Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012
Ran by SYSTEM at 05-01-2013 12:20:17
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Owner\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-15] (Valve Corporation)
HKU\Owner\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-22] ()
HKU\Owner\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\Owner\...\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-27] (Google Inc.)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-09] (Google Inc.)
HKU\Owner\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16070136 2012-11-08] (Google)
HKU\Owner\...\Policies\system: [DisableTaskMgr] 1
HKU\UpdatusUser\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-15] (Valve Corporation)
HKU\UpdatusUser\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-22] ()
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-09] (Google Inc.)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [Exent_SDM] C:\Users\UpdatusUser\AppData\Local\Temp\SDM143\Free Ride Games.exe "l 'Startup' u 'http://www.freeridegames.com/do/SDMC?action=config&type=FULLSTARTUP&contentId=586350&sId=w3i_us_games_nolaunch' p '143' c '466550'" [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [pivotstickfigure]  [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-9G7HL.exe" /REG /REGSVRMODE [711240 2012-07-29] ()
HKLM-x32\...\RunOnce: [ZTBUpdater5_871] "C:\Windows\TEMP\ToolbarUpdate.exe" -REBOOT [1322120 2013-01-04] ()
HKLM\...\Winlogon: [Userinit] ,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Startup: C:\Users\All Users\Start Menu\Programs\Startup\explorer - Shortcut.lnk
ShortcutTarget: explorer - Shortcut.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
Startup: C:\Users\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ===================

2 Browser Manager; C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2200096 2012-09-28] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-19] ()
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [267488 2011-07-27] ()
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe wampmysqld [9693696 2012-04-19] ()

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va005; \??\C:\Users\Owner\AppData\Local\Temp\005B977.tmp [x]
3 X6va007; \??\C:\Users\Owner\AppData\Local\Temp\0077DC6.tmp [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-05 12:20 - 2013-01-05 12:20 - 00000000 ____D C:\FRST
2013-01-03 22:43 - 2013-01-03 22:43 - 00306355 ____A C:\Users\Owner\Desktop\Minecraft Hacks.rar
2013-01-03 22:43 - 2012-12-20 13:00 - 00774656 ____A (Microsoft Corp.) C:\Users\Owner\Desktop\Minecraft Hacks.exe
2013-01-02 20:05 - 2013-01-02 20:06 - 07558144 ____A C:\Users\Owner\Downloads\Perevodchik v2.0eng.exe
2013-01-02 10:09 - 2013-01-01 10:45 - 02322272 ____A C:\Users\Owner\Desktop\Isabella_dIII-v146_4468641.zip
2013-01-01 15:47 - 2013-01-01 15:47 - 05019406 ____A C:\Users\Owner\Downloads\Castle Gate by pg5 - 2 Maps.zip
2013-01-01 11:52 - 2013-01-01 11:52 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Downloads\MagicLauncher_1.0.0.exe
2013-01-01 01:27 - 2013-01-01 01:27 - 00000000 ____D C:\Users\Owner\Desktop\ChatManager
2013-01-01 00:50 - 2013-01-01 01:44 - 00000000 ____D C:\Users\Owner\Desktop\helping Zep
2013-01-01 00:42 - 2012-12-22 17:07 - 00000096 ____A C:\Users\Owner\Desktop\config.yml
2013-01-01 00:31 - 2013-01-01 00:31 - 00008150 ____A C:\Users\Owner\Desktop\perms.txt
2013-01-01 00:26 - 2013-01-01 00:26 - 00000428 ____A C:\Users\Owner\Desktop\perm.txt
2013-01-01 00:17 - 2012-12-22 17:22 - 00009357 ____A C:\Users\Owner\Desktop\permissions.yml
2012-12-31 18:23 - 2013-01-04 00:24 - 00000000 ____D C:\Users\Owner\Desktop\GMT Updater
2012-12-31 18:23 - 2013-01-04 00:24 - 00000000 ____D C:\Users\Owner\AppData\Local\PixelTail
2012-12-31 18:23 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Subversion
2012-12-31 18:22 - 2012-12-31 18:22 - 02542695 ____A C:\Users\Owner\Desktop\GMTUpdater_1.2.8.zip
2012-12-29 11:04 - 2012-12-29 11:04 - 00000222 ____A C:\Users\Owner\Desktop\Galactic Civilizations I Ultimate Edition.url
2012-12-25 12:49 - 2012-12-25 12:49 - 00000220 ____A C:\Users\Owner\Desktop\Garry's Mod.url
2012-12-25 08:26 - 2012-12-25 08:26 - 00291992 ____A C:\Windows\Minidump\122512-30778-01.dmp
2012-12-24 16:42 - 2012-12-24 16:42 - 00000000 ____D C:\Users\Owner\vsxu
2012-12-24 16:41 - 2013-01-04 00:24 - 00000000 ____D C:\Program Files\Vovoid VSXu 0.3.1
2012-12-24 16:40 - 2012-12-24 16:41 - 45821522 ____A C:\Users\Owner\Downloads\VSXu_0.3.1_amd64.exe
2012-12-24 16:37 - 2012-12-24 16:37 - 00000000 ____D C:\Program Files\Microsoft Office
2012-12-24 16:03 - 2012-12-24 16:03 - 00000000 ____D C:\Program Files (x86)\OCSetup
2012-12-24 15:59 - 2012-12-24 15:59 - 56019736 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-30021.exe
2012-12-24 15:58 - 2012-12-24 16:08 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-75238.exe
2012-12-24 09:59 - 2012-12-24 12:49 - 115228547 ____A C:\Users\Owner\Desktop\Minecraft - Let's Play - Episode 1.wmv
2012-12-24 09:22 - 2012-12-24 09:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{B7CF6BCC-9587-4115-97EF-7A2CD1E3E6AD}
2012-12-24 07:43 - 2012-11-02 12:20 - 01025023 ____A C:\Users\Owner\Desktop\Today's Textures-Greenfield V6.zip
2012-12-23 18:09 - 2012-12-23 18:09 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Desktop\MagicLauncher_1.0.0.exe
2012-12-23 17:43 - 2012-12-23 17:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Grubby Games
2012-12-23 17:39 - 2012-12-23 17:48 - 00000000 ____D C:\Program Files (x86)\Gateway Games
2012-12-23 17:39 - 2012-12-23 17:47 - 00000000 ____D C:\Users\All Users\WildTangent
2012-12-23 17:31 - 2012-12-23 17:31 - 00000147 ____A C:\Users\Owner\Downloads\download link Adobe After Effects CS6.txt
2012-12-23 17:23 - 2012-12-23 17:23 - 00032727 ____A C:\Users\Owner\Downloads\audio-react-1.zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Downloads\gulliver-0.10.1-MC1.4.5 (1).zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Desktop\gulliver-0.10.1-MC1.4.5.zip
2012-12-23 16:53 - 2012-12-23 16:54 - 31037288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl.exe
2012-12-23 16:27 - 2012-12-23 16:27 - 00681472 ____A C:\Users\Owner\Downloads\MicrosoftFixit50577.msi
2012-12-23 16:26 - 2012-12-23 16:26 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup (1).exe
2012-12-23 16:23 - 2013-01-04 00:24 - 00000000 ___RD C:\Users\Owner\Podcasts
2012-12-23 16:19 - 2013-01-04 00:24 - 00000000 ____D C:\Program Files\Zune
2012-12-23 16:19 - 2012-12-23 16:19 - 00000927 ____A C:\Users\Public\Desktop\Zune.lnk
2012-12-23 16:17 - 2012-12-23 16:18 - 105664248 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\ZuneSetupPkg.exe
2012-12-23 16:16 - 2012-12-23 16:16 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup.exe
2012-12-23 07:30 - 2012-12-23 07:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{36A4DC42-A2FE-4259-B6C8-E2D8898BED74}
2012-12-22 19:34 - 2013-01-04 00:24 - 00000000 ____D C:\Users\Owner\Desktop\Minecraft Christmas
2012-12-20 17:52 - 2012-12-24 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-12-20 17:23 - 2012-12-24 16:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-20 17:23 - 2012-12-20 17:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-12-20 17:11 - 2011-02-24 22:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\System32\explorer.exe
2012-12-20 16:55 - 2012-12-20 17:18 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\X17-75238.exe
2012-12-20 16:24 - 2012-12-20 16:24 - 00000000 ____D C:\Users\Owner\Documents\Fan Art
2012-12-20 16:21 - 2012-12-20 16:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE0A5D4B-46DD-4F96-A992-FD44C86C8F18}
2012-12-20 15:10 - 2012-12-20 17:53 - 00000000 ____D C:\Users\Owner\Desktop\Youtube-Livestream Video Supplies
2012-12-16 11:24 - 2012-12-16 11:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAA52D09-3C13-4C4D-8D85-BD648E579F64}
2012-12-15 19:47 - 2012-12-15 19:47 - 00185790 ____A C:\Users\Owner\Desktop\ModLoader.zip
2012-12-15 09:27 - 2012-12-15 09:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{4C51BFD8-1738-45A9-A5BA-ACC8A368907C}
2012-12-14 21:26 - 2012-12-14 21:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{52EE7B13-9E5E-491D-8067-1A93A92B6AD4}
2012-12-13 16:09 - 2012-12-13 16:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{2F09BA0B-876A-4DC8-A43A-2EF6DDA98A65}
2012-12-11 18:24 - 2012-12-11 18:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{63E51F98-9126-426A-9631-45DE0042C1F2}
2012-12-09 20:34 - 2012-12-09 20:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B48AC490-D368-4BD2-A843-75DC620E2D21}

==================== One Month Modified Files and Folders =======

2013-01-04 17:06 - 2012-06-16 11:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-04 16:50 - 2012-07-27 15:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068272409-2542039905-4093708311-1000UA.job
2013-01-04 16:25 - 2011-07-09 19:35 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-04 14:59 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-04 14:59 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-04 14:51 - 2011-07-09 19:35 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-04 14:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-04 14:51 - 2009-07-13 20:51 - 00098018 ____A C:\Windows\setupact.log
2013-01-04 00:24 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\Desktop\GMT Updater
2013-01-04 00:24 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\AppData\Local\PixelTail
2013-01-04 00:24 - 2012-12-24 16:41 - 00000000 ____D C:\Program Files\Vovoid VSXu 0.3.1
2013-01-04 00:24 - 2012-12-23 16:23 - 00000000 ___RD C:\Users\Owner\Podcasts
2013-01-04 00:24 - 2012-12-23 16:19 - 00000000 ____D C:\Program Files\Zune
2013-01-04 00:24 - 2012-12-22 19:34 - 00000000 ____D C:\Users\Owner\Desktop\Minecraft Christmas
2013-01-04 00:24 - 2012-10-26 17:14 - 00000000 ____D C:\Users\Owner\Desktop\New folder (2)
2013-01-04 00:24 - 2012-10-06 10:32 - 00000000 ____D C:\Users\Owner\Desktop\TekkitKraft
2013-01-04 00:24 - 2012-08-03 09:51 - 00000000 ____D C:\Users\Owner\Desktop\Slender v0.9.5
2013-01-04 00:24 - 2012-05-25 18:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft
2013-01-04 00:24 - 2012-05-11 22:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.techniclauncher
2013-01-04 00:24 - 2012-01-15 00:22 - 00000000 ____D C:\Windows\Minidump
2013-01-04 00:24 - 2011-11-29 18:00 - 00000000 ____D C:\Users\Owner\Desktop\Minecraft Skins
2013-01-04 00:24 - 2011-11-26 15:24 - 00000000 ___RD C:\Users\Owner\Desktop\Bukkkit
2013-01-04 00:24 - 2011-07-09 07:23 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2013-01-04 00:24 - 2011-06-02 07:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Notepad++
2013-01-04 00:24 - 2011-04-24 09:54 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-04 00:24 - 2011-03-03 04:04 - 00000000 ____D C:\users\Owner
2013-01-03 23:14 - 2009-07-13 20:45 - 00018432 _____ C:\Windows\System32\umstartup.etl
2013-01-03 23:01 - 2011-03-03 04:28 - 00228972 ____A C:\Windows\PFRO.log
2013-01-03 22:54 - 2011-04-09 14:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-01-03 22:50 - 2011-03-03 04:04 - 01247014 ____A C:\Windows\WindowsUpdate.log
2013-01-03 22:43 - 2013-01-03 22:43 - 00306355 ____A C:\Users\Owner\Desktop\Minecraft Hacks.rar
2013-01-02 20:06 - 2013-01-02 20:05 - 07558144 ____A C:\Users\Owner\Downloads\Perevodchik v2.0eng.exe
2013-01-01 22:41 - 2012-07-31 05:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Procaster
2013-01-01 15:47 - 2013-01-01 15:47 - 05019406 ____A C:\Users\Owner\Downloads\Castle Gate by pg5 - 2 Maps.zip
2013-01-01 11:52 - 2013-01-01 11:52 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Downloads\MagicLauncher_1.0.0.exe
2013-01-01 11:14 - 2011-11-09 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Paint.NET
2013-01-01 10:45 - 2013-01-02 10:09 - 02322272 ____A C:\Users\Owner\Desktop\Isabella_dIII-v146_4468641.zip
2013-01-01 01:44 - 2013-01-01 00:50 - 00000000 ____D C:\Users\Owner\Desktop\helping Zep
2013-01-01 01:27 - 2013-01-01 01:27 - 00000000 ____D C:\Users\Owner\Desktop\ChatManager
2013-01-01 00:31 - 2013-01-01 00:31 - 00008150 ____A C:\Users\Owner\Desktop\perms.txt
2013-01-01 00:26 - 2013-01-01 00:26 - 00000428 ____A C:\Users\Owner\Desktop\perm.txt
2012-12-31 18:23 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Subversion
2012-12-31 18:22 - 2012-12-31 18:22 - 02542695 ____A C:\Users\Owner\Desktop\GMTUpdater_1.2.8.zip
2012-12-29 11:19 - 2011-03-03 06:54 - 00525980 ____A C:\Windows\DirectX.log
2012-12-29 11:04 - 2012-12-29 11:04 - 00000222 ____A C:\Users\Owner\Desktop\Galactic Civilizations I Ultimate Edition.url
2012-12-26 11:23 - 2011-05-19 17:36 - 00000000 ____D C:\Users\Owner\Documents\My Games
2012-12-26 09:34 - 2011-03-03 04:34 - 00058744 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-25 12:49 - 2012-12-25 12:49 - 00000220 ____A C:\Users\Owner\Desktop\Garry's Mod.url
2012-12-25 08:26 - 2012-12-25 08:26 - 00291992 ____A C:\Windows\Minidump\122512-30778-01.dmp
2012-12-25 08:26 - 2012-01-15 00:21 - 862051523 ____A C:\Windows\MEMORY.DMP
2012-12-25 08:26 - 2009-07-13 20:45 - 00268912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-25 04:50 - 2012-07-27 15:35 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068272409-2542039905-4093708311-1000Core.job
2012-12-24 16:42 - 2012-12-24 16:42 - 00000000 ____D C:\Users\Owner\vsxu
2012-12-24 16:41 - 2012-12-24 16:40 - 45821522 ____A C:\Users\Owner\Downloads\VSXu_0.3.1_amd64.exe
2012-12-24 16:40 - 2012-12-20 17:23 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-24 16:40 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-12-24 16:39 - 2012-12-20 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-12-24 16:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-24 16:39 - 2009-07-13 18:34 - 00000387 ____A C:\Windows\win.ini
2012-12-24 16:37 - 2012-12-24 16:37 - 00000000 ____D C:\Program Files\Microsoft Office
2012-12-24 16:08 - 2012-12-24 15:58 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-75238.exe
2012-12-24 16:03 - 2012-12-24 16:03 - 00000000 ____D C:\Program Files (x86)\OCSetup
2012-12-24 16:03 - 2011-05-08 05:56 - 00000000 ____D C:\Users\Owner\Tracing
2012-12-24 15:59 - 2012-12-24 15:59 - 56019736 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-30021.exe
2012-12-24 12:49 - 2012-12-24 09:59 - 115228547 ____A C:\Users\Owner\Desktop\Minecraft - Let's Play - Episode 1.wmv
2012-12-24 10:41 - 2011-11-26 16:49 - 00000038 ____A C:\Windows\AviSplitter.INI
2012-12-24 09:22 - 2012-12-24 09:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{B7CF6BCC-9587-4115-97EF-7A2CD1E3E6AD}
2012-12-24 08:28 - 2012-04-06 15:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.spoutcraft
2012-12-23 18:09 - 2012-12-23 18:09 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Desktop\MagicLauncher_1.0.0.exe
2012-12-23 17:52 - 2012-09-25 17:35 - 05005686 ____A C:\Users\Owner\Downloads\minecraft.jar
2012-12-23 17:48 - 2012-12-23 17:39 - 00000000 ____D C:\Program Files (x86)\Gateway Games
2012-12-23 17:47 - 2012-12-23 17:39 - 00000000 ____D C:\Users\All Users\WildTangent
2012-12-23 17:43 - 2012-12-23 17:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Grubby Games
2012-12-23 17:31 - 2012-12-23 17:31 - 00000147 ____A C:\Users\Owner\Downloads\download link Adobe After Effects CS6.txt
2012-12-23 17:23 - 2012-12-23 17:23 - 00032727 ____A C:\Users\Owner\Downloads\audio-react-1.zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Downloads\gulliver-0.10.1-MC1.4.5 (1).zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Desktop\gulliver-0.10.1-MC1.4.5.zip
2012-12-23 17:02 - 2011-05-08 05:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2012-12-23 16:54 - 2012-12-23 16:53 - 31037288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl.exe
2012-12-23 16:49 - 2012-05-31 12:24 - 00000000 ____D C:\UDK
2012-12-23 16:27 - 2012-12-23 16:27 - 00681472 ____A C:\Users\Owner\Downloads\MicrosoftFixit50577.msi
2012-12-23 16:26 - 2012-12-23 16:26 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup (1).exe
2012-12-23 16:19 - 2012-12-23 16:19 - 00000927 ____A C:\Users\Public\Desktop\Zune.lnk
2012-12-23 16:18 - 2012-12-23 16:17 - 105664248 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\ZuneSetupPkg.exe
2012-12-23 16:16 - 2012-12-23 16:16 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup.exe
2012-12-23 07:30 - 2012-12-23 07:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{36A4DC42-A2FE-4259-B6C8-E2D8898BED74}
2012-12-22 17:22 - 2013-01-01 00:17 - 00009357 ____A C:\Users\Owner\Desktop\permissions.yml
2012-12-22 17:07 - 2013-01-01 00:42 - 00000096 ____A C:\Users\Owner\Desktop\config.yml
2012-12-20 17:53 - 2012-12-20 15:10 - 00000000 ____D C:\Users\Owner\Desktop\Youtube-Livestream Video Supplies
2012-12-20 17:52 - 2012-08-02 18:55 - 00000000 ___RD C:\Users\Owner\Dropbox
2012-12-20 17:52 - 2012-08-02 18:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2012-12-20 17:23 - 2012-12-20 17:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-12-20 17:18 - 2012-12-20 16:55 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\X17-75238.exe
2012-12-20 16:24 - 2012-12-20 16:24 - 00000000 ____D C:\Users\Owner\Documents\Fan Art
2012-12-20 16:21 - 2012-12-20 16:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE0A5D4B-46DD-4F96-A992-FD44C86C8F18}
2012-12-20 13:00 - 2013-01-03 22:43 - 00774656 ____A (Microsoft Corp.) C:\Users\Owner\Desktop\Minecraft Hacks.exe
2012-12-16 11:24 - 2012-12-16 11:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAA52D09-3C13-4C4D-8D85-BD648E579F64}
2012-12-15 19:47 - 2012-12-15 19:47 - 00185790 ____A C:\Users\Owner\Desktop\ModLoader.zip
2012-12-15 09:27 - 2012-12-15 09:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{4C51BFD8-1738-45A9-A5BA-ACC8A368907C}
2012-12-14 21:26 - 2012-12-14 21:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{52EE7B13-9E5E-491D-8067-1A93A92B6AD4}
2012-12-13 16:10 - 2012-12-13 16:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{2F09BA0B-876A-4DC8-A43A-2EF6DDA98A65}
2012-12-11 19:06 - 2012-06-16 11:45 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 19:06 - 2011-05-17 17:23 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-11 18:24 - 2012-12-11 18:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{63E51F98-9126-426A-9631-45DE0042C1F2}
2012-12-10 17:54 - 2011-05-01 14:02 - 00000000 ____D C:\Fraps
2012-12-09 20:34 - 2012-12-09 20:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B48AC490-D368-4BD2-A843-75DC620E2D21}


ZeroAccess:
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\@
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\L
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\00000001.@
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\80000000.@
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\800000cb.@

ZeroAccess:
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\@
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\L
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\n
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\00000001.@
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\80000000.@
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\800000cb.@

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-12-24 16:36:51
Restore point made on: 2012-12-29 11:18:48
Restore point made on: 2013-01-03 22:48:04
Restore point made on: 2013-01-03 22:53:01

==================== Memory info =========================== 

Percentage of memory in use: 8%
Total physical RAM: 12276.6 MB
Available physical RAM: 11269.35 MB
Total Pagefile: 12274.75 MB
Available Pagefile: 11265.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:229.07 GB) NTFS
2 Drive e: (VRMSP_EN) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
3 Drive f: () (Removable) (Total:7.45 GB) (Free:5.7 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B         
  Disk 1    Online         7633 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            931 GB   101 MB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   System Rese  NTFS   Partition    100 MB  Healthy            

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    931 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7633 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F                FAT32  Removable   7633 MB  Healthy            

=========================================================

Last Boot: 2013-01-04 15:16

==================== End Of Log =============================