Infected with FBI MoneyPak

mbalmer · May 15, 2013

At approx 9:11 yesterday, my computer was hit with the dreaded MoneyPak ransomware.

Only one user profile was infected, I have created the dds.txt and attach.txt files from the other user profile.

===================================================

==================== DDS.TXT =====================

===================================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Work at 12:49:14 on 2013-05-15

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8167.5906 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

E:\Programs\NetBalancer\SeriousBit.NetBalancer.Service.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\EscSvc64.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Work\AppData\Roaming\Spotify\spotify.exe

C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

E:\Programs\LolReplay\LOLRecorder.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

E:\Programs\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

E:\Programs\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Razer\Lycosa\razertra.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: GetSavin 5.0: {31AD1549-432A-4EFD-88E8-FDB9FB22CE52} - C:\Users\Matt\AppData\Local\getsavin\ie\getsavin_1362897001.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [spotify] "C:\Users\Work\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Programs\Gmail Notifier\gnotify.exe

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "E:\Programs\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - E:\Programs\LolReplay\LOLRecorder.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{30985231-1321-42DB-84E6-9859C7DBB100} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{30985231-1321-42DB-84E6-9859C7DBB100} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5337C3D6-6489-4DBC-AC49-18F17BA0C30B} : DHCPNameServer = 192.168.42.129

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\q76xvt5f.default\

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: E:\Programs\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin.dll

FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin7.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-24 56208]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]

R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-14 25928]

R3 Nbdrv;NetBalancer;C:\Windows\System32\drivers\nbdrv.sys [2013-3-16 41256]

S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2012-7-20 31744]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-1-25 22016]

S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 59392]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="E:\Programs\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-05-15 06:33:05 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{943846F2-D9C6-47E5-B623-26640A2329A3}\mpengine.dll

2013-05-15 01:52:08 -------- d-----w- C:\Users\Work\AppData\Roaming\Malwarebytes

2013-05-15 01:52:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-15 01:52:02 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-15 01:52:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-15 01:51:51 -------- d-----w- C:\Users\Work\AppData\Local\Programs

2013-05-15 01:46:15 -------- d-----w- C:\Users\Work\AppData\Local\Apps

2013-05-14 20:07:17 -------- d-----w- C:\Users\Work\AppData\Roaming\LolClient

2013-05-07 14:44:11 -------- d-----w- C:\Users\Work\AppData\Local\CrashDumps

2013-05-06 22:55:46 -------- d-----w- C:\Users\Work\AppData\Local\Apple Computer

2013-05-06 22:55:28 -------- d-----w- C:\Users\Work\AppData\Local\Mozilla

2013-05-05 02:29:14 -------- d-----w- C:\ProgramData\NexonUS

2013-05-05 02:29:12 -------- d-----w- C:\ProgramData\Nexon

2013-05-03 14:02:22 -------- d-----w- C:\Users\Work\AppData\Roaming\NVIDIA

2013-05-03 13:46:25 -------- d-----w- C:\Users\Work\.gem

2013-04-29 19:52:26 -------- d-----w- C:\Users\Work\AppData\Local\Spotify

2013-04-29 19:52:16 -------- d-----w- C:\Users\Work\AppData\Roaming\Spotify

2013-04-29 19:43:06 -------- d-----w- C:\Users\Work\AppData\Roaming\JetBrains

2013-04-29 19:41:32 -------- d-----w- C:\Users\Work\.WebIde60

2013-04-25 00:24:55 22528 ----a-w- C:\Windows\System32\netutils.dll

2013-04-24 00:56:57 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-17 03:02:06 232832 ----a-w- C:\Windows\System32\WDMBL_AP1NC_2_2_0.dll

.

==================== Find3M ====================

.

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-20 07:03:12 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-03-20 07:03:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-14 04:22:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-14 04:22:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll

2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

.

============= FINISH: 12:49:24.80 ===============

===================================================

==================== ATTACH.TXT ==================

===================================================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 11/21/2012 8:14:11 PM

System Uptime: 5/15/2013 12:33:09 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

D: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Creative Suite 6 Production Premium

Adobe CS6 Design and Web Premium

Adobe Flash Builder 4.6

Adobe Flash Media Live Encoder 3.2

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Reader XI (11.0.01)

Adobe Shockwave Player 12.0

Adobe Widget Browser

Adobe® Content Viewer

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

Assassin's Creed ® III

bl

Bluetooth Win7 Suite (64)

CameraHelperMsi

Combat Arms

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Dishonored

Download Navigator

EPSON Connect version 1.0

Epson Customer Participation

Epson Event Manager

EPSON NX510 Series Printer Uninstall

Epson Print CD

EPSON Scan

EPSON XP-600 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup

erLT

EVGA Precision 2.0.2

Fences 2

FileZilla Client 3.6.0.2

Forge

Fraps (remove only)

GetSavin

Google Chrome

Google Drive

Google Gmail Notifier

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Guitar Pro 6

Intel® Management Engine Components

Intel® Network Connections 15.6.25.0

Java 7 Update 11

Java 7 Update 11 (64-bit)

Java SE Development Kit 7 Update 9 (64-bit)

JetBrains PhpStorm 6.0

JetBrains WebStorm 6.0

JMicron JMB36X Driver

Killing Floor

Launchpad Enhanced

League of Legends

Leap Software

Logitech Vid HD

Logitech Webcam Software

LOLReplay

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.75.0.1300

marvell 91xx driver

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Sync Framework 2.0 Core Components (x64) ENU

Microsoft Sync Framework 2.0 Provider Services (x64) ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MotoHelper 2.1.41 Driver 5.5.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.5.0

Mozilla Firefox 17.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

NetBalancer

Nexon Game Manager

NVIDIA 3D Vision Controller Driver 305.27

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0613

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Opera 12.11

Pando Media Booster

Path of Exile

PDF Settings CS6

ph

PlanetSide 2

PunkBuster Services

QuickTime

Razer Lycosa

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RPG MAKER VX Ace Lite

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Skype™ 6.3

Snake

Spotify

Star Wars Galaxies

Star Wars: The Old Republic

StarCraft II

swMSM

SyncToy 2.1 (x64)

Torchlight II

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Uplay

Ventrilo Client for Windows x64

Windows Driver Package - Cypress (CYUSB3) USB (08/08/2012 1.1.2.00)

World of Warcraft

XSplit

.

==== End Of File ===========================

Maniac · May 15, 2013

Hello mbalmer and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

mbalmer · May 16, 2013

<p>My apologies for the delay.</p>

I was unable to boot into safe mode. I was, however, able to run the program from an uninfected user profile.</p>

<p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013</p>

<div>Ran by Work (administrator) on 15-05-2013 20:38:58</div>

<div>Running from C:\Users\Work\Downloads</div>

<div>Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)</div>

<div>Internet Explorer Version 9</div>

<div>Boot Mode: Normal</div>

<div>==================== Processes (Whitelisted) =================</div>

<div>(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe</div>

<div>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe</div>

<div>(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe</div>

<div>(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe</div>

<div>(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe</div>

<div>(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe</div>

<div>(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe</div>

<div>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>

<div>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe</div>

<div>(SeriousBit) E:\Programs\NetBalancer\SeriousBit.NetBalancer.Service.exe</div>

<div>() C:\Windows\SysWOW64\PnkBstrA.exe</div>

<div>() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe</div>

<div>(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe</div>

<div>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</div>

<div>(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe</div>

<div>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe</div>

<div>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</div>

<div>(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe</div>

<div>(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe</div>

<div>(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</div>

<div>(Spotify Ltd) C:\Users\Work\AppData\Roaming\Spotify\spotify.exe</div>

<div>(Spotify Ltd) C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</div>

<div>(LOL Replay) E:\Programs\LolReplay\LOLRecorder.exe</div>

<div>(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe</div>

<div>(Adobe Systems Inc.) E:\Programs\Adobe\Acrobat 10.0\Acrobat\acrotray.exe</div>

<div>(Google Inc.) E:\Programs\Gmail Notifier\gnotify.exe</div>

<div>(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe</div>

<div>(Razer USA Ltd.) C:\Program Files (x86)\Razer\Lycosa\razerhid.exe</div>

<div>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe</div>

<div>() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe</div>

<div>() C:\Program Files (x86)\Razer\Lycosa\razertra.exe</div>

<div>() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe</div>

<div>() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe</div>

<div>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</div>

<div>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</div>

<div>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</div>

<div>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</div>

<div>(Farbar) C:\Users\Work\Downloads\FRST64.exe</div>

<div>(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE</div>

<div>==================== Registry (Whitelisted) ==================</div>

<div>HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)</div>

<div>HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)</div>

<div>HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)</div>

<div>HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)</div>

<div>HKLM\...\Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup [4017368 2012-10-29] (Stardock Corporation)</div>

<div>HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)</div>

<div>HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)</div>

<div>HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-11-21] (Google Inc.)</div>

<div>HKCU\...\Run: [spotify] "C:\Users\Work\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4573184 2013-05-03] (Spotify Ltd)</div>

<div>HKCU\...\Run: [spotify Web Helper] "C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-03] (Spotify Ltd)</div>

<div>HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()</div>

<div>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)</div>

<div>HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [x]</div>

<div>HKLM-x32\...\Run: [Acrobat Assistant 8.0] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [x]</div>

<div>HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Programs\Gmail Notifier\gnotify.exe [x]</div>

<div>HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [1058400 2012-01-26] (SEIKO EPSON CORPORATION)</div>

<div>HKLM-x32\...\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" [147456 2007-11-20] (Razer USA Ltd.)</div>

<div>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [QuickTime Task] "E:\Programs\QuickTime\QTTask.exe" -atboottime [x]</div>

<div>HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [295072 2013-01-19] (RealNetworks, Inc.)</div>

<div>HKU\Matt\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-22] ()</div>

<div>HKU\Matt\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)</div>

<div>HKU\Matt\...\Run: [spotify Web Helper] "C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-04] (Spotify Ltd)</div>

<div>HKU\Matt\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)</div>

<div>HKU\Matt\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-11-21] (Google Inc.)</div>

<div>HKU\Matt\...\Run: [Akamai NetSession Interface] "C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)</div>

<div>HKU\Matt\...\Run: [MusicManager] "C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-23] (Google Inc.)</div>

<div>HKU\Matt\...\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-600 Series" [283232 2012-02-29] (SEIKO EPSON CORPORATION)</div>

<div>HKU\Matt\...\Run: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.)</div>

<div>HKU\Matt\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Matt\Documents\1b8a1423.exe [25088 2013-05-14] ()</div>

<div>Startup: C:\ProgramData\Start Menu\Programs\Startup\LOLRecorder.lnk</div>

<div>ShortcutTarget: LOLRecorder.lnk -> E:\Programs\LolReplay\LOLRecorder.exe (LOL Replay)</div>

<div>Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()</div>

<div>Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk</div>

<div>ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)</div>

<div>==================== Internet (Whitelisted) ====================</div>

<div>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</div>

<div>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</div>

<div>SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div>SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div>BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)</div>

<div>BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>

<div>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</div>

<div>BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)</div>

<div>BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>

<div>BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</div>

<div>BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)</div>

<div>BHO-x32: GetSavin 5.0 - {31AD1549-432A-4EFD-88E8-FDB9FB22CE52} - C:\Users\Matt\AppData\Local\getsavin\ie\getsavin_1362897001.dll ()</div>

<div>BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)</div>

<div>BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File</div>

<div>BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)</div>

<div>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</div>

<div>BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)</div>

<div>BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)</div>

<div>BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File</div>

<div>BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)</div>

<div>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</div>

<div>Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)</div>

<div>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</div>

<div>Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File</div>

<div>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</div>

<div>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)</div>

<div>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</div>

<div>Tcpip\..\Interfaces\{30985231-1321-42DB-84E6-9859C7DBB100}: [NameServer]8.8.8.8,8.8.4.4</div>

<div>FireFox:</div>

<div>FF ProfilePath: C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\q76xvt5f.default</div>

<div>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()</div>

<div>FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)</div>

<div>FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>

<div>FF Plugin: @microsoft.com/GENUINE - disabled No File</div>

<div>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</div>

<div>FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)</div>

<div>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()</div>

<div>FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)</div>

<div>FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</div>

<div>FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File</div>

<div>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</div>

<div>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</div>

<div>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</div>

<div>FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)</div>

<div>FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</div>

<div>FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</div>

<div>FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)</div>

<div>FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>

<div>FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)</div>

<div>FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div>

<div>FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)</div>

<div>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF Plugin-x32: Adobe Acrobat - E:\Programs\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)</div>

<div>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div>FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)</div>

<div>Chrome: </div>

<div>CHR HomePage: hxxp://www.google.com</div>

<div>CHR RestoreOnStartup: "hxxp://www.google.com"</div>

<div>CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</div>

<div>CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</div>

<div>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()</div>

<div>CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer</div>

<div>CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()</div>

<div>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()</div>

<div>CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.3) - E:\Programs\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.3) - E:\Programs\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.3) - E:\Programs\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.3) - E:\Programs\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.3) - E:\Programs\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.3) - E:\Programs\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.3) - E:\Programs\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)</div>

<div>CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</div>

<div>CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</div>

<div>CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)</div>

<div>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File</div>

<div>CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</div>

<div>CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</div>

<div>CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</div>

<div>CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)</div>

<div>CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>

<div>CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div>

<div>CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)</div>

<div>CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)</div>

<div>CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)</div>

<div>CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()</div>

<div>CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</div>

<div>CHR Extension: (Google Docs) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0</div>

<div>CHR Extension: (Google Drive) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0</div>

<div>CHR Extension: (YouTube) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0</div>

<div>CHR Extension: (Google Search) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0</div>

<div>CHR Extension: (AdBlock) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0</div>

<div>CHR Extension: (RealDownloader) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0</div>

<div>CHR Extension: (Reddit Enhancement Suite) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_1</div>

<div>CHR Extension: (Gmail) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0</div>

<div>==================== Services (Whitelisted) =================</div>

<div>R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)</div>

<div>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</div>

<div>R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</div>

<div>R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-06] ()</div>

<div>R2 NetBalancerService; E:\Programs\NetBalancer\SeriousBit.NetBalancer.Service.exe [10240 2012-08-03] (SeriousBit)</div>

<div>R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-12-05] ()</div>

<div>R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()</div>

<div>S2 BFE; %SystemRoot%\System32\bfe.dll [x]</div>

<div>==================== Drivers (Whitelisted) ====================</div>

<div>S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-07-20] (Google Inc)</div>

<div>R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)</div>

<div>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)</div>

<div>R3 Nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41256 2011-05-18] (SeriousBit)</div>

<div>S3 catchme; \??\C:\cf\catchme.sys [x]</div>

<div>S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]</div>

<div>S3 NLNdisMP; system32\DRIVERS\nlndis.sys [x]</div>

<div>S3 NLNdisPT; system32\DRIVERS\nlndis.sys [x]</div>

<div>S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]</div>

<div>S3 tsusbhub; system32\drivers\tsusbhub.sys [x]</div>

<div>S3 VGPU; System32\drivers\rdvgkmd.sys [x]</div>

<div>==================== NetSvcs (Whitelisted) ===================</div>

<div>==================== One Month Created Files and Folders ========</div>

<div>2013-05-15 20:38 - 2013-05-15 20:38 - 01877416 ____A (Farbar) C:\Users\Work\Downloads\FRST64.exe</div>

<div>2013-05-15 20:37 - 2013-05-15 20:37 - 01317283 ____A (Farbar) C:\Users\Work\Downloads\FRST.exe</div>

<div>2013-05-15 20:36 - 2013-05-15 18:34 - 05066276 ___RA (Swearware) C:\Users\Matt\Desktop\cf.exe</div>

<div>2013-05-15 20:21 - 2013-05-15 20:21 - 00033214 ____A C:\ComboFix.txt</div>

<div>2013-05-15 19:57 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</div>

<div>2013-05-15 19:57 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</div>

<div>2013-05-15 19:57 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</div>

<div>2013-05-15 19:57 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe</div>

<div>2013-05-15 19:57 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</div>

<div>2013-05-15 19:38 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys</div>

<div>2013-05-15 19:38 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys</div>

<div>2013-05-15 19:38 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</div>

<div>2013-05-15 19:38 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll</div>

<div>2013-05-15 19:38 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll</div>

<div>2013-05-15 19:38 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe</div>

<div>2013-05-15 19:38 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll</div>

<div>2013-05-15 19:38 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll</div>

<div>2013-05-15 19:38 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll</div>

<div>2013-05-15 19:38 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll</div>

<div>2013-05-15 19:38 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</div>

<div>2013-05-15 19:38 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll</div>

<div>2013-05-15 19:38 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</div>

<div>2013-05-15 19:38 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll</div>

<div>2013-05-15 18:34 - 2013-05-15 20:22 - 00000000 ____D C:\Qoobox</div>

<div>2013-05-15 18:34 - 2013-05-15 18:45 - 00000000 ____D C:\Windows\erdnt</div>

<div>2013-05-15 18:34 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe</div>

<div>2013-05-15 18:34 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe</div>

<div>2013-05-15 18:34 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe</div>

<div>2013-05-15 18:34 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe</div>

<div>2013-05-15 18:34 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe</div>

<div>2013-05-15 18:34 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe</div>

<div>2013-05-15 18:34 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe</div>

<div>2013-05-15 18:34 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe</div>

<div>2013-05-15 18:33 - 2013-05-15 18:34 - 05066276 ___RA (Swearware) C:\Users\Work\Downloads\cf.exe</div>

<div>2013-05-15 12:51 - 2013-05-15 12:51 - 00009179 ____A C:\Users\Work\Desktop\attach.txt</div>

<div>2013-05-15 12:51 - 2013-05-15 12:49 - 00021091 ____A C:\Users\Work\Desktop\dds.txt</div>

<div>2013-05-15 12:48 - 2013-05-15 12:49 - 00688992 ____R (Swearware) C:\Users\Work\Downloads\dds.com</div>

<div>2013-05-14 21:52 - 2013-05-14 21:52 - 00000000 ____D C:\Users\Work\AppData\Roaming\Malwarebytes</div>

<div>2013-05-14 21:52 - 2013-05-14 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes</div>

<div>2013-05-14 21:52 - 2013-05-14 21:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>

<div>2013-05-14 21:52 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</div>

<div>2013-05-14 21:49 - 2013-05-14 21:51 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Work\Downloads\mbam-setup-1.75.0.1300.exe</div>

<div>2013-05-14 21:46 - 2013-05-15 20:36 - 00000000 ____D C:\Users\Work\AppData\Local\Apps\2.0</div>

<div>2013-05-14 21:11 - 2013-05-14 21:11 - 01096084 ____A C:\Users\Matt\AppData\Local\2433f433</div>

<div>2013-05-14 21:11 - 2013-05-14 21:11 - 00025088 ____A C:\Users\Matt\Documents\1b8a1423.exe</div>

<div>2013-05-14 16:07 - 2013-05-14 16:07 - 00000000 ____D C:\Users\Work\AppData\Roaming\LolClient</div>

<div>2013-05-14 15:41 - 2013-05-14 15:41 - 00000000 ____D C:\Users\Work\Downloads\league-of-legends-database-master</div>

<div>2013-05-14 15:19 - 2013-05-14 15:20 - 13779637 ____A C:\Users\Work\Downloads\league-of-legends-database-master.zip</div>

<div>2013-05-13 22:09 - 2013-05-13 22:14 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BSplayer</div>

<div>2013-05-13 22:09 - 2013-05-13 22:09 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BSplayer Pro</div>

<div>2013-05-13 22:08 - 2013-05-13 22:08 - 10510216 ____A C:\Users\Matt\Downloads\bsplayer_installer.exe</div>

<div>2013-05-13 22:07 - 2013-05-13 22:07 - 01314432 ____A (Conduit) C:\Users\Matt\Downloads\bsplayer264.1073.exe</div>

<div>2013-05-13 22:04 - 2013-05-13 22:17 - 00000296 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1346713021-3321757083-4118011311-1000.job</div>

<div>2013-05-12 15:04 - 2013-05-12 15:04 - 00703626 ____A C:\Users\Matt\Downloads\CAH_Card_Generator-2013-05-12.zip</div>

<div>2013-05-09 23:02 - 2013-05-09 23:02 - 00000000 ____D C:\Users\Matt\AppData\Local\Chromium</div>

<div>2013-05-09 19:23 - 2013-05-09 19:23 - 00001026 ____A C:\Users\Matt\Desktop\Anarchy.lnk</div>

<div>2013-05-09 19:13 - 2013-05-09 19:13 - 00001099 ____A C:\Users\Matt\Desktop\The Secret World.lnk</div>

<div>2013-05-08 11:30 - 2013-05-08 11:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1346713021-3321757083-4118011311-1000Core1ce4c019b02da0.job</div>

<div>2013-05-08 10:20 - 2013-05-08 10:24 - 00000000 ____D C:\Users\Work\Documents\my games</div>

<div>2013-05-07 10:46 - 2013-05-07 10:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4b319ccf4946.job</div>

<div>2013-05-07 10:44 - 2013-05-15 19:41 - 00000000 ____D C:\Users\Work\AppData\Local\CrashDumps</div>

<div>2013-05-06 18:55 - 2013-05-06 18:55 - 00000000 ____D C:\Users\Work\AppData\Roaming\Mozilla</div>

<div>2013-05-06 18:55 - 2013-05-06 18:55 - 00000000 ____D C:\Users\Work\AppData\Local\Mozilla</div>

<div>2013-05-06 18:55 - 2013-05-06 18:55 - 00000000 ____D C:\Users\Work\AppData\Local\Apple Computer</div>

<div>2013-05-05 18:14 - 2013-05-05 18:47 - 1728564896 ____A (Nexon) C:\Users\Matt\Downloads\Combatarms_VER_US_1304.04.exe</div>

<div>2013-05-05 17:39 - 2013-05-05 17:39 - 00000280 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{876654E8-B79D-4B62-9BFA-7C0270F02C3C}.job</div>

<div>2013-05-04 23:31 - 2013-05-04 23:31 - 00017833 ____A C:\Users\Matt\Downloads\Character Sheet (2).xlsx</div>

<div>2013-05-04 22:29 - 2013-05-05 18:54 - 00000000 ____D C:\ProgramData\NexonUS</div>

<div>2013-05-04 22:29 - 2013-05-04 22:29 - 00000000 ____D C:\ProgramData\Nexon</div>

<div>2013-05-04 16:21 - 2013-05-04 16:21 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Curse Advertising</div>

<div>2013-05-04 14:45 - 2013-05-15 20:25 - 00000000 ____D C:\Users\Matt\AppData\Local\Deployment</div>

<div>2013-05-04 14:45 - 2013-05-15 20:25 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\2.0</div>

<div>2013-05-04 14:45 - 2013-05-04 14:45 - 00000318 ____A C:\Users\Matt\Desktop\Curse Client.appref-ms</div>

<div>2013-05-04 14:45 - 2013-05-04 14:45 - 00000000 ____D C:\Users\Matt\Documents\My Curse</div>

<div>2013-05-04 14:44 - 2013-05-04 14:44 - 00402696 ____A () C:\Users\Matt\Downloads\setup (2).exe</div>

<div>2013-05-04 14:44 - 2013-05-04 14:44 - 00402696 ____A () C:\Users\Matt\Downloads\setup (1).exe</div>

<div>2013-05-03 10:04 - 2013-05-07 15:46 - 00001456 ____A C:\Users\Work\AppData\Local\Adobe Save for Web 13.0 Prefs</div>

<div>2013-05-03 10:02 - 2013-05-03 10:02 - 00000000 ____D C:\Users\Work\AppData\Roaming\NVIDIA</div>

<div>2013-05-03 09:46 - 2013-05-03 09:46 - 00000000 ____D C:\Users\Work\.gem</div>

<div>2013-04-29 16:50 - 2013-04-29 16:50 - 00000000 ____D C:\Users\Work\Downloads\ruby-2.0.0-p0</div>

<div>2013-04-29 16:50 - 2013-04-29 16:50 - 00000000 ____D C:\Users\Work\Downloads\bcc32</div>

<div>2013-04-29 16:45 - 2013-04-29 16:46 - 13608925 ____A C:\Users\Work\Downloads\ruby-2.0.0-p0.tar.gz</div>

<div>2013-04-29 15:56 - 2013-05-10 15:53 - 00000000 ____D C:\Users\Work\AppData\Roaming\FileZilla</div>

<div>2013-04-29 15:52 - 2013-05-15 20:35 - 00000000 ____D C:\Users\Work\AppData\Roaming\Spotify</div>

<div>2013-04-29 15:52 - 2013-05-15 20:35 - 00000000 ____D C:\Users\Work\AppData\Local\Spotify</div>

<div>2013-04-29 15:52 - 2013-04-29 15:52 - 00092776 ____A (Spotify Ltd) C:\Users\Work\Downloads\SpotifySetup.exe</div>

<div>2013-04-29 15:52 - 2013-04-29 15:52 - 00001762 ____A C:\Users\Work\Desktop\Spotify.lnk</div>

<div>2013-04-29 15:43 - 2013-04-29 15:43 - 00000000 ____D C:\Users\Work\AppData\Roaming\JetBrains</div>

<div>2013-04-29 15:41 - 2013-04-29 15:41 - 00000000 ____D C:\Users\Work\.WebIde60</div>

<div>2013-04-29 10:32 - 2013-04-29 10:43 - 733482472 ____A C:\Users\Work\Downloads\OfficeProfessionalPlus201364bit.exe</div>

<div>2013-04-27 23:52 - 2013-04-27 23:52 - 00013903 ____A C:\Users\Matt\Downloads\Character Sheet (1).xlsx</div>

<div>2013-04-27 12:42 - 2013-04-27 12:42 - 00000000 ____D C:\Users\Matt\AppData\Local\SWTORPerf</div>

<div>2013-04-27 12:41 - 2013-04-27 12:41 - 00001147 ____A C:\Users\Matt\Desktop\SW TOR.lnk</div>

<div>2013-04-25 21:16 - 2013-04-25 21:16 - 00013370 ____A C:\Users\Matt\Downloads\Character Sheet.xlsx</div>

<div>2013-04-25 00:34 - 2013-04-25 00:34 - 00032474 ____A C:\Users\Matt\Downloads\Website-Design-Quote-Template.zip</div>

<div>2013-04-24 20:24 - 2013-04-24 20:24 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\netutils.dll</div>

<div>2013-04-24 20:24 - 2013-04-24 20:24 - 00022528 ____A (Microsoft Corporation) C:\Users\Matt\Downloads\netutils.dll</div>

<div>2013-04-23 20:56 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div>

<div>2013-04-23 13:01 - 2013-04-23 13:01 - 00010753 ____A C:\Users\Matt\Downloads\Third+Exam+grade+calculator.xlsx</div>

<div>2013-04-21 16:58 - 2013-04-21 17:15 - 05149883 ____A C:\Users\Matt\Downloads\Zeppa+1.pptx</div>

<div>2013-04-18 23:26 - 2013-04-18 23:26 - 00085566 ____A C:\Users\Matt\Downloads\bootstrap.zip</div>

<div>2013-04-18 20:26 - 2013-04-18 20:26 - 00020010 ____A C:\Users\Matt\Downloads\openRPG (2).xlsx</div>

<div>2013-04-18 16:38 - 2013-04-18 16:38 - 00009741 ____A C:\Users\Matt\Downloads\searchreplacedb21.zip</div>

<div>2013-04-17 20:24 - 2013-04-17 20:24 - 00001398 ____A C:\Users\Matt\Desktop\Elophant.lnk</div>

<div>2013-04-17 20:22 - 2013-04-17 20:25 - 00000000 ____D C:\Users\Matt\Downloads\ElophantClient</div>

<div>2013-04-17 20:22 - 2013-04-17 20:22 - 01000046 ____A C:\Users\Matt\Downloads\ElophantClient.zip</div>

<div>2013-04-17 20:18 - 2013-04-17 20:18 - 00003168 ____A C:\Users\Matt\Downloads\elophant_api.zip</div>

<div>2013-04-17 18:57 - 2013-04-17 18:57 - 00015732 ____A C:\Users\Matt\Downloads\jonnyreeves-jquery-Mustache-v0.2.7-0-g9b04e36.zip</div>

<div>2013-04-16 23:02 - 2013-04-16 23:02 - 00232832 ____A (Western Digital Technologies, Inc.) C:\Windows\System32\WDMBL_AP1NC_2_2_0.dll</div>

<div>==================== One Month Modified Files and Folders =======</div>

<div>2013-05-15 20:38 - 2013-05-15 20:38 - 01877416 ____A (Farbar) C:\Users\Work\Downloads\FRST64.exe</div>

<div>2013-05-15 20:37 - 2013-05-15 20:37 - 01317283 ____A (Farbar) C:\Users\Work\Downloads\FRST.exe</div>

<div>2013-05-15 20:36 - 2013-05-14 21:46 - 00000000 ____D C:\Users\Work\AppData\Local\Apps\2.0</div>

<div>2013-05-15 20:36 - 2009-07-14 01:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI</div>

<div>2013-05-15 20:35 - 2013-04-29 15:52 - 00000000 ____D C:\Users\Work\AppData\Roaming\Spotify</div>

<div>2013-05-15 20:35 - 2013-04-29 15:52 - 00000000 ____D C:\Users\Work\AppData\Local\Spotify</div>

<div>2013-05-15 20:34 - 2012-11-21 21:50 - 00000000 ____D C:\ProgramData\NVIDIA</div>

<div>2013-05-15 20:34 - 2009-07-14 00:51 - 54144072 ____A C:\Windows\setupact.log</div>

<div>2013-05-15 20:26 - 2012-11-21 21:09 - 01983107 ____A C:\Windows\WindowsUpdate.log</div>

<div>2013-05-15 20:26 - 2012-11-21 20:57 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>2013-05-15 20:26 - 2012-11-21 20:57 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>2013-05-15 20:25 - 2013-05-04 14:45 - 00000000 ____D C:\Users\Matt\AppData\Local\Deployment</div>

<div>2013-05-15 20:25 - 2013-05-04 14:45 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\2.0</div>

<div>2013-05-15 20:22 - 2013-05-15 18:34 - 00000000 ____D C:\Qoobox</div>

<div>2013-05-15 20:21 - 2013-05-15 20:21 - 00033214 ____A C:\ComboFix.txt</div>

<div>2013-05-15 20:20 - 2012-11-21 21:11 - 00052540 ____A C:\Windows\PFRO.log</div>

<div>2013-05-15 20:20 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini</div>

<div>2013-05-15 20:19 - 2012-11-22 01:39 - 00000000 ____D C:\Users\Matt\AppData\Local\PMB Files</div>

<div>2013-05-15 20:12 - 2012-11-23 20:56 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps</div>

<div>2013-05-15 20:10 - 2009-07-14 00:45 - 05024752 ____A C:\Windows\System32\FNTCACHE.DAT</div>

<div>2013-05-15 20:00 - 2012-11-27 20:00 - 00000000 ____D C:\ProgramData\Microsoft Help</div>

<div>2013-05-15 19:41 - 2013-05-07 10:44 - 00000000 ____D C:\Users\Work\AppData\Local\CrashDumps</div>

<div>2013-05-15 18:46 - 2009-07-13 23:20 - 00000000 __RHD C:\users\Default</div>

<div>2013-05-15 18:45 - 2013-05-15 18:34 - 00000000 ____D C:\Windows\erdnt</div>

<div>2013-05-15 18:34 - 2013-05-15 20:36 - 05066276 ___RA (Swearware) C:\Users\Matt\Desktop\cf.exe</div>

<div>2013-05-15 18:34 - 2013-05-15 18:33 - 05066276 ___RA (Swearware) C:\Users\Work\Downloads\cf.exe</div>

<div>2013-05-15 12:51 - 2013-05-15 12:51 - 00009179 ____A C:\Users\Work\Desktop\attach.txt</div>

<div>2013-05-15 12:49 - 2013-05-15 12:51 - 00021091 ____A C:\Users\Work\Desktop\dds.txt</div>

<div>2013-05-15 12:49 - 2013-05-15 12:48 - 00688992 ____R (Swearware) C:\Users\Work\Downloads\dds.com</div>

<div>2013-05-14 22:05 - 2013-04-04 03:59 - 00000000 ____D C:\users\Work</div>

<div>2013-05-14 21:52 - 2013-05-14 21:52 - 00000000 ____D C:\Users\Work\AppData\Roaming\Malwarebytes</div>

<div>2013-05-14 21:52 - 2013-05-14 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes</div>

<div>2013-05-14 21:52 - 2013-05-14 21:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>

<div>2013-05-14 21:51 - 2013-05-14 21:49 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Work\Downloads\mbam-setup-1.75.0.1300.exe</div>

<div>2013-05-14 21:11 - 2013-05-14 21:11 - 01096084 ____A C:\Users\Matt\AppData\Local\2433f433</div>

<div>2013-05-14 21:11 - 2013-05-14 21:11 - 00025088 ____A C:\Users\Matt\Documents\1b8a1423.exe</div>

<div>2013-05-14 16:18 - 2013-04-04 03:59 - 00000000 ____D C:\Users\Work\AppData\Local\Adobe</div>

<div>2013-05-14 16:07 - 2013-05-14 16:07 - 00000000 ____D C:\Users\Work\AppData\Roaming\LolClient</div>

<div>2013-05-14 15:41 - 2013-05-14 15:41 - 00000000 ____D C:\Users\Work\Downloads\league-of-legends-database-master</div>

<div>2013-05-14 15:20 - 2013-05-14 15:19 - 13779637 ____A C:\Users\Work\Downloads\league-of-legends-database-master.zip</div>

<div>2013-05-14 13:55 - 2013-04-04 04:00 - 00000000 ____D C:\Users\Work\Documents\Bluetooth Folder</div>

<div>2013-05-14 13:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions</div>

<div>2013-05-13 22:17 - 2013-05-13 22:04 - 00000296 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1346713021-3321757083-4118011311-1000.job</div>

<div>2013-05-13 22:14 - 2013-05-13 22:09 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BSplayer</div>

<div>2013-05-13 22:09 - 2013-05-13 22:09 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BSplayer Pro</div>

<div>2013-05-13 22:08 - 2013-05-13 22:08 - 10510216 ____A C:\Users\Matt\Downloads\bsplayer_installer.exe</div>

<div>2013-05-13 22:07 - 2013-05-13 22:07 - 01314432 ____A (Conduit) C:\Users\Matt\Downloads\bsplayer264.1073.exe</div>

<div>2013-05-13 22:05 - 2012-11-22 01:39 - 00000000 ____D C:\ProgramData\PMB Files</div>

<div>2013-05-12 22:54 - 2012-11-21 20:57 - 00000000 ____D C:\users\Matt</div>

<div>2013-05-12 15:04 - 2013-05-12 15:04 - 00703626 ____A C:\Users\Matt\Downloads\CAH_Card_Generator-2013-05-12.zip</div>

<div>2013-05-12 14:28 - 2012-11-25 16:42 - 00001456 ____A C:\Users\Matt\AppData\Local\Adobe Save for Web 13.0 Prefs</div>

<div>2013-05-11 19:54 - 2012-11-21 17:06 - 00000000 ____D C:\Users\Matt\Documents\Bluetooth Folder</div>

<div>2013-05-11 14:38 - 2012-11-22 05:28 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Spotify</div>

<div>2013-05-10 15:53 - 2013-04-29 15:56 - 00000000 ____D C:\Users\Work\AppData\Roaming\FileZilla</div>

<div>2013-05-09 23:02 - 2013-05-09 23:02 - 00000000 ____D C:\Users\Matt\AppData\Local\Chromium</div>

<div>2013-05-09 19:23 - 2013-05-09 19:23 - 00001026 ____A C:\Users\Matt\Desktop\Anarchy.lnk</div>

<div>2013-05-09 19:13 - 2013-05-09 19:13 - 00001099 ____A C:\Users\Matt\Desktop\The Secret World.lnk</div>

<div>2013-05-09 19:13 - 2013-02-28 22:18 - 00000000 ____D C:\Users\Matt\AppData\Local\Funcom</div>

<div>2013-05-09 19:00 - 2012-11-29 13:07 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla</div>

<div>2013-05-08 11:30 - 2013-05-08 11:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1346713021-3321757083-4118011311-1000Core1ce4c019b02da0.job</div>

<div>2013-05-08 10:24 - 2013-05-08 10:20 - 00000000 ____D C:\Users\Work\Documents\my games</div>

<div>2013-05-07 15:46 - 2013-05-03 10:04 - 00001456 ____A C:\Users\Work\AppData\Local\Adobe Save for Web 13.0 Prefs</div>

<div>2013-05-07 14:54 - 2013-04-04 03:59 - 00000000 ____D C:\Users\Work\AppData\Roaming\Adobe</div>

<div>2013-05-07 10:46 - 2013-05-07 10:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4b319ccf4946.job</div>

<div>2013-05-06 20:03 - 2012-11-22 05:28 - 00000000 ____D C:\Users\Matt\AppData\Local\Spotify</div>

<div>2013-05-06 18:55 - 2013-05-06 18:55 - 00000000 ____D C:\Users\Work\AppData\Roaming\Mozilla</div>

<div>2013-05-06 18:55 - 2013-05-06 18:55 - 00000000 ____D C:\Users\Work\AppData\Local\Mozilla</div>

<div>2013-05-06 18:55 - 2013-05-06 18:55 - 00000000 ____D C:\Users\Work\AppData\Local\Apple Computer</div>

<div>2013-05-06 18:55 - 2013-04-04 03:59 - 00000000 ____D C:\Users\Work\AppData\Roaming\Apple Computer</div>

<div>2013-05-06 18:55 - 2012-11-29 13:10 - 00002469 ____A C:\Users\Public\Desktop\Safari.lnk</div>

<div>2013-05-05 18:54 - 2013-05-04 22:29 - 00000000 ____D C:\ProgramData\NexonUS</div>

<div>2013-05-05 18:47 - 2013-05-05 18:14 - 1728564896 ____A (Nexon) C:\Users\Matt\Downloads\Combatarms_VER_US_1304.04.exe</div>

<div>2013-05-05 17:39 - 2013-05-05 17:39 - 00000280 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{876654E8-B79D-4B62-9BFA-7C0270F02C3C}.job</div>

<div>2013-05-04 23:31 - 2013-05-04 23:31 - 00017833 ____A C:\Users\Matt\Downloads\Character Sheet (2).xlsx</div>

<div>2013-05-04 22:29 - 2013-05-04 22:29 - 00000000 ____D C:\ProgramData\Nexon</div>

<div>2013-05-04 16:21 - 2013-05-04 16:21 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Curse Advertising</div>

<div>2013-05-04 14:45 - 2013-05-04 14:45 - 00000318 ____A C:\Users\Matt\Desktop\Curse Client.appref-ms</div>

<div>2013-05-04 14:45 - 2013-05-04 14:45 - 00000000 ____D C:\Users\Matt\Documents\My Curse</div>

<div>2013-05-04 14:45 - 2012-11-22 06:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\.minecraft</div>

<div>2013-05-04 14:44 - 2013-05-04 14:44 - 00402696 ____A () C:\Users\Matt\Downloads\setup (2).exe</div>

<div>2013-05-04 14:44 - 2013-05-04 14:44 - 00402696 ____A () C:\Users\Matt\Downloads\setup (1).exe</div>

<div>2013-05-03 10:02 - 2013-05-03 10:02 - 00000000 ____D C:\Users\Work\AppData\Roaming\NVIDIA</div>

<div>2013-05-03 09:46 - 2013-05-03 09:46 - 00000000 ____D C:\Users\Work\.gem</div>

<div>2013-05-03 09:17 - 2013-04-04 03:59 - 00110064 ____A C:\Users\Work\AppData\Local\GDIPFONTCACHEV1.DAT</div>

<div>2013-05-02 02:06 - 2012-11-21 18:38 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe</div>

<div>2013-04-29 16:50 - 2013-04-29 16:50 - 00000000 ____D C:\Users\Work\Downloads\ruby-2.0.0-p0</div>

<div>2013-04-29 16:50 - 2013-04-29 16:50 - 00000000 ____D C:\Users\Work\Downloads\bcc32</div>

<div>2013-04-29 16:46 - 2013-04-29 16:45 - 13608925 ____A C:\Users\Work\Downloads\ruby-2.0.0-p0.tar.gz</div>

<div>2013-04-29 16:42 - 2012-11-22 02:31 - 00110064 ____A C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT</div>

<div>2013-04-29 15:52 - 2013-04-29 15:52 - 00092776 ____A (Spotify Ltd) C:\Users\Work\Downloads\SpotifySetup.exe</div>

<div>2013-04-29 15:52 - 2013-04-29 15:52 - 00001762 ____A C:\Users\Work\Desktop\Spotify.lnk</div>

<div>2013-04-29 15:43 - 2013-04-29 15:43 - 00000000 ____D C:\Users\Work\AppData\Roaming\JetBrains</div>

<div>2013-04-29 15:41 - 2013-04-29 15:41 - 00000000 ____D C:\Users\Work\.WebIde60</div>

<div>2013-04-29 12:56 - 2012-11-27 20:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office</div>

<div>2013-04-29 12:56 - 2009-07-14 03:46 - 00000000 ____D C:\Windows\ShellNew</div>

<div>2013-04-29 12:56 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared</div>

<div>2013-04-29 11:34 - 2012-11-27 20:00 - 00000000 ____D C:\Program Files\Microsoft Office</div>

<div>2013-04-29 10:43 - 2013-04-29 10:32 - 733482472 ____A C:\Users\Work\Downloads\OfficeProfessionalPlus201364bit.exe</div>

<div>2013-04-29 10:17 - 2013-04-04 03:59 - 00000000 ____D C:\Users\Work\Documents\LOLReplay</div>

<div>2013-04-27 23:52 - 2013-04-27 23:52 - 00013903 ____A C:\Users\Matt\Downloads\Character Sheet (1).xlsx</div>

<div>2013-04-27 12:42 - 2013-04-27 12:42 - 00000000 ____D C:\Users\Matt\AppData\Local\SWTORPerf</div>

<div>2013-04-27 12:41 - 2013-04-27 12:41 - 00001147 ____A C:\Users\Matt\Desktop\SW TOR.lnk</div>

<div>2013-04-26 00:16 - 2012-12-09 19:14 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype</div>

<div>2013-04-25 21:16 - 2013-04-25 21:16 - 00013370 ____A C:\Users\Matt\Downloads\Character Sheet.xlsx</div>

<div>2013-04-25 00:34 - 2013-04-25 00:34 - 00032474 ____A C:\Users\Matt\Downloads\Website-Design-Quote-Template.zip</div>

<div>2013-04-24 20:24 - 2013-04-24 20:24 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\netutils.dll</div>

<div>2013-04-24 20:24 - 2013-04-24 20:24 - 00022528 ____A (Microsoft Corporation) C:\Users\Matt\Downloads\netutils.dll</div>

<div>2013-04-23 13:01 - 2013-04-23 13:01 - 00010753 ____A C:\Users\Matt\Downloads\Third+Exam+grade+calculator.xlsx</div>

<div>2013-04-21 17:15 - 2013-04-21 16:58 - 05149883 ____A C:\Users\Matt\Downloads\Zeppa+1.pptx</div>

<div>2013-04-20 20:02 - 2012-11-21 21:40 - 00000000 ____D C:\ProgramData\Adobe</div>

<div>2013-04-20 01:26 - 2012-11-24 20:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\FileZilla</div>

<div>2013-04-18 23:26 - 2013-04-18 23:26 - 00085566 ____A C:\Users\Matt\Downloads\bootstrap.zip</div>

<div>2013-04-18 20:26 - 2013-04-18 20:26 - 00020010 ____A C:\Users\Matt\Downloads\openRPG (2).xlsx</div>

<div>2013-04-18 16:38 - 2013-04-18 16:38 - 00009741 ____A C:\Users\Matt\Downloads\searchreplacedb21.zip</div>

<div>2013-04-17 20:25 - 2013-04-17 20:22 - 00000000 ____D C:\Users\Matt\Downloads\ElophantClient</div>

<div>2013-04-17 20:24 - 2013-04-17 20:24 - 00001398 ____A C:\Users\Matt\Desktop\Elophant.lnk</div>

<div>2013-04-17 20:22 - 2013-04-17 20:22 - 01000046 ____A C:\Users\Matt\Downloads\ElophantClient.zip</div>

<div>2013-04-17 20:18 - 2013-04-17 20:18 - 00003168 ____A C:\Users\Matt\Downloads\elophant_api.zip</div>

<div>2013-04-17 18:57 - 2013-04-17 18:57 - 00015732 ____A C:\Users\Matt\Downloads\jonnyreeves-jquery-Mustache-v0.2.7-0-g9b04e36.zip</div>

<div>2013-04-16 23:02 - 2013-04-16 23:02 - 00232832 ____A (Western Digital Technologies, Inc.) C:\Windows\System32\WDMBL_AP1NC_2_2_0.dll</div>

<div>2013-04-16 10:36 - 2013-02-15 20:31 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1346713021-3321757083-4118011311-1000UA.job</div>

<div>2013-04-16 10:31 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div>

<div>2013-04-16 02:27 - 2012-11-21 16:57 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>2013-04-16 02:22 - 2012-11-25 23:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div>

<div>2013-04-16 02:10 - 2013-03-26 01:56 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Matt.job</div>

<div>2013-04-16 02:00 - 2012-11-21 21:42 - 00000000 ____D C:\Users\Matt\AppData\Local\Adobe</div>

<div>2013-04-15 20:18 - 2013-03-26 01:56 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Matt.job</div>

<div>2013-04-15 20:18 - 2012-12-01 00:58 - 00000000 ____D C:\Program Files\Fraps</div>

<div>2013-04-15 20:18 - 2012-11-22 06:16 - 00000000 ___SD C:\Users\Matt\Google Drive</div>

<div>==================== Bamital & volsnap Check =================</div>

<div>C:\Windows\System32\winlogon.exe => MD5 is legit</div>

<div>C:\Windows\System32\wininit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</div>

<div>C:\Windows\explorer.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</div>

<div>C:\Windows\System32\svchost.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</div>

<div>C:\Windows\System32\services.exe => MD5 is legit</div>

<div>C:\Windows\System32\User32.dll => MD5 is legit</div>

<div>C:\Windows\SysWOW64\User32.dll => MD5 is legit</div>

<div>C:\Windows\System32\userinit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</div>

<div>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</div>

mbalmer · May 16, 2013

===================================================

==================== ADDITION.TXT ===================

===================================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2013

Ran by Work at 2013-05-15 20:39:15 Run:

Running from C:\Users\Work\Downloads

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

7-Zip 9.22beta

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.5)

Adobe AIR (Version: 3.6.0.5970)

Adobe Creative Suite 6 Production Premium (Version: 6)

Adobe CS6 Design and Web Premium (Version: 6)

Adobe Flash Builder 4.6 (Version: 4.6.1)

Adobe Flash Media Live Encoder 3.2 (Version: 3.2.0)

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)

Adobe Flash Player 11 Plugin (Version: 11.6.602.180)

Adobe Help Manager (Version: 4.0.244)

Adobe Reader XI (11.0.01) (Version: 11.0.01)

Adobe Shockwave Player 12.0 (Version: 12.0.0.112)

Adobe Widget Browser (Version: 2.0 Build 348)

Adobe Widget Browser (Version: 2.0.348)

Adobe® Content Viewer (Version: 2.9.0)

Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)

Apple Application Support (Version: 2.3)

Apple Software Update (Version: 2.1.3.127)

Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.14.1.0)

Assassin's Creed ® III (Version: 1.01)

bl (Version: 1.0.0)

Bluetooth Win7 Suite (64) (Version: 7.2.0.65)

CameraHelperMsi (Version: 13.50.854.0)

Combat Arms

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Dishonored (Version: 1.0)

Download Navigator (Version: 3.4.0)

EPSON Connect version 1.0 (Version: 1.0)

Epson Customer Participation (Version: 1.4.0.0)

Epson Event Manager (Version: 3.01.0003)

EPSON NX510 Series Printer Uninstall

Epson Print CD (Version: 2.20.00)

EPSON Scan

EPSON XP-600 Series Printer Uninstall

EpsonNet Print (Version: 2.5.00)

EpsonNet Setup (Version: 3.1c)

erLT (Version: 1.20.138.34)

EVGA Precision 2.0.2 (Version: 2.0.2)

Fences 2 (Version: 2.01)

FileZilla Client 3.6.0.2 (Version: 3.6.0.2)

Forge

Fraps (remove only)

GetSavin (Version: 1.1362897017)

Google Chrome (Version: 26.0.1410.64)

Google Drive (Version: 1.9.4536.8202)

Google Gmail Notifier

Google Talk Plugin (Version: 3.19.1.13088)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)

Google Update Helper (Version: 1.3.21.145)

Guitar Pro 6

Intel® Management Engine Components (Version: 7.0.0.1144)

Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0)

Java 7 Update 11 (64-bit) (Version: 7.0.110)

Java 7 Update 11 (Version: 7.0.110)

Java SE Development Kit 7 Update 9 (64-bit) (Version: 1.7.0.90)

JetBrains PhpStorm 6.0 (Version: 127.100)

JetBrains WebStorm 6.0 (Version: 127.68)

JMicron JMB36X Driver (Version: 1.17.58.2)

Killing Floor

Launchpad Enhanced (Version: 0.05.000)

League of Legends (Version: 1.3)

Leap Software (Version: 0.7.1)

Logitech Vid HD (Version: 7.2 (7248))

Logitech Webcam Software (Version: 2.0)

LOLReplay (Version: 0.8.1.4)

LWS Facebook (Version: 13.50.854.0)

LWS Gallery (Version: 13.50.854.0)

LWS Help_main (Version: 13.50.862.0)

LWS Launcher (Version: 13.50.859.0)

LWS Motion Detection (Version: 13.30.1395.0)

LWS Pictures And Video (Version: 13.50.861.0)

LWS Twitter (Version: 13.30.1346.0)

LWS Video Mask Maker (Version: 13.30.1379.0)

LWS VideoEffects (Version: 13.30.1379.0)

LWS Webcam Software (Version: 13.31.1038.0)

LWS WLM Plugin (Version: 1.30.1201.0)

LWS YouTube Plugin (Version: 13.31.1038.0)

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

marvell 91xx driver (Version: 1.0.0.1045)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0)

Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)

MotoHelper 2.1.41 Driver 5.5.0 (Version: 2.1.41)

MotoHelper MergeModules (Version: 1.2.0)

Motorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0)

Mozilla Firefox 17.0 (x86 en-US) (Version: 17.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mumble 1.2.3 (Version: 1.2.3)

NetBalancer

Nexon Game Manager

NVIDIA 3D Vision Controller Driver 305.27 (Version: 305.27)

NVIDIA 3D Vision Driver 311.06 (Version: 311.06)

NVIDIA Control Panel 311.06 (Version: 311.06)

NVIDIA Graphics Driver 311.06 (Version: 311.06)

NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)

NVIDIA Install Application (Version: 2.1002.108.688)

NVIDIA PhysX (Version: 9.12.0613)

NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)

NVIDIA Update 1.11.3 (Version: 1.11.3)

NVIDIA Update Components (Version: 1.11.3)

Opera 12.11 (Version: 12.11.1661)

Pando Media Booster (Version: 2.6.0.8)

Path of Exile (Version: 0.10.1.22906)

PDF Settings CS6 (Version: 11.0)

ph (Version: 1.0.0)

PlanetSide 2

PunkBuster Services (Version: 0.991)

QuickTime (Version: 7.73.80.64)

Razer Lycosa (Version: 1.00.0000)

RealDownloader (Version: 1.3.0)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)

RealPlayer (Version: 16.0.0)

Realtek High Definition Audio Driver (Version: 6.0.1.6251)

RealUpgrade 1.1 (Version: 1.1.0)

RPG MAKER VX Ace Lite (Version: 1.01b)

Safari (Version: 5.34.57.2)

Skype™ 6.3 (Version: 6.3.105)

Snake (Version: 0.0.0)

Spotify (Version: 0.9.0.133.gd18ed589)

Star Wars Galaxies (Version: 1.00.000)

Star Wars: The Old Republic (Version: 1.00)

StarCraft II (Version: 2.0.7.25293)

swMSM (Version: 12.0.0.1)

SyncToy 2.1 (x64) (Version: 2.1.0)

Torchlight II

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Uplay (Version: 2.0)

Ventrilo Client for Windows x64 (Version: 3.0.8.0)

Windows Driver Package - Cypress (CYUSB3) USB (08/08/2012 1.1.2.00) (Version: 08/08/2012 1.1.2.00)

World of Warcraft (Version: 5.2.0.16826)

XSplit (Version: 1.2.1303.0101)

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service:

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/15/2013 08:40:56 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.

.

Operation:

Instantiating VSS server

Error: (05/15/2013 08:40:56 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.

]

Operation:

Instantiating VSS server

Error: (05/15/2013 08:14:16 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.

.

Operation:

Instantiating VSS server

Error: (05/15/2013 08:14:16 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.

]

Operation:

Instantiating VSS server

Error: (05/15/2013 08:12:01 PM) (Source: swg) (User: )

Description: There was an error in s. File s

Error: (05/15/2013 08:11:52 PM) (Source: swg) (User: )

Description: There was an error in s. File s

Error: (05/15/2013 08:11:51 PM) (Source: Application Error) (User: )

Description: Faulting application name: runonce.exe, version: 6.1.7601.17514, time stamp: 0x4ce797ce

Faulting module name: iertutil.dll, version: 10.0.9200.16576, time stamp: 0x515e47b6

Exception code: 0xc0000005

Fault offset: 0x000df58c

Faulting process id: 0x9a4

Faulting application start time: 0xrunonce.exe0

Faulting application path: runonce.exe1

Faulting module path: runonce.exe2

Report Id: runonce.exe3

Error: (05/15/2013 07:57:45 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80042302).

Error: (05/15/2013 07:57:45 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.

.

Error: (05/15/2013 07:57:45 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.

]

System errors:

=============

Error: (05/15/2013 08:40:37 PM) (Source: Service Control Manager) (User: )