Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01 Ran by SYSTEM at 26-12-2012 20:35:31 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2207848 2011-03-20] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [dlcxmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [292336 2007-01-12] () HKLM\...\Run: [MemoryCardManager] "C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe" [304008 2006-11-03] () HKLM\...\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll,RunDLLEntry [31744 2006-10-15] () HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [40448 2011-02-24] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt [x] HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [FaxCenterServer] "C:\Program Files (x86)\Dell PC Fax\fm3032.exe" /s [312200 2006-11-03] () HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] () HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [x] HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security)) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] () HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-03] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [SMessaging] C:\Users\Chris\AppData\Local\Strongvault Online Backup\SMessaging.exe [x] HKU\Chris\...\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-15] (Google Inc.) HKU\Chris\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited) HKU\Chris\...\Run: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\Chris\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.) HKU\Chris\...\Run: [uTorrent] "C:\Users\Chris\Downloads\utorrent.exe" /MINIMIZED [896912 2012-09-24] (BitTorrent, Inc.) HKU\Chris\...\Run: [YahooPartnerToolbar] rundll32.exe C:\Users\Chris\AppData\Local\YahooPartnerToolbar\xttftlnq.dll,ir_fe_ocr_post_last [299520 2012-12-03] (LEAD Technologies, Inc.) HKU\Chris\...\Run: [ChromeFrameHelper] "C:\Users\Chris\AppData\Local\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.exe" --startup [82024 2012-12-04] (Google Inc.) HKU\Chris\...\Run: [Akamai NetSession Interface] "C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe, HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$091fbdab0ea6f4f093d675bc0a09ff6e\n. ATTENTION! ====> ZeroAccess Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll Startup: C:\Users\Chris\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Chris\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) 2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS) 2 dlcx_device; C:\Windows\system32\dlcxcoms.exe -service [561152 2006-10-11] ( ) 2 dlcx_device; C:\Windows\SysWow64\dlcxcoms.exe -service [532480 2006-10-11] ( ) 2 LicCtrlService; C:\Windows\runservice.exe [2560 2011-10-11] () 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () ==================== Drivers (Whitelisted) ===================== 0 a5c0220020f8c5; C:\Windows\System32\Drivers\a5c0220020f8c5.sys [84416 2012-12-26] () 1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies) 3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic) 3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( ) 3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider) 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 3 X6va001; \??\C:\Users\Chris\AppData\Local\Temp\00152D7.tmp [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-26 19:50 - 2012-12-26 19:50 - 00000000 ____D C:\FRST 2012-12-26 18:22 - 2012-12-26 18:23 - 00000000 ____D C:\Windows\System32\config\mybackup 2012-12-26 17:45 - 2012-12-26 17:45 - 00000000 __SHD C:\found.000 2012-12-26 14:40 - 2012-12-26 14:40 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nsfsgrnn.sys 2012-12-26 14:38 - 2012-12-26 14:38 - 00001150 ____A C:\Users\Chris\Downloads\wscsvc(64).zip 2012-12-26 14:18 - 2012-12-26 14:18 - 00001945 ____A C:\Windows\epplauncher.mif 2012-12-26 14:17 - 2012-12-26 14:17 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-12-26 14:17 - 2012-12-26 14:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-12-26 14:16 - 2012-12-26 14:17 - 13529576 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\mseinstall.exe 2012-12-26 14:06 - 2012-12-26 14:06 - 00347424 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\MicrosoftFixit.wu.RNP.23279986793300617.1.1.Run.exe 2012-12-26 13:20 - 2012-12-26 13:20 - 00000000 ____D C:\Users\All Users\SweetIM 2012-12-26 13:20 - 2012-12-26 13:20 - 00000000 ____D C:\Program Files (x86)\SweetIM 2012-12-26 13:19 - 2012-12-26 13:19 - 00373432 ____A (Softonic) C:\Users\Chris\Downloads\SoftonicDownloader_para_autoruns.exe 2012-12-26 10:56 - 2012-12-26 12:40 - 4185672904 ____A (Nexon) C:\Users\Chris\Downloads\VindictusSetupV166.exe 2012-12-26 00:31 - 2012-12-26 00:37 - 00000033 ____A C:\Windows\GunzLauncher.INI 2012-12-26 00:31 - 2012-12-26 00:31 - 00000000 ____D C:\Users\Chris\Documents\Gunz 2012-12-26 00:31 - 2012-03-06 07:41 - 00005265 ____A C:\Windows\SysWOW64\nppt9x.vxd 2012-12-26 00:31 - 2012-03-06 07:41 - 00004774 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys 2012-12-26 00:31 - 2012-03-06 07:36 - 04199520 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des 2012-12-26 00:30 - 2012-12-26 00:30 - 00000000 ____D C:\Program Files\Common Files\INCA Shared 2012-12-26 00:29 - 2012-12-26 00:29 - 00000000 ____D C:\Users\Chris\AppData\Local\Aeria Games 2012-12-26 00:29 - 2012-12-26 00:29 - 00000000 ____D C:\Users\All Users\Aeria Games 2012-12-26 00:28 - 2012-12-26 00:28 - 00000000 ____D C:\Program Files (x86)\Aeria Games 2012-12-26 00:21 - 2012-12-26 00:21 - 00539232 ____A (Aeria Games & Entertainment) C:\Users\Chris\Downloads\gunz_us_downloader.exe 2012-12-26 00:20 - 2012-12-26 00:28 - 00000000 ____D C:\AeriaGames 2012-12-26 00:20 - 2012-12-26 00:21 - 00000000 ____D C:\Users\Chris\AppData\Local\Akamai 2012-12-26 00:20 - 2012-12-26 00:20 - 00500320 ____A (Aeria Games & Entertainment) C:\Users\Chris\Downloads\strongholdkingdoms_us_downloader.exe 2012-12-22 01:20 - 2012-12-26 12:07 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Raptr 2012-12-22 01:20 - 2012-12-26 12:07 - 00000000 ____D C:\Program Files (x86)\Raptr 2012-12-21 19:42 - 2012-12-21 19:42 - 00023040 ____H C:\Users\Chris\Documents\~WRL2276.tmp 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Program Files\iTunes 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Program Files\iPod 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-21 19:23 - 2012-12-21 19:23 - 00000000 ____D C:\Program Files (x86)\QuickTime 2012-12-21 01:57 - 2012-12-21 01:57 - 04350224 ____A C:\Users\Chris\Downloads\ogpdownload_lostsaga(1).exe 2012-12-17 21:02 - 2012-12-17 21:02 - 00297144 ____A C:\Windows\Minidump\121812-38345-01.dmp 2012-12-13 08:40 - 2012-12-13 08:40 - 16363960 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-12-12 16:53 - 2012-12-12 16:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Strongvault 2012-12-12 16:52 - 2012-12-12 16:52 - 00000000 ____D C:\Users\Chris\AppData\Local\Stronghold_LLC 2012-12-12 16:51 - 2012-12-12 17:20 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Youtube Downloader HD 2012-12-12 16:51 - 2012-12-12 16:51 - 00000000 ____D C:\Program Files (x86)\Youtube Downloader HD 2012-12-12 16:49 - 2012-12-12 16:49 - 04705048 ____A (YoutubeDownloaderHD.com ) C:\Users\Chris\Downloads\youtube_downloader_hd_setup.exe 2012-12-11 14:39 - 2012-12-11 14:39 - 15523012 ____A C:\Users\Chris\Downloads\Chris Munar - Up DELETE.wav 2012-12-04 17:29 - 2012-12-04 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-04 01:48 - 2012-12-04 01:56 - 00000000 ____D C:\Users\Chris\Downloads\The Walking Dead CBRs 2012-12-02 11:12 - 2012-12-02 11:14 - 00000000 ____D C:\Users\All Users\Norton 2012-12-01 11:05 - 2012-12-01 11:05 - 00000000 ____D C:\Users\Chris\Downloads\Drivers.com 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Users\Chris\AppData\Local\PC_Drivers_Headquarters 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Users\All Users\UAB 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Users\All Users\Drivers.com 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Program Files (x86)\Drivers.com 2012-12-01 11:03 - 2012-12-01 11:03 - 01190744 ____A (Drivers.com ) C:\Users\Chris\Downloads\driverscom.exe 2012-12-01 11:03 - 2012-12-01 11:03 - 01190744 ____A (Drivers.com ) C:\Users\Chris\Downloads\driverscom(1).exe 2012-12-01 10:46 - 2012-12-01 10:46 - 00347424 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\MicrosoftFixit.dvd.RNP.135277814807527505.2.1.Run.exe 2012-12-01 10:39 - 2012-12-01 10:39 - 07217800 ____A (Power Software Ltd) C:\Users\Chris\Downloads\PowerISO5(1).exe 2012-11-26 13:03 - 2012-11-26 13:03 - 13404680 ____A C:\Users\Chris\Downloads\Chris Munar - We In The Club DELETE.wav ==================== One Month Modified Files and Folders ======= 2012-12-26 19:50 - 2012-12-26 19:50 - 00000000 ____D C:\FRST 2012-12-26 18:23 - 2012-12-26 18:22 - 00000000 ____D C:\Windows\System32\config\mybackup 2012-12-26 17:45 - 2012-12-26 17:45 - 00000000 __SHD C:\found.000 2012-12-26 14:42 - 2011-08-15 18:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype 2012-12-26 14:40 - 2012-12-26 14:40 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nsfsgrnn.sys 2012-12-26 14:40 - 2012-09-05 14:12 - 00084416 ____A C:\Windows\System32\Drivers\a5c0220020f8c5.sys 2012-12-26 14:40 - 2012-05-15 08:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-26 14:38 - 2012-12-26 14:38 - 00001150 ____A C:\Users\Chris\Downloads\wscsvc(64).zip 2012-12-26 14:22 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-26 14:22 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-26 14:18 - 2012-12-26 14:18 - 00001945 ____A C:\Windows\epplauncher.mif 2012-12-26 14:18 - 2012-11-06 21:27 - 00057756 ____A C:\Windows\WindowsUpdate.log 2012-12-26 14:17 - 2012-12-26 14:17 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-12-26 14:17 - 2012-12-26 14:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-12-26 14:17 - 2012-12-26 14:16 - 13529576 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\mseinstall.exe 2012-12-26 14:15 - 2011-08-15 18:17 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-519376442-23588699-1961641363-1000UA.job 2012-12-26 14:08 - 2009-07-13 21:13 - 00782748 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-26 14:06 - 2012-12-26 14:06 - 00347424 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\MicrosoftFixit.wu.RNP.23279986793300617.1.1.Run.exe 2012-12-26 14:04 - 2011-11-29 21:31 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Dropbox 2012-12-26 14:03 - 2011-10-11 17:11 - 00000737 __ASH C:\Windows\SysWOW64\mmf.sys 2012-12-26 14:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-26 14:02 - 2012-11-06 21:22 - 00006966 ____A C:\Windows\setupact.log 2012-12-26 13:52 - 2012-11-06 21:22 - 00016138 ____A C:\Windows\PFRO.log 2012-12-26 13:52 - 2012-05-14 09:11 - 00045056 ____A C:\Windows\System32\acovcnt.exe 2012-12-26 13:20 - 2012-12-26 13:20 - 00000000 ____D C:\Users\All Users\SweetIM 2012-12-26 13:20 - 2012-12-26 13:20 - 00000000 ____D C:\Program Files (x86)\SweetIM 2012-12-26 13:20 - 2012-06-14 20:54 - 00000000 ____D C:\Users\Chris\Tracing 2012-12-26 13:19 - 2012-12-26 13:19 - 00373432 ____A (Softonic) C:\Users\Chris\Downloads\SoftonicDownloader_para_autoruns.exe 2012-12-26 13:09 - 2012-01-10 18:56 - 00000000 ____D C:\Users\All Users\NexonUS 2012-12-26 12:47 - 2012-01-10 19:01 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1 2012-12-26 12:40 - 2012-12-26 10:56 - 4185672904 ____A (Nexon) C:\Users\Chris\Downloads\VindictusSetupV166.exe 2012-12-26 12:12 - 2011-10-24 20:00 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-519376442-23588699-1961641363-1000UA.job 2012-12-26 12:07 - 2012-12-22 01:20 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Raptr 2012-12-26 12:07 - 2012-12-22 01:20 - 00000000 ____D C:\Program Files (x86)\Raptr 2012-12-26 12:00 - 2012-01-10 18:01 - 00000000 ____D C:\Users\Chris\AppData\Local\PMB Files 2012-12-26 12:00 - 2012-01-10 18:00 - 00000000 ____D C:\Users\All Users\PMB Files 2012-12-26 11:04 - 2011-08-29 21:55 - 00000000 ____D C:\Program Files (x86)\Steam 2012-12-26 11:01 - 2012-01-10 18:57 - 00000000 ____D C:\Nexon 2012-12-26 11:01 - 2011-08-15 17:36 - 00000000 ____D C:\users\Chris 2012-12-26 10:57 - 2011-08-16 17:13 - 00000000 ____D C:\Program Files (x86)\OGPlanet 2012-12-26 00:37 - 2012-12-26 00:31 - 00000033 ____A C:\Windows\GunzLauncher.INI 2012-12-26 00:31 - 2012-12-26 00:31 - 00000000 ____D C:\Users\Chris\Documents\Gunz 2012-12-26 00:30 - 2012-12-26 00:30 - 00000000 ____D C:\Program Files\Common Files\INCA Shared 2012-12-26 00:29 - 2012-12-26 00:29 - 00000000 ____D C:\Users\Chris\AppData\Local\Aeria Games 2012-12-26 00:29 - 2012-12-26 00:29 - 00000000 ____D C:\Users\All Users\Aeria Games 2012-12-26 00:28 - 2012-12-26 00:28 - 00000000 ____D C:\Program Files (x86)\Aeria Games 2012-12-26 00:28 - 2012-12-26 00:20 - 00000000 ____D C:\AeriaGames 2012-12-26 00:28 - 2012-10-23 09:04 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2012-12-26 00:23 - 2011-08-15 19:06 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps 2012-12-26 00:21 - 2012-12-26 00:21 - 00539232 ____A (Aeria Games & Entertainment) C:\Users\Chris\Downloads\gunz_us_downloader.exe 2012-12-26 00:21 - 2012-12-26 00:20 - 00000000 ____D C:\Users\Chris\AppData\Local\Akamai 2012-12-26 00:20 - 2012-12-26 00:20 - 00500320 ____A (Aeria Games & Entertainment) C:\Users\Chris\Downloads\strongholdkingdoms_us_downloader.exe 2012-12-25 19:23 - 2011-10-24 20:00 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-519376442-23588699-1961641363-1000Core.job 2012-12-25 19:15 - 2011-08-15 18:17 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-519376442-23588699-1961641363-1000Core.job 2012-12-21 19:42 - 2012-12-21 19:42 - 00023040 ____H C:\Users\Chris\Documents\~WRL2276.tmp 2012-12-21 19:32 - 2011-08-20 21:20 - 00000000 ____D C:\Users\Chris\Documents\Notepad 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Program Files\iTunes 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Program Files\iPod 2012-12-21 19:26 - 2012-12-21 19:26 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-21 19:23 - 2012-12-21 19:23 - 00000000 ____D C:\Program Files (x86)\QuickTime 2012-12-21 01:57 - 2012-12-21 01:57 - 04350224 ____A C:\Users\Chris\Downloads\ogpdownload_lostsaga(1).exe 2012-12-21 01:57 - 2011-08-16 16:33 - 00000000 ____D C:\Users\Chris\Documents\OGPlanet Games 2012-12-20 20:48 - 2011-09-08 07:43 - 00000000 ____D C:\Program Files\Dl_cats 2012-12-17 21:02 - 2012-12-17 21:02 - 00297144 ____A C:\Windows\Minidump\121812-38345-01.dmp 2012-12-17 21:02 - 2011-09-14 17:46 - 00000000 ____D C:\Windows\Minidump 2012-12-14 18:32 - 2011-08-31 17:03 - 00000000 ____D C:\Users\Chris\Documents\School 2012-12-13 12:14 - 2011-08-15 18:27 - 00000000 ____D C:\Users\All Users\Skype 2012-12-13 08:40 - 2012-12-13 08:40 - 16363960 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-12-13 08:40 - 2012-05-15 08:12 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-12-13 08:40 - 2011-08-16 21:53 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-12-12 17:20 - 2012-12-12 16:51 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Youtube Downloader HD 2012-12-12 16:53 - 2012-12-12 16:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Strongvault 2012-12-12 16:52 - 2012-12-12 16:52 - 00000000 ____D C:\Users\Chris\AppData\Local\Stronghold_LLC 2012-12-12 16:51 - 2012-12-12 16:51 - 00000000 ____D C:\Program Files (x86)\Youtube Downloader HD 2012-12-12 16:51 - 2012-02-29 00:41 - 00000000 ____D C:\Users\Chris\AppData\Roaming\OpenCandy 2012-12-12 16:49 - 2012-12-12 16:49 - 04705048 ____A (YoutubeDownloaderHD.com ) C:\Users\Chris\Downloads\youtube_downloader_hd_setup.exe 2012-12-11 14:41 - 2012-02-29 14:32 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Audacity 2012-12-11 14:39 - 2012-12-11 14:39 - 15523012 ____A C:\Users\Chris\Downloads\Chris Munar - Up DELETE.wav 2012-12-11 14:39 - 2012-09-17 20:52 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz 2012-12-11 14:39 - 2012-09-17 20:52 - 00000205 ____A C:\Windows\SysWOW64\lsprst7.dll 2012-12-11 14:39 - 2012-09-17 20:52 - 00000087 ____A C:\Windows\SysWOW64\ssprs.tgz 2012-12-11 14:39 - 2012-09-17 20:52 - 00000073 ____A C:\Windows\SysWOW64\ssprs.dll 2012-12-10 21:59 - 2012-05-21 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-12-06 08:36 - 2011-08-15 18:07 - 00000000 ____D C:\Users\Chris\Documents\Bluetooth Folder 2012-12-04 20:34 - 2012-12-04 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-04 11:12 - 2011-08-23 22:14 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent 2012-12-04 01:56 - 2012-12-04 01:48 - 00000000 ____D C:\Users\Chris\Downloads\The Walking Dead CBRs 2012-12-03 12:44 - 2012-09-25 10:29 - 00000000 ____D C:\Users\Chris\AppData\Local\YahooPartnerToolbar 2012-12-03 11:05 - 2012-09-06 09:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-02 11:14 - 2012-12-02 11:12 - 00000000 ____D C:\Users\All Users\Norton 2012-12-01 11:05 - 2012-12-01 11:05 - 00000000 ____D C:\Users\Chris\Downloads\Drivers.com 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Users\Chris\AppData\Local\PC_Drivers_Headquarters 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Users\All Users\UAB 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Users\All Users\Drivers.com 2012-12-01 11:04 - 2012-12-01 11:04 - 00000000 ____D C:\Program Files (x86)\Drivers.com 2012-12-01 11:03 - 2012-12-01 11:03 - 01190744 ____A (Drivers.com ) C:\Users\Chris\Downloads\driverscom.exe 2012-12-01 11:03 - 2012-12-01 11:03 - 01190744 ____A (Drivers.com ) C:\Users\Chris\Downloads\driverscom(1).exe 2012-12-01 10:46 - 2012-12-01 10:46 - 00347424 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\MicrosoftFixit.dvd.RNP.135277814807527505.2.1.Run.exe 2012-12-01 10:39 - 2012-12-01 10:39 - 07217800 ____A (Power Software Ltd) C:\Users\Chris\Downloads\PowerISO5(1).exe 2012-11-29 21:44 - 2011-10-05 11:00 - 00000000 ____D C:\Users\Chris\AppData\Roaming\.minecraft 2012-11-26 13:03 - 2012-11-26 13:03 - 13404680 ____A C:\Users\Chris\Downloads\Chris Munar - We In The Club DELETE.wav ZeroAccess: C:\$Recycle.Bin\S-1-5-21-519376442-23588699-1961641363-1000\$091fbdab0ea6f4f093d675bc0a09ff6e ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$091fbdab0ea6f4f093d675bc0a09ff6e ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4001.06 MB Available physical RAM: 3368.25 MB Total Pagefile: 3999.21 MB Available Pagefile: 3357.77 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:226.46 GB) (Free:26.03 GB) NTFS 2 Drive e: () (Fixed) (Total:239.2 GB) (Free:209.08 GB) NTFS 3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF 4 Drive g: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 980 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 226 GB 101 MB Partition 3 Primary 239 GB 226 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 226 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E NTFS Partition 239 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 979 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT Removable 979 MB Healthy ========================================================= Last Boot: 2012-12-15 01:04 ==================== End Of Log =============================