Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 Ran by SYSTEM at 12-12-2012 16:47:28 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6561384 2010-12-14] (Realtek Semiconductor) HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10222080 2010-12-14] (Intel Corporation) HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.) HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] () HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-12-16] (cyberlink) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-19] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.) HKU\Michael\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-04] (Valve Corporation) HKU\Michael\...\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-16] (Google Inc.) HKU\Michael\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5664640 2012-10-10] (SUPERAntiSpyware.com) HKU\Michael\...\Run: [F.lux] "C:\Users\Michael\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-29] () HKU\Michael\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Michael\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd) HKU\Michael\...\Run: [googletalk] C:\Users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) HKU\Michael\...\Run: [Facebook Update] "C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-27] (Facebook Inc.) HKU\Michael\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] () HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks) AppInit_DLLs: C:\Windows\system32\nvinitx.dll SubSystems: [Windows] ATTENTION! ====> ZeroAccess Startup: C:\Users\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com) Startup: C:\Users\Michael\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Michael\Start Menu\Programs\Startup\GameStop Now.lnk ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\Impulse\Now\GameStopNow.exe (GameStop Corp.) Startup: C:\Users\Michael\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) =================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-10-10] (SUPERAntiSpyware.com) 2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () 2 sesvc; "C:\Program Files (x86)\ShadowExplorer\sesvc.exe" [9216 2011-01-02] (www.shadowexplorer.com) ==================== Drivers (Whitelisted) ===================== 3 BlackBox; C:\Windows\SysWow64\Drivers\BlackBox.sys [35712 2012-06-08] () 3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-09] (DT Soft Ltd) 1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2012-05-15] (NVIDIA Corporation) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-09] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-12 20:42 - 2012-12-12 20:42 - 00000000 ____D C:\Users\Michael\Documents\Crayon Physics Deluxe 2012-12-12 20:40 - 2012-12-12 20:42 - 00000000 ____D C:\Users\Michael\Application Data\Crayon Physics Deluxe 2012-12-12 20:40 - 2012-12-12 20:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Crayon Physics Deluxe 2012-12-12 16:47 - 2012-12-12 16:47 - 00000000 ____D C:\FRST 2012-12-11 18:49 - 2012-12-12 18:07 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-12-10 19:20 - 2012-12-10 19:20 - 00020500 ____A C:\Users\Michael\My Documents\Hist in film final.odt 2012-12-10 19:20 - 2012-12-10 19:20 - 00020500 ____A C:\Users\Michael\Documents\Hist in film final.odt 2012-12-10 18:23 - 2012-12-10 18:23 - 00025787 ____A C:\Users\Michael\My Documents\Holocaust final review.odt 2012-12-10 18:23 - 2012-12-10 18:23 - 00025787 ____A C:\Users\Michael\Documents\Holocaust final review.odt 2012-12-04 12:44 - 2012-12-04 12:44 - 02322184 ____A (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe 2012-12-04 12:31 - 2012-12-04 12:32 - 00752128 ____A C:\Users\Michael\Downloads\RogueKiller.exe 2012-12-03 07:40 - 2012-12-03 07:40 - 00000000 ____D C:\Users\Michael\Application Data\OpenDNS Updater 2012-12-03 07:40 - 2012-12-03 07:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\OpenDNS Updater 2012-12-03 07:40 - 2012-12-03 07:40 - 00000000 ____D C:\Program Files (x86)\OpenDNS Updater 2012-12-03 07:39 - 2012-12-03 07:39 - 00225336 ____A C:\Users\Michael\Downloads\OpenDNS-Updater-2.2.1.exe 2012-12-02 11:41 - 2012-12-02 11:41 - 00028649 ____A C:\Users\Michael\My Documents\Poland Essay.odt 2012-12-02 11:41 - 2012-12-02 11:41 - 00028649 ____A C:\Users\Michael\Documents\Poland Essay.odt 2012-12-01 00:12 - 2012-12-01 00:12 - 00593145 ____A C:\Users\Michael\Downloads\AK's Guide to Suits - Imgur.zip 2012-11-29 15:51 - 2012-11-29 15:58 - 100306673 ____A C:\Users\Michael\Downloads\darksiders-soundtrack-mp3.zip 2012-11-29 15:51 - 2012-11-29 15:55 - 39556220 ____A C:\Users\Michael\Downloads\saints_row_the_third-soundtrack-mp3.zip 2012-11-26 11:23 - 2012-11-26 11:23 - 00001638 ____A C:\Users\Michael\Downloads\Amazon-MP3-1353950618.amz 2012-11-26 11:22 - 2012-11-26 11:22 - 02964128 ____A C:\Users\Michael\Downloads\AmazonMP3DownloaderInstall.exe 2012-11-25 05:37 - 2012-11-25 05:44 - 142174071 ____A C:\Users\Michael\Downloads\Christine.zip 2012-11-21 02:48 - 2012-11-21 02:48 - 00000000 ____D C:\Program Files (x86)\Kerberos Productions 2012-11-21 02:47 - 2012-11-09 06:22 - 00000000 ____D C:\Users\Michael\Downloads\sots-thepit-pressdemo 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Michael\Local Settings\Sword of the Stars II 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\Sword of the Stars II 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Sword of the Stars II 2012-11-21 00:52 - 2012-11-21 00:52 - 00000000 ____D C:\Users\Michael\Local Settings\Kerberos_Productions 2012-11-21 00:52 - 2012-11-21 00:52 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\Kerberos_Productions 2012-11-21 00:52 - 2012-11-21 00:52 - 00000000 ____D C:\Users\Michael\AppData\Local\Kerberos_Productions 2012-11-21 00:50 - 2012-11-21 00:54 - 137106849 ____A C:\Users\Michael\Downloads\sots-thepit-alphademo.rar 2012-11-21 00:47 - 2010-02-04 12:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll 2012-11-21 00:47 - 2010-02-04 12:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2012-11-21 00:47 - 2010-02-04 12:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2012-11-21 00:47 - 2010-02-04 12:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll 2012-11-21 00:47 - 2010-02-04 12:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll 2012-11-21 00:47 - 2010-02-04 12:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2012-11-21 00:47 - 2010-02-04 12:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll 2012-11-21 00:47 - 2010-02-04 12:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll 2012-11-21 00:47 - 2009-09-04 19:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2012-11-20 19:55 - 2012-11-20 19:56 - 17025926 ____A C:\Users\Michael\Downloads\rents presentation(3).pptx 2012-11-20 19:55 - 2012-11-20 19:56 - 16921673 ____A C:\Users\Michael\Downloads\rents presentation(2) (1).pptx 2012-11-20 19:45 - 2012-11-20 19:46 - 16921673 ____A C:\Users\Michael\Downloads\rents presentation(2).pptx 2012-11-20 19:41 - 2012-11-20 19:45 - 134301696 ____A C:\Users\Michael\Downloads\YouPorn - Nervous college girl creampied.mpg 2012-11-15 05:12 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-15 05:12 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-15 05:12 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-15 05:12 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-15 05:05 - 2012-10-08 06:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-15 05:05 - 2012-10-08 05:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-15 05:05 - 2012-10-08 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-15 05:05 - 2012-10-08 05:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-15 05:05 - 2012-10-08 05:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-15 05:05 - 2012-10-08 05:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-15 05:05 - 2012-10-08 05:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-15 05:05 - 2012-10-08 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-15 05:05 - 2012-10-08 05:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-15 05:05 - 2012-10-08 05:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-15 05:05 - 2012-10-08 05:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-15 05:05 - 2012-10-08 05:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-15 05:05 - 2012-10-08 05:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-15 05:05 - 2012-10-08 05:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-15 05:05 - 2012-10-08 05:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-15 05:05 - 2012-10-08 05:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-15 05:05 - 2012-10-08 02:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-15 05:05 - 2012-10-08 02:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-15 05:05 - 2012-10-08 01:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-15 05:05 - 2012-10-08 01:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-15 05:05 - 2012-10-08 01:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-15 05:05 - 2012-10-08 01:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-15 05:05 - 2012-10-08 01:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-15 05:05 - 2012-10-08 01:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-15 05:05 - 2012-10-08 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-15 05:05 - 2012-10-08 01:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-15 05:05 - 2012-10-08 01:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-15 05:05 - 2012-10-08 01:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-15 05:05 - 2012-10-08 01:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-15 05:05 - 2012-10-08 01:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-15 05:05 - 2012-10-08 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-15 05:05 - 2012-10-08 01:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-15 05:01 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-11-15 05:01 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-11-15 05:01 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-11-15 05:01 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-11-15 05:01 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 05:01 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-11-15 05:01 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-11-15 05:01 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-11-15 04:54 - 2012-10-18 12:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-15 04:54 - 2012-10-09 12:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll 2012-11-15 04:54 - 2012-10-09 12:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll 2012-11-15 04:54 - 2012-10-09 11:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2012-11-15 04:54 - 2012-10-09 11:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2012-11-15 04:54 - 2012-10-03 11:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-11-15 04:53 - 2012-10-03 11:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2012-11-15 04:53 - 2012-10-03 11:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll 2012-11-15 04:53 - 2012-10-03 11:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2012-11-15 04:53 - 2012-10-03 11:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2012-11-15 04:53 - 2012-10-03 11:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll 2012-11-15 04:53 - 2012-10-03 11:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2012-11-15 04:53 - 2012-10-03 10:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2012-11-15 04:53 - 2012-10-03 10:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2012-11-15 04:53 - 2012-10-03 10:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2012-11-15 04:53 - 2012-10-03 10:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-11-15 04:53 - 2012-01-13 01:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2012-11-15 04:52 - 2012-09-25 16:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-11-15 04:52 - 2012-09-25 16:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-14 12:57 - 2012-11-14 12:58 - 04759552 ____A C:\Users\Michael\Downloads\conflict slides 480(1).ppt 2012-11-14 06:23 - 2012-11-14 06:23 - 00000000 ____D C:\Users\Michael\Local Settings\GameStop 2012-11-14 06:23 - 2012-11-14 06:23 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\GameStop 2012-11-14 06:23 - 2012-11-14 06:23 - 00000000 ____D C:\Users\Michael\AppData\Local\GameStop ==================== One Month Modified Files and Folders ======= 2012-12-12 20:42 - 2012-12-12 20:42 - 00000000 ____D C:\Users\Michael\My Documents\Crayon Physics Deluxe 2012-12-12 20:42 - 2012-12-12 20:42 - 00000000 ____D C:\Users\Michael\Documents\Crayon Physics Deluxe 2012-12-12 20:42 - 2012-12-12 20:40 - 00000000 ____D C:\Users\Michael\Application Data\Crayon Physics Deluxe 2012-12-12 20:42 - 2012-12-12 20:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Crayon Physics Deluxe 2012-12-12 18:08 - 2011-06-15 18:34 - 00000000 ____D C:\users\Michael 2012-12-12 18:07 - 2012-12-11 18:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-12-12 18:07 - 2012-11-09 19:04 - 00000000 ____D C:\Program Files (x86)\ESET 2012-12-12 18:07 - 2012-09-14 04:03 - 00000000 ____D C:\Users\Michael\Application Data\Skype 2012-12-12 18:07 - 2012-09-14 04:03 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2012-12-12 18:07 - 2012-05-22 00:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-12-12 18:07 - 2012-05-22 00:05 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy 2012-12-12 18:07 - 2011-12-09 15:41 - 00000000 ____D C:\Users\Michael\Local Settings\LogMeIn Hamachi 2012-12-12 18:07 - 2011-12-09 15:41 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\LogMeIn Hamachi 2012-12-12 18:07 - 2011-12-09 15:41 - 00000000 ____D C:\Users\Michael\AppData\Local\LogMeIn Hamachi 2012-12-12 18:07 - 2011-12-01 05:26 - 00000000 ____D C:\Windows\System32\Macromed 2012-12-12 18:07 - 2011-06-28 22:23 - 00000000 ____D C:\Users\Michael\Application Data\Azureus 2012-12-12 18:07 - 2011-06-28 22:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Azureus 2012-12-12 18:07 - 2011-06-16 12:56 - 00000000 ____D C:\Users\Michael\Application Data\SoftGrid Client 2012-12-12 18:07 - 2011-06-16 12:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SoftGrid Client 2012-12-12 18:07 - 2011-06-15 20:09 - 00000000 ____D C:\Program Files (x86)\Steam 2012-12-12 18:07 - 2011-06-15 18:37 - 00000000 ____D C:\Users\Michael\Application Data\Creative 2012-12-12 18:07 - 2011-06-15 18:37 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Creative 2012-12-12 18:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF 2012-12-12 18:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration 2012-12-12 17:43 - 2011-06-16 20:35 - 00000000 ____D C:\Users\Michael\Application Data\GameSave Manager 2 2012-12-12 17:43 - 2011-06-16 20:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\GameSave Manager 2 2012-12-12 16:47 - 2012-12-12 16:47 - 00000000 ____D C:\FRST 2012-12-12 05:00 - 2009-07-13 23:10 - 01341134 ____A C:\Windows\WindowsUpdate.log 2012-12-12 04:39 - 2012-01-09 21:42 - 00000000 ____D C:\Users\Michael\Application Data\.purple 2012-12-12 04:39 - 2012-01-09 21:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.purple 2012-12-12 04:22 - 2011-06-16 19:05 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4273797143-3659585412-3714812892-1001UA.job 2012-12-12 04:18 - 2012-05-09 20:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-12 04:13 - 2012-08-27 02:05 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273797143-3659585412-3714812892-1001UA.job 2012-12-12 04:11 - 2012-08-27 02:05 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273797143-3659585412-3714812892-1001Core.job 2012-12-12 02:34 - 2009-07-13 23:13 - 00780220 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-11 23:53 - 2012-09-23 18:15 - 00007634 ____A C:\Windows\setupact.log 2012-12-11 23:19 - 2011-06-16 19:05 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4273797143-3659585412-3714812892-1001Core.job 2012-12-11 00:54 - 2011-06-16 12:25 - 00000000 ____D C:\Users\Michael\Application Data\vlc 2012-12-11 00:54 - 2011-06-16 12:25 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2012-12-10 19:20 - 2012-12-10 19:20 - 00020500 ____A C:\Users\Michael\My Documents\Hist in film final.odt 2012-12-10 19:20 - 2012-12-10 19:20 - 00020500 ____A C:\Users\Michael\Documents\Hist in film final.odt 2012-12-10 18:23 - 2012-12-10 18:23 - 00025787 ____A C:\Users\Michael\My Documents\Holocaust final review.odt 2012-12-10 18:23 - 2012-12-10 18:23 - 00025787 ____A C:\Users\Michael\Documents\Holocaust final review.odt 2012-12-07 13:33 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-07 13:33 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-04 22:57 - 2012-04-15 21:03 - 00000000 ____D C:\Users\Michael\Downloads\save (Baldurs Gate) 2012-12-04 22:42 - 2011-06-09 18:02 - 00000000 ___RD C:\Program Files (x86)\Skype 2012-12-04 22:42 - 2011-06-09 18:02 - 00000000 ____D C:\Users\All Users\Skype 2012-12-04 22:42 - 2011-06-09 18:02 - 00000000 ____D C:\Users\All Users\Application Data\Skype 2012-12-04 21:09 - 2012-11-10 02:49 - 00002276 ____A C:\scu.dat 2012-12-04 21:07 - 2011-06-09 18:00 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2012-12-04 12:44 - 2012-12-04 12:44 - 02322184 ____A (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe 2012-12-04 12:37 - 2011-06-16 20:33 - 00000000 ___RD C:\Users\Michael\Dropbox 2012-12-04 12:37 - 2011-06-16 20:09 - 00000000 ____D C:\Users\Michael\Application Data\Dropbox 2012-12-04 12:37 - 2011-06-16 20:09 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2012-12-04 12:35 - 2011-06-15 18:36 - 00000000 ____D C:\Users\Michael\Local Settings\SoftThinks 2012-12-04 12:35 - 2011-06-15 18:36 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\SoftThinks 2012-12-04 12:35 - 2011-06-15 18:36 - 00000000 ____D C:\Users\Michael\AppData\Local\SoftThinks 2012-12-04 12:35 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-04 12:34 - 2011-06-09 19:19 - 00000000 ____D C:\Users\All Users\NVIDIA 2012-12-04 12:34 - 2011-06-09 19:19 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA 2012-12-04 12:34 - 2011-06-09 19:14 - 00174512 ____A C:\Windows\PFRO.log 2012-12-04 12:32 - 2012-12-04 12:31 - 00752128 ____A C:\Users\Michael\Downloads\RogueKiller.exe 2012-12-03 07:40 - 2012-12-03 07:40 - 00000000 ____D C:\Users\Michael\Application Data\OpenDNS Updater 2012-12-03 07:40 - 2012-12-03 07:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\OpenDNS Updater 2012-12-03 07:40 - 2012-12-03 07:40 - 00000000 ____D C:\Program Files (x86)\OpenDNS Updater 2012-12-03 07:39 - 2012-12-03 07:39 - 00225336 ____A C:\Users\Michael\Downloads\OpenDNS-Updater-2.2.1.exe 2012-12-03 07:34 - 2012-06-02 12:29 - 00000000 ____D C:\Users\Michael\Desktop\Games 2012-12-02 11:41 - 2012-12-02 11:41 - 00028649 ____A C:\Users\Michael\My Documents\Poland Essay.odt 2012-12-02 11:41 - 2012-12-02 11:41 - 00028649 ____A C:\Users\Michael\Documents\Poland Essay.odt 2012-12-02 00:48 - 2011-07-28 00:42 - 00000000 ____D C:\Users\Michael\Application Data\dvdcss 2012-12-02 00:48 - 2011-07-28 00:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\dvdcss 2012-12-01 00:12 - 2012-12-01 00:12 - 00593145 ____A C:\Users\Michael\Downloads\AK's Guide to Suits - Imgur.zip 2012-11-29 19:52 - 2011-06-16 00:50 - 00000000 ____D C:\Users\Michael\Local Settings\Audible 2012-11-29 19:52 - 2011-06-16 00:50 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\Audible 2012-11-29 19:52 - 2011-06-16 00:50 - 00000000 ____D C:\Users\Michael\AppData\Local\Audible 2012-11-29 15:58 - 2012-11-29 15:51 - 100306673 ____A C:\Users\Michael\Downloads\darksiders-soundtrack-mp3.zip 2012-11-29 15:55 - 2012-11-29 15:51 - 39556220 ____A C:\Users\Michael\Downloads\saints_row_the_third-soundtrack-mp3.zip 2012-11-26 11:23 - 2012-11-26 11:23 - 00001638 ____A C:\Users\Michael\Downloads\Amazon-MP3-1353950618.amz 2012-11-26 11:22 - 2012-11-26 11:22 - 02964128 ____A C:\Users\Michael\Downloads\AmazonMP3DownloaderInstall.exe 2012-11-25 05:44 - 2012-11-25 05:37 - 142174071 ____A C:\Users\Michael\Downloads\Christine.zip 2012-11-24 00:21 - 2011-06-15 22:37 - 00000000 ____D C:\Users\Michael\Desktop\Computer 2012-11-23 08:05 - 2011-11-21 05:48 - 00010854 ____A C:\Windows\gloria.dat 2012-11-23 06:54 - 2012-06-02 14:04 - 00000000 ____D C:\Users\Michael\Desktop\Fitness 2012-11-23 00:41 - 2012-03-24 12:09 - 00000000 ____D C:\Users\Michael\Desktop\Wallpaper 2012-11-22 00:56 - 2011-06-28 22:23 - 00000000 ____D C:\Program Files (x86)\Vuze 2012-11-21 02:48 - 2012-11-21 02:48 - 00000000 ____D C:\Program Files (x86)\Kerberos Productions 2012-11-21 00:54 - 2012-11-21 00:50 - 137106849 ____A C:\Users\Michael\Downloads\sots-thepit-alphademo.rar 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Michael\Local Settings\Sword of the Stars II 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\Sword of the Stars II 2012-11-21 00:53 - 2012-11-21 00:53 - 00000000 ____D C:\Users\Michael\AppData\Local\Sword of the Stars II 2012-11-21 00:52 - 2012-11-21 00:52 - 00000000 ____D C:\Users\Michael\Local Settings\Kerberos_Productions 2012-11-21 00:52 - 2012-11-21 00:52 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\Kerberos_Productions 2012-11-21 00:52 - 2012-11-21 00:52 - 00000000 ____D C:\Users\Michael\AppData\Local\Kerberos_Productions 2012-11-20 19:56 - 2012-11-20 19:55 - 17025926 ____A C:\Users\Michael\Downloads\rents presentation(3).pptx 2012-11-20 19:56 - 2012-11-20 19:55 - 16921673 ____A C:\Users\Michael\Downloads\rents presentation(2) (1).pptx 2012-11-20 19:46 - 2012-11-20 19:45 - 16921673 ____A C:\Users\Michael\Downloads\rents presentation(2).pptx 2012-11-20 19:45 - 2012-11-20 19:41 - 134301696 ____A C:\Users\Michael\Downloads\YouPorn - Nervous college girl creampied.mpg 2012-11-17 21:42 - 2011-06-15 18:34 - 00068352 ____A C:\Users\Michael\Local Settings\GDIPFONTCACHEV1.DAT 2012-11-17 21:42 - 2011-06-15 18:34 - 00068352 ____A C:\Users\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-11-17 21:42 - 2011-06-15 18:34 - 00068352 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-17 21:35 - 2009-07-13 22:45 - 00306280 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-15 05:03 - 2011-06-20 06:04 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-14 12:58 - 2012-11-14 12:57 - 04759552 ____A C:\Users\Michael\Downloads\conflict slides 480(1).ppt 2012-11-14 06:23 - 2012-11-14 06:23 - 00000000 ____D C:\Users\Michael\Local Settings\GameStop 2012-11-14 06:23 - 2012-11-14 06:23 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\GameStop 2012-11-14 06:23 - 2012-11-14 06:23 - 00000000 ____D C:\Users\Michael\AppData\Local\GameStop 2012-11-14 06:23 - 2011-12-12 04:34 - 00000000 ____D C:\Program Files (x86)\Impulse 2012-11-13 01:50 - 2012-03-01 19:33 - 00000000 ____D C:\Users\Michael\Desktop\School docs ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-11 17:08:55 Restore point made on: 2012-12-12 05:00:41 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6058.17 MB Available physical RAM: 5372.59 MB Total Pagefile: 6056.32 MB Available Pagefile: 5368.98 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:2.71 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.23 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive e: (INCEPTION) (CDROM) (Total:39.58 GB) (Free:0 GB) UDF 4 Drive f: (USB Disk) (Removable) (Total:14.92 GB) (Free:12.37 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 101 MB 31 KB Partition 2 Primary 14 GB 102 MB Partition 3 Primary 581 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 101 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D RECOVERY NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 581 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 1104 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F USB Disk FAT32 Removable 14 GB Healthy ========================================================= Last Boot: 2012-12-06 06:12 ==================== End Of Log =============================