Mode: Safe Mode (with Networking)
    ==================== Processes (Whitelisted) =================

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\Alex\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Alex\Downloads\FRST64.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8114720 2009-09-17] (Realtek Semiconductor)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
    HKCU\...\Run: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-15] (Google Inc.)
    HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
    HKCU\...\Run: [Spotify Web Helper] "C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-03] (Spotify Ltd)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
    MountPoints2: {56d4ddb6-5f20-11e2-be65-806e6f6e6963} - "Z:\WSETUP\SETUP.exe"
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
    HKLM-x32\...\Run: [EsternTimesMouseExRun] "C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" -runauto [3349504 2013-03-11] ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    PDF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\98jau3jq.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.co.uk/
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Pokki Download Helper) - C:\Users\Alex\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0
    CHR Extension: (Entanglement) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
    CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (Sexy Undo Close Tab) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.9_0
    CHR Extension: (ChromeLite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjekedpipaedojkbialnhabcecmfpofh\1.1_0
    CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Link Icon) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnjfiolbpeihgijepincpfjhigekegab\2.4_0
    CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Search by Image (by Google)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
    CHR Extension: (Session Buddy) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0
    CHR Extension: (Photo Zoom for Facebook) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
    CHR Extension: (Chain Reaction) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0
    CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
    CHR Extension: (uSelect iDownload) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\1.9_0
    CHR Extension: (World Time Buddy) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj\10_0
    CHR Extension: (Downloads) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0
    CHR Extension: (Gmail Blue) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\keiffooocjpcgkpojchelkgnjmmjlbgc\0.4_0
    CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.3_0
    CHR Extension: (FVD Video Downloader) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.1.4_0
    CHR Extension: (Phone 2 Google Chrome\u2122) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.1_0
    CHR Extension: (Google Dictionary (by Google)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.17_0
    CHR Extension: (Chrome to Phone) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0
    CHR Extension: (Better History) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.38_0
    CHR Extension: (Robot Theme, inspired by Android\u2122) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj\0.2.2_0
    CHR Extension: (Google Quick Scroll) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0
    CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
    S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] (AVAST Software)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()
    S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] (AVAST Software)
    S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] (AVAST Software)
    S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)
    S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()
    R3 nvoclk64; C:\Windows\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
    S3 Phantom1394_x64; C:\Windows\System32\Drivers\Phantom1394_x64.sys [53080 2010-10-22] ()
    S2 PhantomEPP; C:\Windows\System32\Drivers\PhantomEPP_amd64.sys [25944 2010-10-22] (SensAble Technologies, Inc.)
    S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
    S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    U4 mbamswissarmy;
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-28 04:08 - 2013-05-28 04:08 - 00000000 ____D C:\FRST
    2013-05-28 04:07 - 2013-05-28 04:08 - 01915616 ____A (Farbar) C:\Users\Alex\Downloads\FRST64.exe
    2013-05-28 03:46 - 2013-05-28 03:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-05-28 03:44 - 2013-05-28 03:44 - 00001438 ____A C:\Users\Alex\Desktop\RKreport[2]_D_05282013_02d0344.txt
    2013-05-28 03:43 - 2013-05-28 03:43 - 00001385 ____A C:\Users\Alex\Desktop\RKreport[1]_S_05282013_02d0343.txt
    2013-05-28 03:40 - 2013-05-28 03:43 - 00000000 ____D C:\Users\Alex\Desktop\RK_Quarantine
    2013-05-28 03:38 - 2013-05-28 03:40 - 00791040 ____A C:\Users\Alex\Downloads\RogueKillerX64.exe
    2013-05-28 03:35 - 2013-05-28 03:35 - 13169742 ____A C:\Users\Alex\Downloads\mbar-1.06.0.1003.zip
    2013-05-28 03:35 - 2013-05-28 03:35 - 00000000 ____D C:\Users\Alex\Downloads\mbar-1.06.0.1003
    2013-05-28 03:16 - 2013-05-28 03:16 - 00024658 ____A C:\Users\Alex\Downloads\attach.txt
    2013-05-28 02:50 - 2013-05-28 02:50 - 00024658 ____A C:\Users\Alex\Desktop\attach.txt
    2013-05-28 02:50 - 2013-05-28 02:50 - 00018119 ____A C:\Users\Alex\Desktop\dds.txt
    2013-05-28 02:48 - 2013-05-28 02:49 - 00688992 ____R (Swearware) C:\Users\Alex\Downloads\dds.com
    2013-05-28 02:44 - 2013-05-28 02:44 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
    2013-05-28 02:44 - 2013-05-28 02:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
    2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-28 02:44 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-28 02:32 - 2013-05-28 02:32 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller.zip
    2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller (1).zip
    2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller (1)
    2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller
    2013-05-28 02:30 - 2013-05-28 02:30 - 02239840 ____A (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
    2013-05-28 02:24 - 2013-05-28 02:24 - 00279152 ____A C:\Windows\Minidump\052813-6630-01.dmp
    2013-05-27 21:28 - 2013-05-27 21:31 - 106354688 ____A C:\Users\Alex\Downloads\avg_arl_cdi_all_120_130515a6325.iso
    2013-05-27 21:25 - 2013-05-27 21:25 - 00279152 ____A C:\Windows\Minidump\052713-6505-01.dmp
    2013-05-27 21:18 - 2013-05-27 21:18 - 00279152 ____A C:\Windows\Minidump\052713-9547-01.dmp
    2013-05-27 20:12 - 2013-05-27 20:12 - 00000000 __SHD C:\found.000
    2013-05-27 20:07 - 2013-05-27 20:07 - 00295256 ____A C:\Windows\Minidump\052713-10717-02.dmp
    2013-05-27 20:07 - 2013-05-27 20:07 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-05-27 20:07 - 2013-03-06 23:33 - 00084376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon2.sys
    2013-05-27 20:07 - 2013-03-06 23:33 - 00027744 ____A (AVAST Software) C:\Windows\System32\Drivers\aavmker4.sys
    2013-05-27 20:02 - 2013-05-27 20:02 - 00295256 ____A C:\Windows\Minidump\052713-10717-01.dmp
    2013-05-27 20:02 - 2013-05-27 20:02 - 00000000 __SHD C:\found.003
    2013-05-27 19:51 - 2013-05-27 19:51 - 00000000 __SHD C:\found.002
    2013-05-27 19:41 - 2013-05-27 19:41 - 00295312 ____A C:\Windows\Minidump\052713-8252-01.dmp
    2013-05-27 19:38 - 2013-05-27 19:38 - 00295256 ____A C:\Windows\Minidump\052713-10623-01.dmp
    2013-05-27 19:25 - 2013-05-27 19:26 - 00295312 ____A C:\Windows\Minidump\052713-10654-01.dmp
    2013-05-27 19:25 - 2013-05-27 19:25 - 00015040 ____N C:\bootsqm.dat
    2013-05-27 19:25 - 2013-05-27 19:25 - 00000000 __SHD C:\found.001
    2013-05-27 15:18 - 2013-05-27 15:18 - 00295200 ____A C:\Windows\Minidump\052713-8736-01.dmp
    2013-05-26 03:33 - 2013-05-26 03:33 - 00000000 ____D C:\Users\Alex\Downloads\Old *** ****
    2013-05-26 03:31 - 2013-05-26 03:32 - 21538188 ____A C:\Users\Alex\Downloads\Old *** ****.zip
    2013-05-25 23:13 - 2013-05-25 23:13 - 04346816 ____A (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup401.exe
    2013-05-24 20:50 - 2013-05-24 20:50 - 00000000 ____D C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1
    2013-05-24 20:49 - 2013-05-24 20:49 - 05498854 ____A C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1.zip
    2013-05-24 20:48 - 2013-05-24 20:48 - 00000000 ____D C:\Users\Alex\Downloads\tutorials
    2013-05-24 20:47 - 2013-05-24 20:48 - 00157173 ____A C:\Users\Alex\Downloads\tutorials.zip
    2013-05-24 20:41 - 2013-05-24 20:41 - 00000000 ____D C:\Users\Alex\Downloads\MYGUI_3.2.0_win32
    2013-05-24 20:33 - 2013-05-24 20:34 - 14383788 ____A C:\Users\Alex\Downloads\MyGUI_3.2.0.zip
    2013-05-24 20:32 - 2013-05-24 20:34 - 11958671 ____A C:\Users\Alex\Downloads\MYGUI_3.2.0_win32.zip
    2013-05-24 20:24 - 2013-05-24 20:24 - 02097004 ____A C:\Users\Alex\Downloads\GG-0.7.0.zip
    2013-05-24 20:24 - 2013-05-24 20:24 - 00000000 ____D C:\Users\Alex\Downloads\GG-0.7.0
    2013-05-24 13:36 - 2013-05-24 13:36 - 01307915 ____A C:\Users\Alex\Downloads\tutors-win32.zip
    2013-05-24 13:36 - 2013-05-24 13:36 - 00000000 ____D C:\Users\Alex\Downloads\tutors-win32
    2013-05-24 06:09 - 2013-05-24 06:09 - 01194855 ____A C:\Users\Alex\Downloads\glfw-2.7.8.zip
    2013-05-24 06:09 - 2013-05-24 06:09 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8
    2013-05-24 04:51 - 2013-05-24 04:51 - 00000000 ____D C:\cppincludes
    2013-05-24 04:45 - 2013-05-24 04:45 - 00714412 ____A C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64.zip
    2013-05-24 04:45 - 2013-05-24 04:45 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64
    2013-05-24 04:31 - 2013-05-24 04:31 - 00272757 ____A C:\Users\Alex\Desktop\ai (5).zip
    2013-05-24 04:25 - 2013-05-24 04:25 - 00175297 ____A C:\Users\Alex\Desktop\ai (4).zip
    2013-05-24 04:05 - 2013-05-24 04:05 - 00175404 ____A C:\Users\Alex\Desktop\ai (3).zip
    2013-05-24 03:53 - 2013-05-24 03:53 - 00082896 ____A C:\Users\Alex\Desktop\ai (2).zip
    2013-05-24 03:51 - 2013-05-24 03:51 - 00818780 ____A C:\Users\Alex\Desktop\ai.zip
    2013-05-24 03:50 - 2013-05-24 04:31 - 00000000 ____D C:\Users\Alex\Desktop\ai
    2013-05-23 22:45 - 2013-05-23 22:45 - 00000000 ____D C:\Program Files (x86)\Geeks3D
    2013-05-23 22:33 - 2013-05-23 22:33 - 00000000 ____D C:\Users\Alex\Downloads\glut37
    2013-05-23 22:31 - 2013-05-23 22:31 - 03769123 ____A C:\Users\Alex\Downloads\glut37.zip
    2013-05-21 14:17 - 2013-05-21 14:17 - 00148256 ____A C:\Users\Alex\Downloads\Revision.pptx
    2013-05-21 00:38 - 2013-05-21 00:38 - 00003584 ____A C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-19 20:11 - 2013-05-22 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ACS
    2013-05-19 18:11 - 2013-05-19 18:11 - 00188477 ____A C:\Users\Alex\Downloads\Colorpicker.exe
    2013-05-18 15:53 - 2013-05-18 15:53 - 00460832 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-18 13:12 - 2013-05-18 13:12 - 00000000 ____D C:\Users\Alex\Downloads\Skyrim topographic map-36159-1-0
    2013-05-16 16:17 - 2013-04-09 06:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2013-05-16 16:17 - 2013-04-09 06:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2013-05-16 16:17 - 2013-04-09 06:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
    2013-05-16 16:17 - 2013-04-09 05:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-05-16 16:17 - 2013-04-09 05:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
    2013-05-16 16:17 - 2013-04-09 05:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
    2013-05-16 16:17 - 2013-04-09 05:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
    2013-05-16 16:17 - 2013-04-09 05:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-05-16 16:17 - 2013-04-09 05:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
    2013-05-16 16:17 - 2013-04-09 05:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2013-05-16 16:17 - 2013-04-09 03:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
    2013-05-16 16:17 - 2013-04-09 00:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-05-16 16:17 - 2013-04-08 22:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-05-16 16:17 - 2013-04-08 22:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2013-05-16 16:17 - 2013-04-08 22:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2013-05-16 16:17 - 2013-04-08 22:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2013-05-16 16:17 - 2013-04-08 22:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2013-05-16 16:17 - 2013-04-08 22:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2013-05-16 16:17 - 2013-04-08 22:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
    2013-05-16 16:17 - 2013-04-08 22:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2013-05-16 16:17 - 2013-04-08 22:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-05-16 16:16 - 2013-04-09 06:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2013-05-16 16:16 - 2013-04-09 06:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
    2013-05-16 16:16 - 2013-04-09 06:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
    2013-05-16 16:16 - 2013-04-09 06:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
    2013-05-16 16:16 - 2013-04-09 05:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
    2013-05-16 16:16 - 2013-04-09 05:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
    2013-05-16 16:16 - 2013-04-09 05:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
    2013-05-16 16:16 - 2013-04-09 05:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
    2013-05-16 16:16 - 2013-04-09 05:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
    2013-05-16 16:16 - 2013-04-09 05:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
    2013-05-16 16:16 - 2013-04-09 05:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2013-05-16 16:16 - 2013-04-09 05:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
    2013-05-16 16:16 - 2013-04-09 05:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
    2013-05-16 16:16 - 2013-04-09 05:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
    2013-05-16 16:16 - 2013-04-09 05:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
    2013-05-16 16:16 - 2013-04-09 05:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-16 16:16 - 2013-04-09 05:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
    2013-05-16 16:16 - 2013-04-09 05:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
    2013-05-16 16:16 - 2013-04-09 03:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
    2013-05-16 16:16 - 2013-04-09 03:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
    2013-05-16 16:16 - 2013-04-09 03:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
    2013-05-16 16:16 - 2013-04-09 03:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-05-16 16:16 - 2013-04-09 03:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
    2013-05-16 16:16 - 2013-04-09 03:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-05-16 16:16 - 2013-04-09 03:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
    2013-05-16 16:16 - 2013-04-09 00:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2013-05-16 16:16 - 2013-04-09 00:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2013-05-16 16:16 - 2013-04-09 00:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2013-05-16 16:16 - 2013-04-08 22:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2013-05-16 16:16 - 2013-04-08 22:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-05-16 16:16 - 2013-04-08 22:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2013-05-16 16:16 - 2013-04-08 22:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
    2013-05-16 16:16 - 2013-04-08 22:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
    2013-05-16 16:16 - 2013-04-08 22:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2013-05-16 16:16 - 2013-04-08 22:51 - 00000000 ____A C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2013-05-16 16:16 - 2013-04-05 00:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
    2013-05-16 16:16 - 2013-04-02 23:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
    2013-05-16 16:16 - 2013-03-15 23:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
    2013-05-16 16:16 - 2012-12-13 04:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-05-15 00:19 - 2013-04-16 03:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-15 00:19 - 2013-04-10 00:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-15 00:19 - 2013-04-10 00:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-15 00:19 - 2013-04-10 00:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-05-15 00:19 - 2013-04-10 00:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-15 00:19 - 2013-04-10 00:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-15 00:19 - 2013-04-10 00:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-15 00:19 - 2013-04-10 00:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-15 00:19 - 2013-04-09 23:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-15 00:19 - 2013-04-09 23:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-15 00:19 - 2013-04-09 23:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-15 00:19 - 2013-04-09 23:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-15 00:19 - 2013-04-09 23:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-15 00:19 - 2013-04-09 23:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-15 00:19 - 2013-04-09 23:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-15 00:19 - 2013-04-09 23:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-15 00:19 - 2013-03-15 01:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
    2013-05-15 00:19 - 2013-03-06 08:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-15 00:19 - 2013-03-06 07:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-15 00:19 - 2013-03-06 06:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-15 00:19 - 2013-03-06 06:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-15 00:18 - 2013-03-22 04:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2013-05-15 00:18 - 2013-03-21 23:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
    2013-05-14 04:48 - 2013-05-14 04:48 - 00042677 ____A C:\Users\Alex\Desktop\mapeditbackup.txt
    2013-05-14 04:12 - 2013-05-14 04:12 - 00232945 ____A C:\Users\Alex\Downloads\ois-v1-3.zip
    2013-05-14 04:12 - 2013-05-14 04:12 - 00000000 ____D C:\Users\Alex\Downloads\ois-v1-3
    2013-05-13 22:25 - 2013-01-31 05:51 - 00000000 ____D C:\Users\Alex\Downloads\boost_1_53_0
    2013-05-13 22:22 - 2013-05-13 22:24 - 51680425 ____A C:\Users\Alex\Downloads\boost_1_53_0.7z
    2013-05-13 22:20 - 2013-05-13 22:21 - 20999180 ____A C:\Users\Alex\Downloads\boost_1_53_0.zip
    2013-05-13 22:20 - 2013-05-13 22:20 - 00195104 ____A C:\Users\Alex\Downloads\boost_1_51_setup.exe
    2013-05-12 20:55 - 2013-05-12 21:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Litecoin
    2013-05-04 04:05 - 2013-05-04 04:05 - 00015752 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
    2013-05-01 15:45 - 2013-05-01 15:45 - 00609190 ____A C:\Users\Alex\AppData\Roaming\Scorch_Install.log
    2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Sibelius Software
    2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\Sibelius Software
    2013-04-28 01:59 - 2013-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-28 01:59 - 2013-04-28 01:59 - 00000000 ____D C:\Users\Alex\AppData\Local\Mozilla

    ==================== One Month Modified Files and Folders =======

    2013-05-28 04:08 - 2013-05-28 04:08 - 00000000 ____D C:\FRST
    2013-05-28 04:08 - 2013-05-28 04:07 - 01915616 ____A (Farbar) C:\Users\Alex\Downloads\FRST64.exe
    2013-05-28 04:01 - 2013-05-28 03:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-05-28 03:44 - 2013-05-28 03:44 - 00001438 ____A C:\Users\Alex\Desktop\RKreport[2]_D_05282013_02d0344.txt
    2013-05-28 03:43 - 2013-05-28 03:43 - 00001385 ____A C:\Users\Alex\Desktop\RKreport[1]_S_05282013_02d0343.txt
    2013-05-28 03:43 - 2013-05-28 03:40 - 00000000 ____D C:\Users\Alex\Desktop\RK_Quarantine
    2013-05-28 03:40 - 2013-05-28 03:38 - 00791040 ____A C:\Users\Alex\Downloads\RogueKillerX64.exe
    2013-05-28 03:35 - 2013-05-28 03:35 - 13169742 ____A C:\Users\Alex\Downloads\mbar-1.06.0.1003.zip
    2013-05-28 03:35 - 2013-05-28 03:35 - 00000000 ____D C:\Users\Alex\Downloads\mbar-1.06.0.1003
    2013-05-28 03:27 - 2013-04-19 11:00 - 00000000 ____D C:\Program Files\HexChat
    2013-05-28 03:16 - 2013-05-28 03:16 - 00024658 ____A C:\Users\Alex\Downloads\attach.txt
    2013-05-28 02:50 - 2013-05-28 02:50 - 00024658 ____A C:\Users\Alex\Desktop\attach.txt
    2013-05-28 02:50 - 2013-05-28 02:50 - 00018119 ____A C:\Users\Alex\Desktop\dds.txt
    2013-05-28 02:49 - 2013-05-28 02:48 - 00688992 ____R (Swearware) C:\Users\Alex\Downloads\dds.com
    2013-05-28 02:44 - 2013-05-28 02:44 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
    2013-05-28 02:44 - 2013-05-28 02:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
    2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-28 02:39 - 2013-05-28 02:32 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller.zip
    2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller (1).zip
    2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller (1)
    2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller
    2013-05-28 02:30 - 2013-05-28 02:30 - 02239840 ____A (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
    2013-05-28 02:24 - 2013-05-28 02:24 - 00279152 ____A C:\Windows\Minidump\052813-6630-01.dmp
    2013-05-28 02:24 - 2013-02-03 19:53 - 311139252 ____A C:\Windows\MEMORY.DMP
    2013-05-28 02:24 - 2013-01-17 14:38 - 00000000 ____D C:\Windows\Minidump
    2013-05-27 21:31 - 2013-05-27 21:28 - 106354688 ____A C:\Users\Alex\Downloads\avg_arl_cdi_all_120_130515a6325.iso
    2013-05-27 21:25 - 2013-05-27 21:25 - 00279152 ____A C:\Windows\Minidump\052713-6505-01.dmp
    2013-05-27 21:18 - 2013-05-27 21:18 - 00279152 ____A C:\Windows\Minidump\052713-9547-01.dmp
    2013-05-27 20:12 - 2013-05-27 20:12 - 00000000 __SHD C:\found.000
    2013-05-27 20:12 - 2013-01-15 17:22 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-27 20:09 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-27 20:07 - 2013-05-27 20:07 - 00295256 ____A C:\Windows\Minidump\052713-10717-02.dmp
    2013-05-27 20:07 - 2013-05-27 20:07 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-05-27 20:02 - 2013-05-27 20:02 - 00295256 ____A C:\Windows\Minidump\052713-10717-01.dmp
    2013-05-27 20:02 - 2013-05-27 20:02 - 00000000 __SHD C:\found.003
    2013-05-27 19:51 - 2013-05-27 19:51 - 00000000 __SHD C:\found.002
    2013-05-27 19:41 - 2013-05-27 19:41 - 00295312 ____A C:\Windows\Minidump\052713-8252-01.dmp
    2013-05-27 19:38 - 2013-05-27 19:38 - 00295256 ____A C:\Windows\Minidump\052713-10623-01.dmp
    2013-05-27 19:26 - 2013-05-27 19:25 - 00295312 ____A C:\Windows\Minidump\052713-10654-01.dmp
    2013-05-27 19:25 - 2013-05-27 19:25 - 00015040 ____N C:\bootsqm.dat
    2013-05-27 19:25 - 2013-05-27 19:25 - 00000000 __SHD C:\found.001
    2013-05-27 19:15 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\BBI
    2013-05-27 15:18 - 2013-05-27 15:18 - 00295200 ____A C:\Windows\Minidump\052713-8736-01.dmp
    2013-05-27 15:02 - 2013-01-15 17:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Spotify
    2013-05-27 14:44 - 2013-01-15 15:37 - 01973107 ____A C:\Windows\WindowsUpdate.log
    2013-05-27 14:37 - 2013-01-15 17:22 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-27 14:33 - 2013-01-15 17:55 - 00000000 ____D C:\Users\Alex\AppData\Local\Spotify
    2013-05-27 05:30 - 2013-02-06 20:15 - 00000930 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806110622-1921348492-2089721076-1001UA.job
    2013-05-27 01:30 - 2013-02-06 20:15 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806110622-1921348492-2089721076-1001Core.job
    2013-05-26 03:33 - 2013-05-26 03:33 - 00000000 ____D C:\Users\Alex\Downloads\Old *** ****
    2013-05-26 03:32 - 2013-05-26 03:31 - 21538188 ____A C:\Users\Alex\Downloads\Old *** ****.zip
    2013-05-25 23:20 - 2013-01-19 04:13 - 00000000 ____D C:\Users\Alex\Backups
    2013-05-25 23:16 - 2013-01-19 03:12 - 00000000 ____D C:\Program Files\CCleaner
    2013-05-25 23:13 - 2013-05-25 23:13 - 04346816 ____A (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup401.exe
    2013-05-25 13:00 - 2013-01-16 22:08 - 01273344 __ASH C:\Users\Alex\Desktop\Thumbs.db
    2013-05-24 20:50 - 2013-05-24 20:50 - 00000000 ____D C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1
    2013-05-24 20:49 - 2013-05-24 20:49 - 05498854 ____A C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1.zip
    2013-05-24 20:48 - 2013-05-24 20:48 - 00000000 ____D C:\Users\Alex\Downloads\tutorials
    2013-05-24 20:48 - 2013-05-24 20:47 - 00157173 ____A C:\Users\Alex\Downloads\tutorials.zip
    2013-05-24 20:41 - 2013-05-24 20:41 - 00000000 ____D C:\Users\Alex\Downloads\MYGUI_3.2.0_win32
    2013-05-24 20:34 - 2013-05-24 20:33 - 14383788 ____A C:\Users\Alex\Downloads\MyGUI_3.2.0.zip
    2013-05-24 20:34 - 2013-05-24 20:32 - 11958671 ____A C:\Users\Alex\Downloads\MYGUI_3.2.0_win32.zip
    2013-05-24 20:24 - 2013-05-24 20:24 - 02097004 ____A C:\Users\Alex\Downloads\GG-0.7.0.zip
    2013-05-24 20:24 - 2013-05-24 20:24 - 00000000 ____D C:\Users\Alex\Downloads\GG-0.7.0
    2013-05-24 19:21 - 2013-01-16 00:03 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-05-24 13:36 - 2013-05-24 13:36 - 01307915 ____A C:\Users\Alex\Downloads\tutors-win32.zip
    2013-05-24 13:36 - 2013-05-24 13:36 - 00000000 ____D C:\Users\Alex\Downloads\tutors-win32
    2013-05-24 08:48 - 2013-02-13 18:07 - 00000000 ____D C:\ws
    2013-05-24 06:09 - 2013-05-24 06:09 - 01194855 ____A C:\Users\Alex\Downloads\glfw-2.7.8.zip
    2013-05-24 06:09 - 2013-05-24 06:09 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8
    2013-05-24 04:52 - 2013-02-15 22:11 - 00441856 __ASH C:\Users\Alex\Downloads\Thumbs.db
    2013-05-24 04:51 - 2013-05-24 04:51 - 00000000 ____D C:\cppincludes
    2013-05-24 04:45 - 2013-05-24 04:45 - 00714412 ____A C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64.zip
    2013-05-24 04:45 - 2013-05-24 04:45 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64
    2013-05-24 04:31 - 2013-05-24 04:31 - 00272757 ____A C:\Users\Alex\Desktop\ai (5).zip
    2013-05-24 04:31 - 2013-05-24 03:50 - 00000000 ____D C:\Users\Alex\Desktop\ai
    2013-05-24 04:25 - 2013-05-24 04:25 - 00175297 ____A C:\Users\Alex\Desktop\ai (4).zip
    2013-05-24 04:05 - 2013-05-24 04:05 - 00175404 ____A C:\Users\Alex\Desktop\ai (3).zip
    2013-05-24 03:53 - 2013-05-24 03:53 - 00082896 ____A C:\Users\Alex\Desktop\ai (2).zip
    2013-05-24 03:51 - 2013-05-24 03:51 - 00818780 ____A C:\Users\Alex\Desktop\ai.zip
    2013-05-23 22:45 - 2013-05-23 22:45 - 00000000 ____D C:\Program Files (x86)\Geeks3D
    2013-05-23 22:33 - 2013-05-23 22:33 - 00000000 ____D C:\Users\Alex\Downloads\glut37
    2013-05-23 22:31 - 2013-05-23 22:31 - 03769123 ____A C:\Users\Alex\Downloads\glut37.zip
    2013-05-23 19:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2013-05-22 22:00 - 2013-01-16 00:17 - 00000000 ____D C:\Users\Alex\Documents\Eclipse
    2013-05-22 21:57 - 2013-01-16 00:17 - 00000000 ____D C:\Users\Alex\AppData\Local\Eclipse
    2013-05-22 21:56 - 2013-01-16 00:05 - 00000000 ____D C:\Program Files\eclipse
    2013-05-22 21:36 - 2013-02-13 17:28 - 00000000 ___SD C:\Users\Alex\Google Drive
    2013-05-22 21:35 - 2013-05-19 20:11 - 00000000 ____D C:\Users\Alex\Desktop\ACS
    2013-05-22 21:35 - 2013-04-08 16:25 - 00000000 ____D C:\Users\Alex\Downloads\Torrents
    2013-05-22 19:09 - 2013-01-16 03:02 - 00000000 ____D C:\Users\Alex\Documents\# Uni
    2013-05-21 14:17 - 2013-05-21 14:17 - 00148256 ____A C:\Users\Alex\Downloads\Revision.pptx
    2013-05-21 00:38 - 2013-05-21 00:38 - 00003584 ____A C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-20 21:05 - 2013-04-07 18:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
    2013-05-20 16:25 - 2013-03-25 00:33 - 00000000 ____D C:\Users\Alex\AppData\Local\Skyrim
    2013-05-20 14:11 - 2013-04-08 16:23 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
    2013-05-19 18:11 - 2013-05-19 18:11 - 00188477 ____A C:\Users\Alex\Downloads\Colorpicker.exe
    2013-05-19 18:01 - 2013-01-15 18:16 - 00000000 ____D C:\Users\Alex\Documents\Visual Studio 2012
    2013-05-18 15:53 - 2013-05-18 15:53 - 00460832 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-18 15:09 - 2013-03-28 19:39 - 00000000 ____D C:\Program Files\Nexus Mod Manager
    2013-05-18 14:25 - 2013-01-16 01:34 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MediaMonkey
    2013-05-18 13:12 - 2013-05-18 13:12 - 00000000 ____D C:\Users\Alex\Downloads\Skyrim topographic map-36159-1-0
    2013-05-16 17:38 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
    2013-05-16 17:02 - 2013-01-15 15:37 - 00000000 ____D C:\users\Alex
    2013-05-16 17:02 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
    2013-05-16 17:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
    2013-05-16 17:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\en-GB
    2013-05-15 00:28 - 2013-01-15 17:52 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-05-15 00:25 - 2013-01-15 15:51 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-14 04:48 - 2013-05-14 04:48 - 00042677 ____A C:\Users\Alex\Desktop\mapeditbackup.txt
    2013-05-14 04:12 - 2013-05-14 04:12 - 00232945 ____A C:\Users\Alex\Downloads\ois-v1-3.zip
    2013-05-14 04:12 - 2013-05-14 04:12 - 00000000 ____D C:\Users\Alex\Downloads\ois-v1-3
    2013-05-13 22:24 - 2013-05-13 22:22 - 51680425 ____A C:\Users\Alex\Downloads\boost_1_53_0.7z
    2013-05-13 22:21 - 2013-05-13 22:20 - 20999180 ____A C:\Users\Alex\Downloads\boost_1_53_0.zip
    2013-05-13 22:20 - 2013-05-13 22:20 - 00195104 ____A C:\Users\Alex\Downloads\boost_1_51_setup.exe
    2013-05-12 21:04 - 2013-05-12 20:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Litecoin
    2013-05-12 16:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\NDF
    2013-05-10 22:41 - 2013-02-01 02:06 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
    2013-05-10 21:06 - 2013-02-01 02:06 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-05-10 21:06 - 2013-02-01 02:06 - 00000000 ____D C:\ProgramData\Skype
    2013-05-10 11:30 - 2013-04-23 11:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Mozilla
    2013-05-09 15:14 - 2013-04-05 21:33 - 00000000 ____D C:\Users\Alex\Downloads\PDF Version - A4-17893
    2013-05-09 15:14 - 2013-01-22 02:41 - 00027648 __ASH C:\Users\Alex\Documents\Thumbs.db
    2013-05-09 15:13 - 2013-01-16 03:07 - 00000000 ____D C:\Users\Alex\Programming
    2013-05-07 21:07 - 2012-07-26 09:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-07 21:07 - 2012-07-26 09:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-04 04:05 - 2013-05-04 04:05 - 00015752 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
    2013-05-04 04:05 - 2013-01-21 15:00 - 00000000 ____D C:\Users\Alex\.gimp-2.8
    2013-05-01 23:14 - 2013-01-16 03:06 - 00000000 ____D C:\Users\Alex\Documents\Cards, Letters
    2013-05-01 22:15 - 2013-01-22 04:35 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
    2013-05-01 18:00 - 2013-01-16 16:26 - 00127944 ____A C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-05-01 15:45 - 2013-05-01 15:45 - 00609190 ____A C:\Users\Alex\AppData\Roaming\Scorch_Install.log
    2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Sibelius Software
    2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\Sibelius Software
    2013-05-01 15:45 - 2013-04-28 01:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-30 01:20 - 2013-01-16 02:55 - 00000000 ____D C:\Users\Alex\AppData\Local\Paint.NET
    2013-04-29 19:23 - 2013-01-15 15:37 - 00000000 ____D C:\Users\Alex\AppData\Local\Packages
    2013-04-28 01:59 - 2013-04-28 01:59 - 00000000 ____D C:\Users\Alex\AppData\Local\Mozilla

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2013-05-23 17:23

    ==================== End Of Log ============================
     
  14. Chromana

    Chromana TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013
    Ran by Alex at 2013-05-28 04:08:59 Run:
    Running from C:\Users\Alex\Downloads
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Installed Programs =======================

    Tools for .Net 3.5 (Version: 3.11.50727)
    µTorrent (Version: 3.3.0.29462)
    7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
    AC3Filter 2.5b (Version: 2.5b)
    Adobe AIR (Version: 3.7.0.1860)
    Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
    Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
    Android SDK Tools (Version: 1.16)
    Anker Precision Laser Gaming Mouse version 1.1 (Version: 1.1)
    Audacity 2.0.2 (Version: 2.0.2)
    avast! Free Antivirus (Version: 8.0.1483.0)
    Bandicam (Version: 1.8.6.321)
    Bandisoft MPEG-1 Decoder
    Bass Audio Decoder (remove only)
    Batman: Arkham Asylum GOTY Edition
    BBC iPlayer Desktop (Version: 3.2.15)
    Belarc Advisor 8.3 (Version: 8.3.0.0)
    Blend for Visual Studio 2012 (Version: 5.0.30709.0)
    Blend for Visual Studio 2012 ENU resources (Version: 5.0.30709.0)
    Blend for Visual Studio Add-in for Adobe FXG Import (Version: 1.0.40218.0)
    Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0)
    Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0)
    Blender (Version: 2.66a)
    CCleaner (Version: 4.01)
    CD Audio Reader Filter (remove only)
    CPUID CPU-Z 1.62.0
    CrystalDiskMark 3.0.2d (Version: 3.0.2d)
    D3DX10 (Version: 15.4.2368.0902)
    DCoder Image Source (remove only)
    DirectVobSub (remove only)
    Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298)
    DScaler 5 Mpeg Decoders
    Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.21009.00)
    ffdshow v1.2.4453 [2012-05-21] (Version: 1.2.4453.0)
    FFMPEG Core Files (remove only)
    FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
    Foxit PDF Preview Handler (Version: 1.0.0)
    Foxit Reader (Version: 6.0.2.413)
    Gabest MPEG Splitter (remove only)
    Geeks3D.com FurMark 1.10.6
    GIMP 2.8.2 (Version: 2.8.2)
    Google Chrome (Version: 27.0.1453.94)
    Google Drive (Version: 1.9.4536.8202)
    Google Talk Plugin (Version: 3.19.1.13088)
    Google Update Helper (Version: 1.3.21.145)
    GPL Ghostscript (Version: 9.06)
    Haali Media Splitter
    Java 7 Update 21 (64-bit) (Version: 7.0.210)
    Java 7 Update 21 (Version: 7.0.210)
    Java Auto Updater (Version: 2.1.9.5)
    Java SE Development Kit 7 Update 11 (64-bit) (Version: 1.7.0.110)
    JavaScript Tooling (Version: 11.0.60315)
    LAME v3.99.3 (for Windows)
    LAV Filters 0.55.3 (Version: 0.55.3)
    LocalESPC (Version: 8.59.25584)
    LocalESPCui for en-us (Version: 8.59.25584)
    MadVR (remove only)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    MediaMonkey 4.0 (Version: 4.0)
    Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
    Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20525.0)
    Microsoft Expression Blend SDK for Silverlight 4 (Version: 2.0.20525.0)
    Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
    Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
    Microsoft Help Viewer 2.0 (Version: 2.0.50727)
    Microsoft NuGet - Visual Studio 2012 (Version: 2.0.30625.9003)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Portable Library Multi-Targeting Pack (Version: 11.0.60130.00)
    Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (Version: 11.0.50709.17929)
    Microsoft Report Viewer Add-On for Visual Studio 2012 (Version: 11.1.2802.16)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0)
    Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60)
    Microsoft SQL Server 2012 Management Objects (Version: 11.0.2100.60)
    Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60)
    Microsoft SQL Server 2012 T-SQL Language Service (Version: 11.0.2100.60)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
    Microsoft SQL Server System CLR Types (Version: 10.50.1600.1)
    Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
    Microsoft System CLR Types for SQL Server 2012 (Version: 11.0.2100.60)
    Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727)
    Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (Version: 11.0.60315)
    Microsoft Visual C++ 2012 Compilers - ENU Resources (Version: 11.0.60315)
    Microsoft Visual C++ 2012 Compilers (Version: 11.0.60315)
    Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.51106)
    Microsoft Visual C++ 2012 Extended Libraries (Version: 11.0.60315)
    Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x86-x64 Compilers (Version: 11.0.60315)
    Microsoft Visual Studio 2012 Devenv (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Devenv Resources (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Preparation (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Shell (Minimum) Resources (Version: 11.0.50727)
    Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1)
    Microsoft Visual Studio Professional 2012 - ENU (Version: 11.0.50727)
    Microsoft Visual Studio Professional 2012 (Version: 11.0.50727)
    Microsoft Visual Studio Professional 2012 (Version: 11.0.50727.1)
    Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.60315)
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.60315)
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727)
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (Version: 11.0.50727)
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727)
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (Version: 11.0.50727)
    Microsoft Web Deploy dbSqlPackage Provider - enu (Version: 10.3.20225.0)
    Morrowind
    Movie Maker (Version: 16.4.3505.0912)
    Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
    MSVCRT (Version: 15.4.2862.0708)
    MSVCRT110 (Version: 16.4.1108.0727)
    MSVCRT110_amd64 (Version: 16.4.1109.0912)
    NetBeans IDE 7.2.1 (Version: 7.2.1)
    Network Addon Mod 31 (Version: 31)
    Nexus Mod Manager (Version: 0.44.13)
    Notepad++ (Version: 6.3.2)
    NVIDIA 3D Vision Driver 310.90 (Version: 310.90)
    NVIDIA Control Panel 310.90 (Version: 310.90)
    NVIDIA Display Control Panel (Version: 6.14.11.9716)
    NVIDIA Drivers (Version: 1.10)
    NVIDIA Graphics Driver 310.90 (Version: 310.90)
    NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
    NVIDIA Install Application (Version: 2.1002.95.599)
    NVIDIA MediaShield (Version: 11.1.0.43)
    NVIDIA Performance (Version: 6.5)
    NVIDIA PhysX (Version: 9.12.1031)
    NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
    NVIDIA System Monitor (Version: 6.5)
    NVIDIA Update 1.11.3 (Version: 1.11.3)
    NVIDIA Update Components (Version: 1.11.3)
    OpenHaptics Academic edition v3.10.5
    OpenSource AVI Splitter (remove only)
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    OpenSource Flash Video Splitter (remove only)
    Paint.NET v3.5.10 (Version: 3.60.0)
    PDFill PDF Editor with FREE Writer and FREE Tools (Version: 10.0)
    PHANToM Device Drivers
    Photo Common (Version: 16.4.3505.0912)
    Photo Gallery (Version: 16.4.3505.0912)
    Picasa 3 (Version: 3.9)
    PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1)
    Realtek High Definition Audio Driver (Version: 6.0.1.5939)
    Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
    Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (Version: 6.2.0)
    Sky Go Desktop
    Skype™ 6.3 (Version: 6.3.105)
    Spotify (Version: 0.9.0.133.gd18ed589)
    Steam (Version: 1.0.0.0)
    swMSM (Version: 12.0.0.1)
    Synaptics Pointing Device Driver (Version: 14.0.0.3)
    The Elder Scrolls V: Skyrim
    Unity Web Player (Version: )
    Update for (KB2504637) (Version: 1)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio 2012 (KB2781514) (Version: 11.0.50727)
    Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727)
    Visual Studio 2012 Prerequisites (Version: 11.0.50727)
    Visual Studio 2012 Update 2 (KB2707250) (Version: 11.0.60315)
    Visual Studio Extensions for Windows Library for JavaScript (Version: 1.0.9201.20602)
    VLC media player 2.0.6 (Version: 2.0.6)
    WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0)
    WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0)
    WCF RIA Services V1.0 SP2 (Version: 4.1.61829.0)
    Windows App Certification Kit Native Components (Version: 8.59.29736)
    Windows App Certification Kit x64 (Version: 8.59.29750)
    Windows Live Communications Platform (Version: 16.4.3505.0912)
    Windows Live Essentials (Version: 16.4.3505.0912)
    Windows Live Installer (Version: 16.4.3505.0912)
    Windows Live Photo Common (Version: 16.4.3505.0912)
    Windows Live PIMT Platform (Version: 16.4.3505.0912)
    Windows Live SOXE (Version: 16.4.3505.0912)
    Windows Live SOXE Definitions (Version: 16.4.3505.0912)
    Windows Live UX Platform (Version: 16.4.3505.0912)
    Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
    Windows Runtime Intellisense Content - en-us (Version: 8.59.25584)
    Windows Software Development Kit (Version: 8.59.25584)
    Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
    Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584)
    Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584)
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584)
    Windows XP Targeting with C++ (Version: 11.0.51106)
    WinRAR 4.20 (64-bit) (Version: 4.20.0)
    Zoom Player (remove only)

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/27/2013 08:11:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1216.

    Error: (05/27/2013 08:11:35 PM) (Source: ESENT) (User: )
    Description: Catalog Database (1220) Catalog Database: Database recovery/restore failed with unexpected error -1216.

    Error: (05/27/2013 08:11:35 PM) (Source: ESENT) (User: )
    Description: Catalog Database (1220) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

    Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
    Description: Windows cannot access the file C:\Windows\System32\UIAnimation.dll for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Windows Explorer because of this error.

    Program: Windows Explorer
    File: C:\Windows\System32\UIAnimation.dll

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
    Description: Windows cannot access the file C:\Windows\System32\uxtheme.dll for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program NVIDIA nTune Command because of this error.

    Program: NVIDIA nTune Command
    File: C:\Windows\System32\uxtheme.dll

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
    Description: Windows cannot access the file C:\Program Files\Synaptics\SynTP\SynTPEnh.exe for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Synaptics TouchPad Enhancements because of this error.

    Program: Synaptics TouchPad Enhancements
    File: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
    Description: Windows cannot access the file C:\Windows\System32\actxprxy.dll for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Microsoft Sync Center because of this error.

    Program: Microsoft Sync Center
    File: C:\Windows\System32\actxprxy.dll

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16433, time stamp: 0x50763312
    Faulting module name: ntdll.dll, version: 6.2.9200.16579, time stamp: 0x51637f77
    Exception code: 0xc0000006
    Fault offset: 0x000000000001b00a
    Faulting process ID: 0xd70
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report ID: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
    Description: Windows cannot access the file C:\Windows\System32\BFE.DLL for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File: C:\Windows\System32\BFE.DLL

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3

    Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
    Description: Windows cannot access the file C:\Windows\System32\Faultrep.dll for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File: C:\Windows\System32\Faultrep.dll

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C000009C
    Disk type: 3


    System errors:
    =============
    Error: (05/28/2013 04:08:43 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/28/2013 04:08:43 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/28/2013 04:08:43 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/28/2013 04:08:02 AM) (Source: DCOM) (User: ALEX-LAPTOP)
    Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (05/28/2013 04:08:02 AM) (Source: DCOM) (User: ALEX-LAPTOP)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/28/2013 04:07:53 AM) (Source: DCOM) (User: ALEX-LAPTOP)
    Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (05/28/2013 04:07:53 AM) (Source: DCOM) (User: ALEX-LAPTOP)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/28/2013 04:04:59 AM) (Source: DCOM) (User: ALEX-LAPTOP)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/28/2013 04:03:43 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/28/2013 04:03:43 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2013-02-10 12:04:47.719
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-10 12:02:31.129
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 17:17:55.805
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 16:28:57.716
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 16:28:51.084
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 16:28:39.525
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 16:28:09.395
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 16:27:50.107
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 16:27:36.222
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-09 16:27:17.953
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 47%
    Total physical RAM: 3582.35 MB
    Available physical RAM: 1867.01 MB
    Total Pagefile: 8446.35 MB
    Available Pagefile: 6573 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.77 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:223.23 GB) (Free:49.32 GB) NTFS (Disk=0 Partition=2)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 452E0C5F)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I don't see much there.

    Is the computer operational in normal mode?
    If not what exactly happens when you enter normal mode?

    Judging from your computer errors you may have video driver issue.
    That would be confirmed by no problem in safe mode where Windows loads its own generic driver.
     
  16. Chromana

    Chromana TS Rookie Topic Starter

    Well I restarted back into safe mode. During shutdown I got a bluescreen with the error KERNAL_DATA_INPAGE_ERROR which is apparently related to RAM or a HDD (although I'm running an SSD).
    However Avast still shows lots of entries. I've attached an image of the post-scan.

    I will try rebooting into normal mode. I don't understand how this isn't related to an infection though, it all started less than a minute after loading a regular webpage of a website which had been obviously infected.
     

    Attached Files:

  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Most of those files look pretty legit to me.
    Is your Avast up to date?

    I still need to know...

     
  18. Chromana

    Chromana TS Rookie Topic Starter

    Hi, so I was having many blue screen issues and another forum dedicated to blue screen errors failed to find a solution, so I just reinstalled Windows. Another weird thing was that Windows became deactivated and refused to accept my original legit key code. I'm positive all of this happened right after I went to that website so I still believe I was infected somehow, but now I'll never know.

    All is good now so you can close this thread. Thank you for your help and good luck in your future virus-slaying career!
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Thanks for letting me know :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...