Inactive Difficult rootkit infestation, causes bluescreens

Chromana

Chromana

Posts: 13   +0
Now I consider myself a geek and I'm usually the go-to guy for other people who need tech help but I'm pretty stumped by this. I could continue trying out random removal tools but I figured asking the pros would be beneficial!

Running Windows 8 on a laptop. I got infected by a normally perfectly good website which must have become compromised. I use Chrome and Avast AV so I'm surprised I wasn't notified during the infection. First Chome crashed then my computer bluescreened within a minute of going to the infected website.

Symptoms and things tried:
  • After logging onto the computer it will bluescreen after about 20-40 seconds. Usually with error 0x000021A but sometimes with some other error like vital_service_died (or something like that). It doesn't crash if left on the login screen.
  • When Windows restarts after the bluescreen it runs the drive checker on boot to check for drive errors. I've let this run a couple times and nothing bad is ever found. I just skip it now.
  • I managed to get the computer to always load into safe mode w/ networking which is (almost) completely stable. I'm typing this message from there right now.
  • Running a full Avast AV scan in safe mode reveals 119 infected files which it labels as being rootkits. It doesn't give any actual rootkit names. It suggests to let Avast run on boot to remove the items but my computer always bluescreens while shutting down or restarting (even from safe mode) so Avast has been unable to do a boot scan.
  • Malwarebytes comes up with no infections (I'll attach the log anyway).
  • I got Kaspersky TDSSKiller which finds 82 infections all of which it calls "Suspicious object, medium risk". I chose to copy all the objects to quarantine Then I restarted and scanned again but everything was still there.
  • I got AVG boot scan which runs off of a bootable CD. It found nothing.
Many thanks for any help!
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.28.01

Windows 8 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16580
Alex :: ALEX-LAPTOP [administrator]

28/05/2013 02:45:59
mbam-log-2013-05-28 (02-45-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239956
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by Alex at 2:50:04 on 2013-05-28
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.44.2057.18.3582.2280 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify Web Helper] "C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [EsternTimesMouseExRun] "C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" -runauto
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B269AA37-70F9-4A27-BDE8-440C0016DB96} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DA97F45A-7EB6-435F-BB66-D8BB6D08E724} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\35B4956373648353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\44550275962756C6563737 : DHCPNameServer = 129.234.4.13 129.234.4.9
TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\5616374736F6163747D277966696 : DHCPNameServer = 10.101.0.1
TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\D4F6E6E69772373556879775966696 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{E5BC7A07-9B2F-43A7-B20A-872DFE6E00CB}\D4F6E6E697723775966696 : DHCPNameServer = 192.168.43.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\98jau3jq.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-4-3 65336]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\Drivers\nvoclk64.sys [2009-9-15 42088]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\Drivers\rtl8192se.sys [2012-6-2 1239144]
S1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-30 1025808]
S1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-1-30 377920]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-1-30 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-30 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-3 45248]
S2 PhantomEPP;PhantomEPP;C:\Windows\System32\Drivers\PhantomEPP_amd64.sys [2013-1-22 25944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-4-3 178624]
S3 Phantom1394_x64;Phantom1394_x64;C:\Windows\System32\Drivers\Phantom1394_x64.sys [2010-10-22 53080]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-1-17 222208]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-28 01:44:50--------d-----w-C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-05-28 01:44:4425928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-05-28 01:44:44--------d-----w-C:\ProgramData\Malwarebytes
2013-05-28 01:44:44--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-28 01:32:50--------d-----w-C:\TDSSKiller_Quarantine
2013-05-27 19:12:26--------d-sh--w-C:\found.000
2013-05-27 19:02:19--------d-sh--w-C:\found.003
2013-05-27 18:51:17--------d-sh--w-C:\found.002
2013-05-27 18:25:28--------d-sh--w-C:\found.001
2013-05-24 03:51:40--------d-----w-C:\cppincludes
2013-05-23 21:45:06--------d-----w-C:\Program Files (x86)\Geeks3D
2013-05-16 15:16:59670208----a-w-C:\Windows\SysWow64\SearchIndexer.exe
2013-05-14 23:19:531455368----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-14 23:18:582851840----a-w-C:\Windows\System32\esent.dll
2013-05-14 23:18:582382336----a-w-C:\Windows\SysWow64\esent.dll
2013-05-12 19:55:06--------d-----w-C:\Users\Alex\AppData\Roaming\Litecoin
2013-05-12 19:54:57--------d-----w-C:\Program Files (x86)\Litecoin
2013-05-01 14:45:56--------d-----w-C:\Users\Alex\AppData\Roaming\Sibelius Software
2013-05-01 14:45:50--------d-----w-C:\Program Files (x86)\Sibelius Software
.
==================== Find3M ====================
.
2013-05-07 20:07:5078200----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50693112----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-23 11:01:10971680----a-w-C:\Windows\System32\deployJava1.dll
2013-04-23 11:00:4495648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 11:00:43866720----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-04-23 11:00:43788896----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-04-13 05:56:35444416----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-04-09 23:16:583958784----a-w-C:\Windows\System32\jscript9.dll
2013-04-09 22:30:261767424----a-w-C:\Windows\SysWow64\wininet.dll
2013-04-09 22:29:442877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-04-09 05:33:02489576----a-w-C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02446792----a-w-C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02253544----a-w-C:\Windows\System32\audiodg.exe
2013-04-09 05:27:43284424----a-w-C:\Windows\System32\drivers\spaceport.sys
2013-04-09 05:20:0286280----a-w-C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02306952----a-w-C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:0577960----a-w-C:\Windows\System32\kdvm.dll
2013-04-09 04:51:51367616----a-w-C:\Windows\System32\conhost.exe
2013-04-09 04:50:53414720----a-w-C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:0396256----a-w-C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03745984----a-w-C:\Windows\System32\mssvp.dll
2013-04-09 04:50:032107904----a-w-C:\Windows\System32\mssrch.dll
2013-04-09 04:50:0265024----a-w-C:\Windows\System32\msscntrs.dll
2013-04-09 04:50:02435200----a-w-C:\Windows\System32\mssph.dll
2013-04-09 04:50:0213824----a-w-C:\Windows\System32\msshooks.dll
2013-04-09 04:49:541444864----a-w-C:\Windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45468992----a-w-C:\Windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45281088----a-w-C:\Windows\System32\mfreadwrite.dll
2013-04-09 04:49:36817152----a-w-C:\Windows\System32\kerberos.dll
2013-04-09 04:49:33210432----a-w-C:\Windows\System32\iuilp.dll
2013-04-09 04:49:1650176----a-w-C:\Windows\System32\fmifs.dll
2013-04-09 04:49:16231936----a-w-C:\Windows\System32\fhengine.dll
2013-04-09 04:49:09172544----a-w-C:\Windows\System32\dwmredir.dll
2013-04-09 04:49:06196096----a-w-C:\Windows\System32\dmvdsitf.dll
2013-04-09 04:48:432303488----a-w-C:\Windows\System32\authui.dll
2013-04-09 04:48:42785408----a-w-C:\Windows\System32\audiosrv.dll
2013-04-09 04:48:42169472----a-w-C:\Windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34419840----a-w-C:\Windows\System32\intl.cpl
2013-04-09 02:34:4983968----a-w-C:\Windows\System32\drivers\hidclass.sys
2013-04-09 02:34:4227648----a-w-C:\Windows\System32\drivers\hidusb.sys
2013-04-09 02:34:3095744----a-w-C:\Windows\System32\drivers\hidbth.sys
2013-04-09 02:33:4160416----a-w-C:\Windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05623104----a-w-C:\Windows\System32\drivers\srv2.sys
2013-04-09 02:32:02805376----a-w-C:\Windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14247808----a-w-C:\Windows\System32\drivers\srvnet.sys
2013-04-09 02:31:0183456----a-w-C:\Windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25123880----a-w-C:\Windows\SysWow64\wscapi.dll
2013-04-08 23:39:141408896----a-w-C:\Windows\SysWow64\ntdll.dll
2013-04-08 23:37:29426024----a-w-C:\Windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29324368----a-w-C:\Windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16302592----a-w-C:\Windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16171008----a-w-C:\Windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16106496----a-w-C:\Windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06364544----a-w-C:\Windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17503080----a-w-C:\Windows\System32\ci.dll
2013-04-02 14:09:524550656----a-w-C:\Windows\SysWow64\GPhotos.scr
2013-03-15 22:05:16252928----a-w-C:\Windows\SysWow64\rsaenh.dll
2013-03-15 00:17:18861184----a-w-C:\Windows\System32\drivers\http.sys
2013-03-14 23:05:562272320----a-w-C:\Windows\SysWow64\VsGraphicsHelper.dll
2013-03-06 22:33:2170992----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:2165336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr
2013-03-06 07:10:10112872----a-w-C:\Windows\System32\consent.exe
2013-03-06 06:29:1570144----a-w-C:\Windows\System32\appinfo.dll
2013-03-02 10:57:48337128----a-w-C:\Windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:4677544----a-w-C:\Windows\System32\drivers\storahci.sys
2013-03-02 10:57:46332520----a-w-C:\Windows\System32\drivers\storport.sys
2013-03-02 10:45:20148712----a-w-C:\Windows\System32\drivers\tpm.sys
2013-03-02 10:45:19194792----a-w-C:\Windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10125160----a-w-C:\Windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39495336----a-w-C:\Windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:3869864----a-w-C:\Windows\System32\drivers\pdc.sys
2013-03-02 10:39:32327912----a-w-C:\Windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:372231528----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36411880----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:0834304----a-w-C:\Windows\SysWow64\wuapp.exe
2013-03-02 08:23:4383968----a-w-C:\Windows\SysWow64\wudriver.dll
2013-03-02 08:23:43125952----a-w-C:\Windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30893952----a-w-C:\Windows\SysWow64\winmde.dll
2013-03-02 08:23:301338880----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28601088----a-w-C:\Windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28504320----a-w-C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19246784----a-w-C:\Windows\SysWow64\ubpm.dll
2013-03-02 08:23:04356352----a-w-C:\Windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04100864----a-w-C:\Windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:23:00375808----a-w-C:\Windows\SysWow64\ReAgent.dll
2013-03-02 08:22:36357888----a-w-C:\Windows\SysWow64\netcfgx.dll
2013-03-02 08:22:325091840----a-w-C:\Windows\SysWow64\mstscax.dll
2013-03-02 08:22:17850944----a-w-C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56550912----a-w-C:\Windows\SysWow64\drvstore.dll
2013-03-02 08:21:5236352----a-w-C:\Windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40309760----a-w-C:\Windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:32145408----a-w-C:\Windows\SysWow64\powercfg.cpl
2013-03-02 02:45:26240640----a-w-C:\Windows\System32\fsquirt.exe
2013-03-02 02:44:385978624----a-w-C:\Windows\System32\mstscax.dll
2013-03-02 02:44:291151488----a-w-C:\Windows\System32\mcmde.dll
2013-03-02 02:44:291048576----a-w-C:\Windows\System32\mfasfsrcsnk.dll
.
============= FINISH: 2:50:15.77 ===============
 
Ok so I've read different advice elsewhere which says to paste the attach.txt file instead of attaching it so here it is:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume1
Install Date: 15/01/2013 14:37:34
System Uptime: 28/05/2013 02:34:40 (0 hours ago)
.
Motherboard: MiTAC | | Notebook PC
Processor: Intel(R) Core(TM)2 Duo CPU T9500 @ 2.60GHz | Socket 479 | 2600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 48.125 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Tools for .Net 3.5
7-Zip 9.20 (x64 edition)
AC3Filter 2.5b
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Android SDK Tools
Anker Precision Laser Gaming Mouse version 1.1
µTorrent
Audacity 2.0.2
avast! Free Antivirus
Bandicam
Bandisoft MPEG-1 Decoder
Bass Audio Decoder (remove only)
Batman: Arkham Asylum GOTY Edition
BBC iPlayer Desktop
Belarc Advisor 8.3
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Blend for Visual Studio Add-in for Adobe FXG Import
Blend for Visual Studio SDK for .NET 4.5
Blend for Visual Studio SDK for Silverlight 5
Blender
CCleaner
CD Audio Reader Filter (remove only)
CPUID CPU-Z 1.62.0
CrystalDiskMark 3.0.2d
D3DX10
DCoder Image Source (remove only)
DirectVobSub (remove only)
Dotfuscator and Analytics Community Edition
DScaler 5 Mpeg Decoders
Entity Framework Designer for Visual Studio 2012 - enu
ffdshow v1.2.4453 [2012-05-21]
FFMPEG Core Files (remove only)
FileZilla Client 3.6.0.2
Foxit PDF Preview Handler
Foxit Reader
Free Alarm Clock 2.7.1
Gabest MPEG Splitter (remove only)
Geeks3D.com FurMark 1.10.6
GIMP 2.8.2
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
GPL Ghostscript
Haali Media Splitter
HexChat (x64)
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 11 (64-bit)
JavaScript Tooling
LAME v3.99.3 (for Windows)
LAV Filters 0.55.3
Litecoin
LocalESPC
LocalESPCui for en-us
MadVR (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 2.0
Microsoft NuGet - Visual Studio 2012
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy dbSqlPackage Provider - enu
Morrowind
Movie Maker
Mozilla Firefox 20.0.1 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
NetBeans IDE 7.2.1
Network Addon Mod 31
Nexus Mod Manager
Notepad++
NVIDIA 3D Vision Driver 310.90
NVIDIA Control Panel 310.90
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA MediaShield
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA System Monitor
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenHaptics Academic edition v3.10.5
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paint.NET v3.5.10
PDFill PDF Editor with FREE Writer and FREE Tools
PHANToM Device Drivers
Photo Common
Photo Gallery
Picasa 3
PreEmptive Analytics Visual Studio Components
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only)
SimCity 4 Deluxe
Sky Go Desktop
Skype™ 6.3
Spotify
Steam
swMSM
Synaptics Pointing Device Driver
The Elder Scrolls V: Skyrim
Traffic Simulator Configuration Tool
Unity Web Player
Update for (KB2504637)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2012 (KB2781514)
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio 2012 Update 2 (KB2707250)
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 2.0.6
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
WinRAR 4.20 (64-bit)
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
28/05/2013 02:50:08, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000000019. The name of the file is "<unable to determine file name>". The corrupted index attribute is ":$O:$INDEX_ALLOCATION".
28/05/2013 02:50:08, Error: Ntfs [131] - The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
28/05/2013 02:50:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
28/05/2013 02:50:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
28/05/2013 02:45:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
28/05/2013 02:45:20, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
28/05/2013 02:36:06, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
28/05/2013 02:34:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
28/05/2013 02:34:41, Error: Microsoft-Windows-Ntfs [98] - Volume C: (\Device\HarddiskVolume2) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
28/05/2013 02:34:41, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
28/05/2013 02:34:22, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: SanDisk SDSSDX240GG25 Firmware Version: R211 Serial Number: 124888401004 Port: 0
28/05/2013 02:34:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wcmsvc service.
28/05/2013 02:24:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa8005ff6940, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052813-6630-01.
28/05/2013 02:24:07, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.
27/05/2013 21:25:56, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa8005fe2600, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-6505-01.
27/05/2013 21:18:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a00c9d0540, 0xffffffffc0000006, 0x000007ffb7159e22, 0x000000a12637a940). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-9547-01.
27/05/2013 20:11:50, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
27/05/2013 20:11:50, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a log-on failure.
27/05/2013 20:09:48, Error: Service Control Manager [7000] - The PhantomEPP service failed to start due to the following error: A device attached to the system is not functioning.
27/05/2013 20:09:48, Error: PhantomEPP [1] - The driver could no load because there are no available parallel ports.
27/05/2013 20:07:27, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: One or more arguments are invalid
27/05/2013 20:07:27, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: One or more arguments are invalid
27/05/2013 20:07:17, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000b4e9. The name of the file is "\Windows\SysWOW64\winsta.dll".
27/05/2013 20:07:14, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000b651. The name of the file is "\Windows\WinSxS\amd64_microsoft-windows-srumon_31bf3856ad364e35_6.2.9200.16384_none_4342c767a6549c93\srumsvc.dll".
27/05/2013 20:07:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a002c59790, 0xffffffffc0000006, 0x000007fc790fec2c, 0x000000919cb5f090). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10717-02.
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Power service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Local Session Manager service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7034] - The Background Tasks Infrastructure Service service terminated unexpectedly. It has done this 1 time(s).
27/05/2013 20:03:44, Error: Service Control Manager [7000] - The Spot Verifier service failed to start due to the following error: The system cannot find the path specified.
27/05/2013 20:02:59, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000b8d5. The name of the file is "<unable to determine file name>".
27/05/2013 20:02:58, Error: Service Control Manager [7023] - The Windows Error Reporting Service service terminated with the following error: Windows Error Reporting Service is not a valid Win32 application.
27/05/2013 20:02:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a0027a3790, 0xffffffffc0000006, 0x000007fc85fcec2c, 0x000000238947ef40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10717-01.
27/05/2013 19:41:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa80040cf080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-8252-01.
27/05/2013 19:41:13, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume \\?\Volume{56d4ddb1-5f20-11e2-be65-806e6f6e6963}. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.
27/05/2013 19:41:13, Error: Microsoft-Windows-Ntfs [98] - Volume \\?\Volume{56d4ddb1-5f20-11e2-be65-806e6f6e6963} (\Device\HarddiskVolume1) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
27/05/2013 19:39:35, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xed000000017ca2. The name of the file is "<unable to determine file name>".
27/05/2013 19:38:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa80064f5080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10623-01.
27/05/2013 19:26:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a000b4b4b0, 0xffffffffc0000006, 0x000007fdd623ec2c, 0x000000040688f170). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052713-10654-01.
27/05/2013 19:15:36, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000001755. The name of the file is "\Windows\SysWOW64\en-US". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
27/05/2013 19:15:29, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x9000000000009. The name of the file is "<unable to determine file name>". The corrupted index attribute is ":$SDH:$INDEX_ALLOCATION".
27/05/2013 19:15:29, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000001755. The name of the file is "\Windows\SysWOW64\en-US". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION". The corrupted index block is located at Vcn 0x6, Lcn 0xffffffffffffffff. The corruption begins at offset 3208 within the index block.
27/05/2013 19:15:29, Error: LsaSrv [5000] - The security package Kerberos generated an exception. The exception information is the data.
27/05/2013 19:15:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
27/05/2013 19:15:28, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/05/2013 19:15:15, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x100000000174d. The name of the file is "\Windows\SysWOW64\en-GB". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION". The corrupted index block is located at Vcn 0x6, Lcn 0xffffffffffffffff. The corruption begins at offset 2512 within the index block.
27/05/2013 19:15:12, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x100000000174d. The name of the file is "\Windows\SysWOW64\en-GB". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
27/05/2013 19:15:06, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
27/05/2013 19:12:53, Error: volmgr [46] - Crash dump initialization failed!
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
I'm getting 404'd on the RougeKiller download links. Do you have another link?
Link finally worked.
 
Roguekiller report #1:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Safe mode with network support
User : Alex [Admin rights]
Mode : Scan -- Date : 05/28/2013 03:43:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SanDisk SDSSDX240GG2 SCSI Disk Device +++++
--- User ---
[MBR] 65761251099df4a307247a4ccc1cb418
[BSP] e93f77bb38b945d9ba7d58c3981be815 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 228584 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05282013_02d0343.txt >>
RKreport[1]_S_05282013_02d0343.txt
 
RogueKiller report 2:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Safe mode with network support
User : Alex [Admin rights]
Mode : Remove -- Date : 05/28/2013 03:44:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SanDisk SDSSDX240GG2 SCSI Disk Device +++++
--- User ---
[MBR] 65761251099df4a307247a4ccc1cb418
[BSP] e93f77bb38b945d9ba7d58c3981be815 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 228584 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_05282013_02d0344.txt >>
RKreport[1]_S_05282013_02d0343.txt ; RKreport[2]_D_05282013_02d0344.txt
 
Malwarebytes Anti-Rootkit says nothing was found... I think it would be a good idea to restart and then scan with Avast again to see what it says but I'll wait for orders from you :)
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
  • Press Scan button.[/*]
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by Alex (administrator) on 28-05-2013 04:08:16
Running from C:\Users\Alex\Downloads
Windows 8 Pro with Media Center (X64) OS Language: English(UK)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Alex\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Alex\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8114720 2009-09-17] (Realtek Semiconductor)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-15] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-03] (Spotify Ltd)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
MountPoints2: {56d4ddb6-5f20-11e2-be65-806e6f6e6963} - "Z:\WSETUP\SETUP.exe"
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
HKLM-x32\...\Run: [EsternTimesMouseExRun] "C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" -runauto [3349504 2013-03-11] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\98jau3jq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pokki Download Helper) - C:\Users\Alex\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0
CHR Extension: (Entanglement) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Sexy Undo Close Tab) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.9_0
CHR Extension: (ChromeLite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjekedpipaedojkbialnhabcecmfpofh\1.1_0
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Link Icon) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnjfiolbpeihgijepincpfjhigekegab\2.4_0
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
CHR Extension: (Session Buddy) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Chain Reaction) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (uSelect iDownload) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\1.9_0
CHR Extension: (World Time Buddy) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj\10_0
CHR Extension: (Downloads) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0
CHR Extension: (Gmail Blue) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\keiffooocjpcgkpojchelkgnjmmjlbgc\0.4_0
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.3_0
CHR Extension: (FVD Video Downloader) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.1.4_0
CHR Extension: (Phone 2 Google Chrome\u2122) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.1_0
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.17_0
CHR Extension: (Chrome to Phone) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0
CHR Extension: (Better History) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.38_0
CHR Extension: (Robot Theme, inspired by Android\u2122) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj\0.2.2_0
CHR Extension: (Google Quick Scroll) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()
R3 nvoclk64; C:\Windows\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 Phantom1394_x64; C:\Windows\System32\Drivers\Phantom1394_x64.sys [53080 2010-10-22] ()
S2 PhantomEPP; C:\Windows\System32\Drivers\PhantomEPP_amd64.sys [25944 2010-10-22] (SensAble Technologies, Inc.)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U4 mbamswissarmy;
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-28 04:08 - 2013-05-28 04:08 - 00000000 ____D C:\FRST
2013-05-28 04:07 - 2013-05-28 04:08 - 01915616 ____A (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2013-05-28 03:46 - 2013-05-28 03:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-28 03:44 - 2013-05-28 03:44 - 00001438 ____A C:\Users\Alex\Desktop\RKreport[2]_D_05282013_02d0344.txt
2013-05-28 03:43 - 2013-05-28 03:43 - 00001385 ____A C:\Users\Alex\Desktop\RKreport[1]_S_05282013_02d0343.txt
2013-05-28 03:40 - 2013-05-28 03:43 - 00000000 ____D C:\Users\Alex\Desktop\RK_Quarantine
2013-05-28 03:38 - 2013-05-28 03:40 - 00791040 ____A C:\Users\Alex\Downloads\RogueKillerX64.exe
2013-05-28 03:35 - 2013-05-28 03:35 - 13169742 ____A C:\Users\Alex\Downloads\mbar-1.06.0.1003.zip
2013-05-28 03:35 - 2013-05-28 03:35 - 00000000 ____D C:\Users\Alex\Downloads\mbar-1.06.0.1003
2013-05-28 03:16 - 2013-05-28 03:16 - 00024658 ____A C:\Users\Alex\Downloads\attach.txt
2013-05-28 02:50 - 2013-05-28 02:50 - 00024658 ____A C:\Users\Alex\Desktop\attach.txt
2013-05-28 02:50 - 2013-05-28 02:50 - 00018119 ____A C:\Users\Alex\Desktop\dds.txt
2013-05-28 02:48 - 2013-05-28 02:49 - 00688992 ____R (Swearware) C:\Users\Alex\Downloads\dds.com
2013-05-28 02:44 - 2013-05-28 02:44 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-28 02:44 - 2013-05-28 02:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-28 02:44 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-28 02:32 - 2013-05-28 02:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller.zip
2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller (1).zip
2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller (1)
2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller
2013-05-28 02:30 - 2013-05-28 02:30 - 02239840 ____A (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
2013-05-28 02:24 - 2013-05-28 02:24 - 00279152 ____A C:\Windows\Minidump\052813-6630-01.dmp
2013-05-27 21:28 - 2013-05-27 21:31 - 106354688 ____A C:\Users\Alex\Downloads\avg_arl_cdi_all_120_130515a6325.iso
2013-05-27 21:25 - 2013-05-27 21:25 - 00279152 ____A C:\Windows\Minidump\052713-6505-01.dmp
2013-05-27 21:18 - 2013-05-27 21:18 - 00279152 ____A C:\Windows\Minidump\052713-9547-01.dmp
2013-05-27 20:12 - 2013-05-27 20:12 - 00000000 __SHD C:\found.000
2013-05-27 20:07 - 2013-05-27 20:07 - 00295256 ____A C:\Windows\Minidump\052713-10717-02.dmp
2013-05-27 20:07 - 2013-05-27 20:07 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-27 20:07 - 2013-03-06 23:33 - 00084376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon2.sys
2013-05-27 20:07 - 2013-03-06 23:33 - 00027744 ____A (AVAST Software) C:\Windows\System32\Drivers\aavmker4.sys
2013-05-27 20:02 - 2013-05-27 20:02 - 00295256 ____A C:\Windows\Minidump\052713-10717-01.dmp
2013-05-27 20:02 - 2013-05-27 20:02 - 00000000 __SHD C:\found.003
2013-05-27 19:51 - 2013-05-27 19:51 - 00000000 __SHD C:\found.002
2013-05-27 19:41 - 2013-05-27 19:41 - 00295312 ____A C:\Windows\Minidump\052713-8252-01.dmp
2013-05-27 19:38 - 2013-05-27 19:38 - 00295256 ____A C:\Windows\Minidump\052713-10623-01.dmp
2013-05-27 19:25 - 2013-05-27 19:26 - 00295312 ____A C:\Windows\Minidump\052713-10654-01.dmp
2013-05-27 19:25 - 2013-05-27 19:25 - 00015040 ____N C:\bootsqm.dat
2013-05-27 19:25 - 2013-05-27 19:25 - 00000000 __SHD C:\found.001
2013-05-27 15:18 - 2013-05-27 15:18 - 00295200 ____A C:\Windows\Minidump\052713-8736-01.dmp
2013-05-26 03:33 - 2013-05-26 03:33 - 00000000 ____D C:\Users\Alex\Downloads\Old *** ****
2013-05-26 03:31 - 2013-05-26 03:32 - 21538188 ____A C:\Users\Alex\Downloads\Old *** ****.zip
2013-05-25 23:13 - 2013-05-25 23:13 - 04346816 ____A (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup401.exe
2013-05-24 20:50 - 2013-05-24 20:50 - 00000000 ____D C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1
2013-05-24 20:49 - 2013-05-24 20:49 - 05498854 ____A C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1.zip
2013-05-24 20:48 - 2013-05-24 20:48 - 00000000 ____D C:\Users\Alex\Downloads\tutorials
2013-05-24 20:47 - 2013-05-24 20:48 - 00157173 ____A C:\Users\Alex\Downloads\tutorials.zip
2013-05-24 20:41 - 2013-05-24 20:41 - 00000000 ____D C:\Users\Alex\Downloads\MYGUI_3.2.0_win32
2013-05-24 20:33 - 2013-05-24 20:34 - 14383788 ____A C:\Users\Alex\Downloads\MyGUI_3.2.0.zip
2013-05-24 20:32 - 2013-05-24 20:34 - 11958671 ____A C:\Users\Alex\Downloads\MYGUI_3.2.0_win32.zip
2013-05-24 20:24 - 2013-05-24 20:24 - 02097004 ____A C:\Users\Alex\Downloads\GG-0.7.0.zip
2013-05-24 20:24 - 2013-05-24 20:24 - 00000000 ____D C:\Users\Alex\Downloads\GG-0.7.0
2013-05-24 13:36 - 2013-05-24 13:36 - 01307915 ____A C:\Users\Alex\Downloads\tutors-win32.zip
2013-05-24 13:36 - 2013-05-24 13:36 - 00000000 ____D C:\Users\Alex\Downloads\tutors-win32
2013-05-24 06:09 - 2013-05-24 06:09 - 01194855 ____A C:\Users\Alex\Downloads\glfw-2.7.8.zip
2013-05-24 06:09 - 2013-05-24 06:09 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8
2013-05-24 04:51 - 2013-05-24 04:51 - 00000000 ____D C:\cppincludes
2013-05-24 04:45 - 2013-05-24 04:45 - 00714412 ____A C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64.zip
2013-05-24 04:45 - 2013-05-24 04:45 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64
2013-05-24 04:31 - 2013-05-24 04:31 - 00272757 ____A C:\Users\Alex\Desktop\ai (5).zip
2013-05-24 04:25 - 2013-05-24 04:25 - 00175297 ____A C:\Users\Alex\Desktop\ai (4).zip
2013-05-24 04:05 - 2013-05-24 04:05 - 00175404 ____A C:\Users\Alex\Desktop\ai (3).zip
2013-05-24 03:53 - 2013-05-24 03:53 - 00082896 ____A C:\Users\Alex\Desktop\ai (2).zip
2013-05-24 03:51 - 2013-05-24 03:51 - 00818780 ____A C:\Users\Alex\Desktop\ai.zip
2013-05-24 03:50 - 2013-05-24 04:31 - 00000000 ____D C:\Users\Alex\Desktop\ai
2013-05-23 22:45 - 2013-05-23 22:45 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-05-23 22:33 - 2013-05-23 22:33 - 00000000 ____D C:\Users\Alex\Downloads\glut37
2013-05-23 22:31 - 2013-05-23 22:31 - 03769123 ____A C:\Users\Alex\Downloads\glut37.zip
2013-05-21 14:17 - 2013-05-21 14:17 - 00148256 ____A C:\Users\Alex\Downloads\Revision.pptx
2013-05-21 00:38 - 2013-05-21 00:38 - 00003584 ____A C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-19 20:11 - 2013-05-22 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ACS
2013-05-19 18:11 - 2013-05-19 18:11 - 00188477 ____A C:\Users\Alex\Downloads\Colorpicker.exe
2013-05-18 15:53 - 2013-05-18 15:53 - 00460832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 13:12 - 2013-05-18 13:12 - 00000000 ____D C:\Users\Alex\Downloads\Skyrim topographic map-36159-1-0
2013-05-16 16:17 - 2013-04-09 06:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-16 16:17 - 2013-04-09 06:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-16 16:17 - 2013-04-09 06:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-16 16:17 - 2013-04-09 05:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-16 16:17 - 2013-04-09 05:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-16 16:17 - 2013-04-09 05:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-16 16:17 - 2013-04-09 05:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-16 16:17 - 2013-04-09 05:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-16 16:17 - 2013-04-09 05:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-16 16:17 - 2013-04-09 05:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-16 16:17 - 2013-04-09 03:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-16 16:17 - 2013-04-09 00:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-16 16:17 - 2013-04-08 22:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-16 16:17 - 2013-04-08 22:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-16 16:17 - 2013-04-08 22:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-16 16:17 - 2013-04-08 22:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-16 16:17 - 2013-04-08 22:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-16 16:17 - 2013-04-08 22:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-16 16:17 - 2013-04-08 22:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-16 16:17 - 2013-04-08 22:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-16 16:17 - 2013-04-08 22:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-16 16:16 - 2013-04-09 06:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-16 16:16 - 2013-04-09 06:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-16 16:16 - 2013-04-09 06:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-16 16:16 - 2013-04-09 06:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-16 16:16 - 2013-04-09 05:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-16 16:16 - 2013-04-09 05:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-16 16:16 - 2013-04-09 05:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-16 16:16 - 2013-04-09 05:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-16 16:16 - 2013-04-09 05:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-16 16:16 - 2013-04-09 05:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-16 16:16 - 2013-04-09 05:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-16 16:16 - 2013-04-09 05:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-16 16:16 - 2013-04-09 05:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-16 16:16 - 2013-04-09 05:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-16 16:16 - 2013-04-09 05:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-16 16:16 - 2013-04-09 05:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 16:16 - 2013-04-09 05:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-16 16:16 - 2013-04-09 05:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-16 16:16 - 2013-04-09 03:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-16 16:16 - 2013-04-09 03:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-16 16:16 - 2013-04-09 03:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-16 16:16 - 2013-04-09 03:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-16 16:16 - 2013-04-09 03:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-16 16:16 - 2013-04-09 03:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-16 16:16 - 2013-04-09 03:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-16 16:16 - 2013-04-09 00:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-16 16:16 - 2013-04-09 00:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-16 16:16 - 2013-04-09 00:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-16 16:16 - 2013-04-08 22:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-16 16:16 - 2013-04-08 22:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-16 16:16 - 2013-04-08 22:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-16 16:16 - 2013-04-08 22:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-16 16:16 - 2013-04-08 22:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-16 16:16 - 2013-04-08 22:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-16 16:16 - 2013-04-08 22:51 - 00000000 ____A C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-16 16:16 - 2013-04-05 00:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-16 16:16 - 2013-04-02 23:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-16 16:16 - 2013-03-15 23:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-16 16:16 - 2012-12-13 04:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-15 00:19 - 2013-04-16 03:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 00:19 - 2013-04-10 00:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 00:19 - 2013-04-10 00:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 00:19 - 2013-04-10 00:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 00:19 - 2013-04-10 00:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 00:19 - 2013-04-10 00:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 00:19 - 2013-04-10 00:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 00:19 - 2013-04-10 00:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 00:19 - 2013-04-09 23:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 00:19 - 2013-04-09 23:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 00:19 - 2013-04-09 23:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 00:19 - 2013-04-09 23:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 00:19 - 2013-04-09 23:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 00:19 - 2013-04-09 23:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 00:19 - 2013-04-09 23:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 00:19 - 2013-04-09 23:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 00:19 - 2013-03-15 01:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-15 00:19 - 2013-03-06 08:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 00:19 - 2013-03-06 07:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 00:19 - 2013-03-06 06:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 00:19 - 2013-03-06 06:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 00:18 - 2013-03-22 04:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-15 00:18 - 2013-03-21 23:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-14 04:48 - 2013-05-14 04:48 - 00042677 ____A C:\Users\Alex\Desktop\mapeditbackup.txt
2013-05-14 04:12 - 2013-05-14 04:12 - 00232945 ____A C:\Users\Alex\Downloads\ois-v1-3.zip
2013-05-14 04:12 - 2013-05-14 04:12 - 00000000 ____D C:\Users\Alex\Downloads\ois-v1-3
2013-05-13 22:25 - 2013-01-31 05:51 - 00000000 ____D C:\Users\Alex\Downloads\boost_1_53_0
2013-05-13 22:22 - 2013-05-13 22:24 - 51680425 ____A C:\Users\Alex\Downloads\boost_1_53_0.7z
2013-05-13 22:20 - 2013-05-13 22:21 - 20999180 ____A C:\Users\Alex\Downloads\boost_1_53_0.zip
2013-05-13 22:20 - 2013-05-13 22:20 - 00195104 ____A C:\Users\Alex\Downloads\boost_1_51_setup.exe
2013-05-12 20:55 - 2013-05-12 21:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Litecoin
2013-05-04 04:05 - 2013-05-04 04:05 - 00015752 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-05-01 15:45 - 2013-05-01 15:45 - 00609190 ____A C:\Users\Alex\AppData\Roaming\Scorch_Install.log
2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Sibelius Software
2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\Sibelius Software
2013-04-28 01:59 - 2013-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-28 01:59 - 2013-04-28 01:59 - 00000000 ____D C:\Users\Alex\AppData\Local\Mozilla

==================== One Month Modified Files and Folders =======

2013-05-28 04:08 - 2013-05-28 04:08 - 00000000 ____D C:\FRST
2013-05-28 04:08 - 2013-05-28 04:07 - 01915616 ____A (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2013-05-28 04:01 - 2013-05-28 03:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-28 03:44 - 2013-05-28 03:44 - 00001438 ____A C:\Users\Alex\Desktop\RKreport[2]_D_05282013_02d0344.txt
2013-05-28 03:43 - 2013-05-28 03:43 - 00001385 ____A C:\Users\Alex\Desktop\RKreport[1]_S_05282013_02d0343.txt
2013-05-28 03:43 - 2013-05-28 03:40 - 00000000 ____D C:\Users\Alex\Desktop\RK_Quarantine
2013-05-28 03:40 - 2013-05-28 03:38 - 00791040 ____A C:\Users\Alex\Downloads\RogueKillerX64.exe
2013-05-28 03:35 - 2013-05-28 03:35 - 13169742 ____A C:\Users\Alex\Downloads\mbar-1.06.0.1003.zip
2013-05-28 03:35 - 2013-05-28 03:35 - 00000000 ____D C:\Users\Alex\Downloads\mbar-1.06.0.1003
2013-05-28 03:27 - 2013-04-19 11:00 - 00000000 ____D C:\Program Files\HexChat
2013-05-28 03:16 - 2013-05-28 03:16 - 00024658 ____A C:\Users\Alex\Downloads\attach.txt
2013-05-28 02:50 - 2013-05-28 02:50 - 00024658 ____A C:\Users\Alex\Desktop\attach.txt
2013-05-28 02:50 - 2013-05-28 02:50 - 00018119 ____A C:\Users\Alex\Desktop\dds.txt
2013-05-28 02:49 - 2013-05-28 02:48 - 00688992 ____R (Swearware) C:\Users\Alex\Downloads\dds.com
2013-05-28 02:44 - 2013-05-28 02:44 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-28 02:44 - 2013-05-28 02:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-28 02:44 - 2013-05-28 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-28 02:39 - 2013-05-28 02:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller.zip
2013-05-28 02:31 - 2013-05-28 02:31 - 02221422 ____A C:\Users\Alex\Downloads\tdsskiller (1).zip
2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller (1)
2013-05-28 02:31 - 2013-05-28 02:31 - 00000000 ____D C:\Users\Alex\Downloads\tdsskiller
2013-05-28 02:30 - 2013-05-28 02:30 - 02239840 ____A (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
2013-05-28 02:24 - 2013-05-28 02:24 - 00279152 ____A C:\Windows\Minidump\052813-6630-01.dmp
2013-05-28 02:24 - 2013-02-03 19:53 - 311139252 ____A C:\Windows\MEMORY.DMP
2013-05-28 02:24 - 2013-01-17 14:38 - 00000000 ____D C:\Windows\Minidump
2013-05-27 21:31 - 2013-05-27 21:28 - 106354688 ____A C:\Users\Alex\Downloads\avg_arl_cdi_all_120_130515a6325.iso
2013-05-27 21:25 - 2013-05-27 21:25 - 00279152 ____A C:\Windows\Minidump\052713-6505-01.dmp
2013-05-27 21:18 - 2013-05-27 21:18 - 00279152 ____A C:\Windows\Minidump\052713-9547-01.dmp
2013-05-27 20:12 - 2013-05-27 20:12 - 00000000 __SHD C:\found.000
2013-05-27 20:12 - 2013-01-15 17:22 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-27 20:09 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-27 20:07 - 2013-05-27 20:07 - 00295256 ____A C:\Windows\Minidump\052713-10717-02.dmp
2013-05-27 20:07 - 2013-05-27 20:07 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-27 20:02 - 2013-05-27 20:02 - 00295256 ____A C:\Windows\Minidump\052713-10717-01.dmp
2013-05-27 20:02 - 2013-05-27 20:02 - 00000000 __SHD C:\found.003
2013-05-27 19:51 - 2013-05-27 19:51 - 00000000 __SHD C:\found.002
2013-05-27 19:41 - 2013-05-27 19:41 - 00295312 ____A C:\Windows\Minidump\052713-8252-01.dmp
2013-05-27 19:38 - 2013-05-27 19:38 - 00295256 ____A C:\Windows\Minidump\052713-10623-01.dmp
2013-05-27 19:26 - 2013-05-27 19:25 - 00295312 ____A C:\Windows\Minidump\052713-10654-01.dmp
2013-05-27 19:25 - 2013-05-27 19:25 - 00015040 ____N C:\bootsqm.dat
2013-05-27 19:25 - 2013-05-27 19:25 - 00000000 __SHD C:\found.001
2013-05-27 19:15 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-05-27 15:18 - 2013-05-27 15:18 - 00295200 ____A C:\Windows\Minidump\052713-8736-01.dmp
2013-05-27 15:02 - 2013-01-15 17:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Spotify
2013-05-27 14:44 - 2013-01-15 15:37 - 01973107 ____A C:\Windows\WindowsUpdate.log
2013-05-27 14:37 - 2013-01-15 17:22 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-27 14:33 - 2013-01-15 17:55 - 00000000 ____D C:\Users\Alex\AppData\Local\Spotify
2013-05-27 05:30 - 2013-02-06 20:15 - 00000930 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806110622-1921348492-2089721076-1001UA.job
2013-05-27 01:30 - 2013-02-06 20:15 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806110622-1921348492-2089721076-1001Core.job
2013-05-26 03:33 - 2013-05-26 03:33 - 00000000 ____D C:\Users\Alex\Downloads\Old *** ****
2013-05-26 03:32 - 2013-05-26 03:31 - 21538188 ____A C:\Users\Alex\Downloads\Old *** ****.zip
2013-05-25 23:20 - 2013-01-19 04:13 - 00000000 ____D C:\Users\Alex\Backups
2013-05-25 23:16 - 2013-01-19 03:12 - 00000000 ____D C:\Program Files\CCleaner
2013-05-25 23:13 - 2013-05-25 23:13 - 04346816 ____A (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup401.exe
2013-05-25 13:00 - 2013-01-16 22:08 - 01273344 __ASH C:\Users\Alex\Desktop\Thumbs.db
2013-05-24 20:50 - 2013-05-24 20:50 - 00000000 ____D C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1
2013-05-24 20:49 - 2013-05-24 20:49 - 05498854 ____A C:\Users\Alex\Downloads\librocket_win32-vc9-source-1.2.1.zip
2013-05-24 20:48 - 2013-05-24 20:48 - 00000000 ____D C:\Users\Alex\Downloads\tutorials
2013-05-24 20:48 - 2013-05-24 20:47 - 00157173 ____A C:\Users\Alex\Downloads\tutorials.zip
2013-05-24 20:41 - 2013-05-24 20:41 - 00000000 ____D C:\Users\Alex\Downloads\MYGUI_3.2.0_win32
2013-05-24 20:34 - 2013-05-24 20:33 - 14383788 ____A C:\Users\Alex\Downloads\MyGUI_3.2.0.zip
2013-05-24 20:34 - 2013-05-24 20:32 - 11958671 ____A C:\Users\Alex\Downloads\MYGUI_3.2.0_win32.zip
2013-05-24 20:24 - 2013-05-24 20:24 - 02097004 ____A C:\Users\Alex\Downloads\GG-0.7.0.zip
2013-05-24 20:24 - 2013-05-24 20:24 - 00000000 ____D C:\Users\Alex\Downloads\GG-0.7.0
2013-05-24 19:21 - 2013-01-16 00:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-24 13:36 - 2013-05-24 13:36 - 01307915 ____A C:\Users\Alex\Downloads\tutors-win32.zip
2013-05-24 13:36 - 2013-05-24 13:36 - 00000000 ____D C:\Users\Alex\Downloads\tutors-win32
2013-05-24 08:48 - 2013-02-13 18:07 - 00000000 ____D C:\ws
2013-05-24 06:09 - 2013-05-24 06:09 - 01194855 ____A C:\Users\Alex\Downloads\glfw-2.7.8.zip
2013-05-24 06:09 - 2013-05-24 06:09 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8
2013-05-24 04:52 - 2013-02-15 22:11 - 00441856 __ASH C:\Users\Alex\Downloads\Thumbs.db
2013-05-24 04:51 - 2013-05-24 04:51 - 00000000 ____D C:\cppincludes
2013-05-24 04:45 - 2013-05-24 04:45 - 00714412 ____A C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64.zip
2013-05-24 04:45 - 2013-05-24 04:45 - 00000000 ____D C:\Users\Alex\Downloads\glfw-2.7.8.bin.WIN64
2013-05-24 04:31 - 2013-05-24 04:31 - 00272757 ____A C:\Users\Alex\Desktop\ai (5).zip
2013-05-24 04:31 - 2013-05-24 03:50 - 00000000 ____D C:\Users\Alex\Desktop\ai
2013-05-24 04:25 - 2013-05-24 04:25 - 00175297 ____A C:\Users\Alex\Desktop\ai (4).zip
2013-05-24 04:05 - 2013-05-24 04:05 - 00175404 ____A C:\Users\Alex\Desktop\ai (3).zip
2013-05-24 03:53 - 2013-05-24 03:53 - 00082896 ____A C:\Users\Alex\Desktop\ai (2).zip
2013-05-24 03:51 - 2013-05-24 03:51 - 00818780 ____A C:\Users\Alex\Desktop\ai.zip
2013-05-23 22:45 - 2013-05-23 22:45 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-05-23 22:33 - 2013-05-23 22:33 - 00000000 ____D C:\Users\Alex\Downloads\glut37
2013-05-23 22:31 - 2013-05-23 22:31 - 03769123 ____A C:\Users\Alex\Downloads\glut37.zip
2013-05-23 19:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-05-22 22:00 - 2013-01-16 00:17 - 00000000 ____D C:\Users\Alex\Documents\Eclipse
2013-05-22 21:57 - 2013-01-16 00:17 - 00000000 ____D C:\Users\Alex\AppData\Local\Eclipse
2013-05-22 21:56 - 2013-01-16 00:05 - 00000000 ____D C:\Program Files\eclipse
2013-05-22 21:36 - 2013-02-13 17:28 - 00000000 ___SD C:\Users\Alex\Google Drive
2013-05-22 21:35 - 2013-05-19 20:11 - 00000000 ____D C:\Users\Alex\Desktop\ACS
2013-05-22 21:35 - 2013-04-08 16:25 - 00000000 ____D C:\Users\Alex\Downloads\Torrents
2013-05-22 19:09 - 2013-01-16 03:02 - 00000000 ____D C:\Users\Alex\Documents\# Uni
2013-05-21 14:17 - 2013-05-21 14:17 - 00148256 ____A C:\Users\Alex\Downloads\Revision.pptx
2013-05-21 00:38 - 2013-05-21 00:38 - 00003584 ____A C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-20 21:05 - 2013-04-07 18:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-05-20 16:25 - 2013-03-25 00:33 - 00000000 ____D C:\Users\Alex\AppData\Local\Skyrim
2013-05-20 14:11 - 2013-04-08 16:23 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2013-05-19 18:11 - 2013-05-19 18:11 - 00188477 ____A C:\Users\Alex\Downloads\Colorpicker.exe
2013-05-19 18:01 - 2013-01-15 18:16 - 00000000 ____D C:\Users\Alex\Documents\Visual Studio 2012
2013-05-18 15:53 - 2013-05-18 15:53 - 00460832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 15:09 - 2013-03-28 19:39 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-05-18 14:25 - 2013-01-16 01:34 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MediaMonkey
2013-05-18 13:12 - 2013-05-18 13:12 - 00000000 ____D C:\Users\Alex\Downloads\Skyrim topographic map-36159-1-0
2013-05-16 17:38 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-05-16 17:02 - 2013-01-15 15:37 - 00000000 ____D C:\users\Alex
2013-05-16 17:02 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-16 17:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-05-16 17:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\en-GB
2013-05-15 00:28 - 2013-01-15 17:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 00:25 - 2013-01-15 15:51 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 04:48 - 2013-05-14 04:48 - 00042677 ____A C:\Users\Alex\Desktop\mapeditbackup.txt
2013-05-14 04:12 - 2013-05-14 04:12 - 00232945 ____A C:\Users\Alex\Downloads\ois-v1-3.zip
2013-05-14 04:12 - 2013-05-14 04:12 - 00000000 ____D C:\Users\Alex\Downloads\ois-v1-3
2013-05-13 22:24 - 2013-05-13 22:22 - 51680425 ____A C:\Users\Alex\Downloads\boost_1_53_0.7z
2013-05-13 22:21 - 2013-05-13 22:20 - 20999180 ____A C:\Users\Alex\Downloads\boost_1_53_0.zip
2013-05-13 22:20 - 2013-05-13 22:20 - 00195104 ____A C:\Users\Alex\Downloads\boost_1_51_setup.exe
2013-05-12 21:04 - 2013-05-12 20:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Litecoin
2013-05-12 16:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\NDF
2013-05-10 22:41 - 2013-02-01 02:06 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-05-10 21:06 - 2013-02-01 02:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-10 21:06 - 2013-02-01 02:06 - 00000000 ____D C:\ProgramData\Skype
2013-05-10 11:30 - 2013-04-23 11:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Mozilla
2013-05-09 15:14 - 2013-04-05 21:33 - 00000000 ____D C:\Users\Alex\Downloads\PDF Version - A4-17893
2013-05-09 15:14 - 2013-01-22 02:41 - 00027648 __ASH C:\Users\Alex\Documents\Thumbs.db
2013-05-09 15:13 - 2013-01-16 03:07 - 00000000 ____D C:\Users\Alex\Programming
2013-05-07 21:07 - 2012-07-26 09:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-07 21:07 - 2012-07-26 09:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-04 04:05 - 2013-05-04 04:05 - 00015752 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-05-04 04:05 - 2013-01-21 15:00 - 00000000 ____D C:\Users\Alex\.gimp-2.8
2013-05-01 23:14 - 2013-01-16 03:06 - 00000000 ____D C:\Users\Alex\Documents\Cards, Letters
2013-05-01 22:15 - 2013-01-22 04:35 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2013-05-01 18:00 - 2013-01-16 16:26 - 00127944 ____A C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-01 15:45 - 2013-05-01 15:45 - 00609190 ____A C:\Users\Alex\AppData\Roaming\Scorch_Install.log
2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Sibelius Software
2013-05-01 15:45 - 2013-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\Sibelius Software
2013-05-01 15:45 - 2013-04-28 01:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-30 01:20 - 2013-01-16 02:55 - 00000000 ____D C:\Users\Alex\AppData\Local\Paint.NET
2013-04-29 19:23 - 2013-01-15 15:37 - 00000000 ____D C:\Users\Alex\AppData\Local\Packages
2013-04-28 01:59 - 2013-04-28 01:59 - 00000000 ____D C:\Users\Alex\AppData\Local\Mozilla

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-23 17:23

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013
Ran by Alex at 2013-05-28 04:08:59 Run:
Running from C:\Users\Alex\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

Tools for .Net 3.5 (Version: 3.11.50727)
µTorrent (Version: 3.3.0.29462)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AC3Filter 2.5b (Version: 2.5b)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Android SDK Tools (Version: 1.16)
Anker Precision Laser Gaming Mouse version 1.1 (Version: 1.1)
Audacity 2.0.2 (Version: 2.0.2)
avast! Free Antivirus (Version: 8.0.1483.0)
Bandicam (Version: 1.8.6.321)
Bandisoft MPEG-1 Decoder
Bass Audio Decoder (remove only)
Batman: Arkham Asylum GOTY Edition
BBC iPlayer Desktop (Version: 3.2.15)
Belarc Advisor 8.3 (Version: 8.3.0.0)
Blend for Visual Studio 2012 (Version: 5.0.30709.0)
Blend for Visual Studio 2012 ENU resources (Version: 5.0.30709.0)
Blend for Visual Studio Add-in for Adobe FXG Import (Version: 1.0.40218.0)
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0)
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0)
Blender (Version: 2.66a)
CCleaner (Version: 4.01)
CD Audio Reader Filter (remove only)
CPUID CPU-Z 1.62.0
CrystalDiskMark 3.0.2d (Version: 3.0.2d)
D3DX10 (Version: 15.4.2368.0902)
DCoder Image Source (remove only)
DirectVobSub (remove only)
Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298)
DScaler 5 Mpeg Decoders
Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.21009.00)
ffdshow v1.2.4453 [2012-05-21] (Version: 1.2.4453.0)
FFMPEG Core Files (remove only)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
Foxit PDF Preview Handler (Version: 1.0.0)
Foxit Reader (Version: 6.0.2.413)
Gabest MPEG Splitter (remove only)
Geeks3D.com FurMark 1.10.6
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 27.0.1453.94)
Google Drive (Version: 1.9.4536.8202)
Google Talk Plugin (Version: 3.19.1.13088)
Google Update Helper (Version: 1.3.21.145)
GPL Ghostscript (Version: 9.06)
Haali Media Splitter
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 11 (64-bit) (Version: 1.7.0.110)
JavaScript Tooling (Version: 11.0.60315)
LAME v3.99.3 (for Windows)
LAV Filters 0.55.3 (Version: 0.55.3)
LocalESPC (Version: 8.59.25584)
LocalESPCui for en-us (Version: 8.59.25584)
MadVR (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20525.0)
Microsoft Expression Blend SDK for Silverlight 4 (Version: 2.0.20525.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 2.0 (Version: 2.0.50727)
Microsoft NuGet - Visual Studio 2012 (Version: 2.0.30625.9003)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Portable Library Multi-Targeting Pack (Version: 11.0.60130.00)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (Version: 11.0.50709.17929)
Microsoft Report Viewer Add-On for Visual Studio 2012 (Version: 11.1.2802.16)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service (Version: 11.0.2100.60)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server System CLR Types (Version: 10.50.1600.1)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft System CLR Types for SQL Server 2012 (Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (Version: 11.0.60315)
Microsoft Visual C++ 2012 Compilers - ENU Resources (Version: 11.0.60315)
Microsoft Visual C++ 2012 Compilers (Version: 11.0.60315)
Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.51106)
Microsoft Visual C++ 2012 Extended Libraries (Version: 11.0.60315)
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86-x64 Compilers (Version: 11.0.60315)
Microsoft Visual Studio 2012 Devenv (Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv Resources (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 Preparation (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Resources (Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1)
Microsoft Visual Studio Professional 2012 - ENU (Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (Version: 11.0.50727.1)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.60315)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.60315)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (Version: 11.0.50727)
Microsoft Web Deploy dbSqlPackage Provider - enu (Version: 10.3.20225.0)
Morrowind
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NetBeans IDE 7.2.1 (Version: 7.2.1)
Network Addon Mod 31 (Version: 31)
Nexus Mod Manager (Version: 0.44.13)
Notepad++ (Version: 6.3.2)
NVIDIA 3D Vision Driver 310.90 (Version: 310.90)
NVIDIA Control Panel 310.90 (Version: 310.90)
NVIDIA Display Control Panel (Version: 6.14.11.9716)
NVIDIA Drivers (Version: 1.10)
NVIDIA Graphics Driver 310.90 (Version: 310.90)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA MediaShield (Version: 11.1.0.43)
NVIDIA Performance (Version: 6.5)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA System Monitor (Version: 6.5)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenHaptics Academic edition v3.10.5
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paint.NET v3.5.10 (Version: 3.60.0)
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 10.0)
PHANToM Device Drivers
Photo Common (Version: 16.4.3505.0912)
Photo Gallery (Version: 16.4.3505.0912)
Picasa 3 (Version: 3.9)
PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1)
Realtek High Definition Audio Driver (Version: 6.0.1.5939)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (Version: 6.2.0)
Sky Go Desktop
Skype™ 6.3 (Version: 6.3.105)
Spotify (Version: 0.9.0.133.gd18ed589)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.0.3)
The Elder Scrolls V: Skyrim
Unity Web Player (Version: )
Update for (KB2504637) (Version: 1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2012 (KB2781514) (Version: 11.0.50727)
Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727)
Visual Studio 2012 Prerequisites (Version: 11.0.50727)
Visual Studio 2012 Update 2 (KB2707250) (Version: 11.0.60315)
Visual Studio Extensions for Windows Library for JavaScript (Version: 1.0.9201.20602)
VLC media player 2.0.6 (Version: 2.0.6)
WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (Version: 4.1.61829.0)
Windows App Certification Kit Native Components (Version: 8.59.29736)
Windows App Certification Kit x64 (Version: 8.59.29750)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Runtime Intellisense Content - en-us (Version: 8.59.25584)
Windows Software Development Kit (Version: 8.59.25584)
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584)
Windows XP Targeting with C++ (Version: 11.0.51106)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Zoom Player (remove only)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2013 08:11:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1216.

Error: (05/27/2013 08:11:35 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: Database recovery/restore failed with unexpected error -1216.

Error: (05/27/2013 08:11:35 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\UIAnimation.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.

Program: Windows Explorer
File: C:\Windows\System32\UIAnimation.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\uxtheme.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program NVIDIA nTune Command because of this error.

Program: NVIDIA nTune Command
File: C:\Windows\System32\uxtheme.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files\Synaptics\SynTP\SynTPEnh.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Synaptics TouchPad Enhancements because of this error.

Program: Synaptics TouchPad Enhancements
File: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\actxprxy.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Sync Center because of this error.

Program: Microsoft Sync Center
File: C:\Windows\System32\actxprxy.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16433, time stamp: 0x50763312
Faulting module name: ntdll.dll, version: 6.2.9200.16579, time stamp: 0x51637f77
Exception code: 0xc0000006
Fault offset: 0x000000000001b00a
Faulting process ID: 0xd70
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report ID: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\BFE.DLL for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\BFE.DLL

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (05/27/2013 07:39:29 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\Faultrep.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\Faultrep.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3


System errors:
=============
Error: (05/28/2013 04:08:43 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/28/2013 04:08:43 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/28/2013 04:08:43 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/28/2013 04:08:02 AM) (Source: DCOM) (User: ALEX-LAPTOP)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/28/2013 04:08:02 AM) (Source: DCOM) (User: ALEX-LAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/28/2013 04:07:53 AM) (Source: DCOM) (User: ALEX-LAPTOP)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/28/2013 04:07:53 AM) (Source: DCOM) (User: ALEX-LAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/28/2013 04:04:59 AM) (Source: DCOM) (User: ALEX-LAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/28/2013 04:03:43 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/28/2013 04:03:43 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-02-10 12:04:47.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-10 12:02:31.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 17:17:55.805
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 16:28:57.716
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 16:28:51.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 16:28:39.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 16:28:09.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 16:27:50.107
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 16:27:36.222
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-09 16:27:17.953
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3582.35 MB
Available physical RAM: 1867.01 MB
Total Pagefile: 8446.35 MB
Available Pagefile: 6573 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.23 GB) (Free:49.32 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 452E0C5F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
I don't see much there.

Is the computer operational in normal mode?
If not what exactly happens when you enter normal mode?

Judging from your computer errors you may have video driver issue.
That would be confirmed by no problem in safe mode where Windows loads its own generic driver.
 
Well I restarted back into safe mode. During shutdown I got a bluescreen with the error KERNAL_DATA_INPAGE_ERROR which is apparently related to RAM or a HDD (although I'm running an SSD).
However Avast still shows lots of entries. I've attached an image of the post-scan.

I will try rebooting into normal mode. I don't understand how this isn't related to an infection though, it all started less than a minute after loading a regular webpage of a website which had been obviously infected.
 

Attachments

  • avast.png
    avast.png
    55.1 KB · Views: 1
Most of those files look pretty legit to me.
Is your Avast up to date?

I still need to know...

Is the computer operational in normal mode?
If not what exactly happens when you enter normal mode?
Click to expand...
 
Hi, so I was having many blue screen issues and another forum dedicated to blue screen errors failed to find a solution, so I just reinstalled Windows. Another weird thing was that Windows became deactivated and refused to accept my original legit key code. I'm positive all of this happened right after I went to that website so I still believe I was infected somehow, but now I'll never know.

All is good now so you can close this thread. Thank you for your help and good luck in your future virus-slaying career!
 
You must log in or register to reply here.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
831
losdavos
losdavos
M
Virus warning popup
Replies
1
Views
542
Mark Fuller
M
Tekman777
Problems with Windows Update and Defender
Replies
0
Views
498
Tekman777
Tekman777

Latest posts

Back