Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1500 pdfs downloaded....strange malware (cs student--please help)


  • This topic is locked This topic is locked
9 replies to this topic

#1 outofideas94305

outofideas94305

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 06 March 2014 - 12:37 AM

I received this email from my university network admin a few days ago: 

 

"...We received the attached complaint from [academic journal], alleging that you have excessively downloaded PDFs.  They claim that you downloaded more than 1,500 PDFs on [date].

They have subsequently blocked your IP address.  Before they will re-instate the address, they have requested that you delete the PDFs that you downloaded, and agree to cease all forms of robotic or excessive crawling / downloading of files."

 

I didn't do this, and I have been told that it is unlikely that any ip spoofing is happening.

 

I downloaded wireshark, and I have a few dumps of the activity, which seems to be coming from Tsingua University (I found:

 

X-Forwarded-For: 171.67.8.8  \r\n

True-Client-IP: 166.111.8.8\r\n 
 
in some of the packets)

 

Turning on Windows firewall stops the problem for now.

 

I've run: avira, malwarebytes, superantispyware, spybot, combofix, and hijack this (and I'm running ad-aware atm) (my hijack this logfile is below).

 

I don't have time to reinstall the os etc, so if you have any advice, it'd be greatly appreciated.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:29:07 PM, on 3/5/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.200\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.74\deploy\LolClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\arbitraryusername\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=617686&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision  - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung RAPID Mode Service (SamsungRapidSvc) - Unknown owner - C:\Windows\system32\RAPID\SamsungRapidSvc.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 11592 bytes

Edited by outofideas94305, 06 March 2014 - 10:41 AM.


BC AdBot (Login to Remove)

 


m

#2 outofideas94305

outofideas94305
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 06 March 2014 - 07:14 PM

shamless hopefully not excessively awful bump



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 AM

Posted 07 March 2014 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

HijackThis is not compatible with Windows 7 64 bit. I need to see this log.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 outofideas94305

outofideas94305
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 07 March 2014 - 06:02 PM

Hi Nasdaq--thanks so much!

 

 

# AdwCleaner v3.020 - Report created 07/03/2014 at 14:34:11
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : arbitraryusername - ARBITRARYNAME
# Running from : C:\Users\arbitraryusername\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\caphyon
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\arbitraryusername\AppData\Roaming\Mozilla\Firefox\Profiles\crcr484k.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1230 octets] - [05/02/2014 19:13:02]
AdwCleaner[R1].txt - [1155 octets] - [07/03/2014 14:31:18]
AdwCleaner[S0].txt - [1301 octets] - [05/02/2014 19:16:57]
AdwCleaner[S1].txt - [1083 octets] - [07/03/2014 14:34:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1143 octets] ##########
 
_______________________________________________________________________________________
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by arbitraryusername on Fri 03/07/2014 at 14:41:26.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\arbitraryusername\AppData\Roaming\mozilla\firefox\profiles\crcr484k.default\minidumps [5 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 14:53:03.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________________________________________________
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014 01
Ran by arbitraryusername (administrator) on ARBITRARYNAME on 07-03-2014 14:54:59
Running from C:\Users\arbitraryusername\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Samsung Electronics Co., Ltd.) C:\Windows\system32\RAPID\SamsungRapidSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\arbitraryusername\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SamsungRapidApp] - C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [109280 2013-07-29] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] - [X]
Winlogon\Notify\FastAccess-x32: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-640340611-2025921864-2384136447-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
Lsa: [Notification Packages] scecli FAPassSync
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=617686&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD7C9049C697CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {811464C3-7784-4442-9326-43137D1FB731} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {C57BE04B-92CB-4D66-BB83-79CAF09BB11A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 171.64.7.99 171.64.7.77 171.64.7.55
 
FireFox:
========
FF ProfilePath: C:\Users\arbitraryusername\AppData\Roaming\Mozilla\Firefox\Profiles\crcr484k.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\arbitraryusername\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\arbitraryusername\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\arbitraryusername\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\arbitraryusername\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\arbitraryusername\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\arbitraryusername\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\arbitraryusername\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\arbitraryusername\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: SQL Inject Me - C:\Users\arbitraryusername\AppData\Roaming\Mozilla\Firefox\Profiles\crcr484k.default\Extensions\sqlime@security.compass.xpi [2013-11-27]
FF Extension: Adblock Plus - C:\Users\arbitraryusername\AppData\Roaming\Mozilla\Firefox\Profiles\crcr484k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-01]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Entanglement Web App) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-03-02]
CHR Extension: (Google Docs) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (Session Manager) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-03-02]
CHR Extension: (YouTube) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Honey) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-03-02]
CHR Extension: (Google Search) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (AdBlock) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-02]
CHR Extension: (Poppit) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-03-02]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
 
==================== Services (Whitelisted) =================
 
S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\sqlservr.exe [57820696 2008-07-09] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-09] (Microsoft Corporation)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-13] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 ALSysIO; \??\C:\Users\ARBITR~1\AppData\Local\Temp\ALSysIO64.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ARBITR~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-07 14:54 - 2014-03-07 14:55 - 00016857 _____ () C:\Users\arbitraryusername\Desktop\FRST.txt
2014-03-07 14:54 - 2014-03-07 14:54 - 02156544 _____ (Farbar) C:\Users\arbitraryusername\Desktop\FRST64.exe
2014-03-07 14:54 - 2014-03-07 14:54 - 00000000 ____D () C:\FRST
2014-03-07 14:53 - 2014-03-07 14:53 - 00000885 _____ () C:\Users\arbitraryusername\Desktop\JRT.txt
2014-03-07 14:41 - 2014-03-07 14:41 - 00000000 ____D () C:\Windows\ERUNT
2014-03-07 14:40 - 2014-03-07 14:40 - 01037734 _____ (Thisisu) C:\Users\arbitraryusername\Desktop\JRT.exe
2014-03-07 14:40 - 2014-03-07 14:40 - 00001223 _____ () C:\Users\arbitraryusername\Desktop\AdwCleaner[S1].txt
2014-03-06 17:18 - 2014-03-06 17:18 - 00000000 ____D () C:\ProgramData\Stanford
2014-03-06 15:47 - 2014-03-06 15:47 - 00000876 _____ () C:\Windows\SysWOW64\2014-03-06_15-47-33_League of Legends.log
2014-03-06 15:47 - 2014-03-06 15:47 - 00000525 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-03-06 15:42 - 2014-03-06 15:42 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Oracle
2014-03-05 18:33 - 2014-02-28 16:27 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-183343.backup
2014-03-05 18:18 - 2014-03-05 18:18 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Lavasoft
2014-03-05 18:17 - 2014-03-05 18:17 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\LavasoftStatistics
2014-03-05 18:01 - 2014-03-05 18:01 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-05 18:00 - 2014-03-05 18:00 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-05 17:59 - 2014-03-05 17:59 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-04 16:19 - 2014-03-04 16:19 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\submit
2014-03-04 12:44 - 2014-03-04 12:44 - 00000000 ____D () C:\Users\arbitraryusername\.idlerc
2014-02-28 21:14 - 2014-02-28 21:14 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\lab3
2014-02-28 16:48 - 2014-03-03 11:52 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\packetdumps
2014-02-28 16:29 - 2014-02-28 16:29 - 00031501 _____ () C:\ComboFix.txt
2014-02-28 16:19 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-28 16:19 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-28 16:19 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-28 16:19 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-28 16:19 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-28 16:19 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-28 16:19 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-28 16:19 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-28 16:16 - 2014-02-28 16:29 - 00000000 ____D () C:\Qoobox
2014-02-28 16:15 - 2014-02-28 16:27 - 00000000 ____D () C:\Windows\erdnt
2014-02-28 15:04 - 2014-02-28 15:33 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Wireshark
2014-02-28 14:53 - 2014-02-28 14:53 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-28 14:52 - 2014-02-28 14:53 - 00000000 ____D () C:\Program Files\Wireshark
2014-02-28 14:50 - 2014-02-28 14:51 - 27981224 _____ (Wireshark development team) C:\Users\arbitraryusername\Desktop\Wireshark-win64-1.10.5.exe
2014-02-27 12:53 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\arbitraryusername\Tracing
2014-02-27 12:53 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\arbitraryusername\Documents\My Meetings
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\ProgramData\Applications
2014-02-19 10:32 - 2014-02-19 10:32 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\Newman
2014-02-16 12:16 - 2014-02-21 14:50 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\lab2
2014-02-14 20:04 - 2014-02-14 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 09:17 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 09:17 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 09:16 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 09:16 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 09:16 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 09:16 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 09:16 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 09:16 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 09:16 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 09:16 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 09:16 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 09:16 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 09:16 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 09:16 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 09:16 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 09:16 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 09:16 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 09:16 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 09:16 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 09:16 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 09:16 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 09:16 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 09:16 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 09:16 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 09:16 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 09:16 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 09:16 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 09:16 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 09:16 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 09:16 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 09:16 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 09:16 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 09:16 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 09:16 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 09:16 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 09:16 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 09:16 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 09:16 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 09:16 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 09:16 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 09:16 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 14:15 - 2014-02-13 14:15 - 00005799 _____ () C:\Users\arbitraryusername\Desktop\servoRemote.py
2014-02-13 14:15 - 2014-02-13 14:15 - 00003003 _____ () C:\Users\arbitraryusername\Desktop\Hawkeye_v2.0_Pied_Wagtail.py
2014-02-13 14:15 - 2014-02-13 14:15 - 00001775 _____ () C:\Users\arbitraryusername\Desktop\franges.py
2014-02-13 08:00 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 08:00 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 08:00 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 08:00 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 08:00 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 08:00 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 08:00 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 08:00 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 20:12 - 2014-02-09 20:16 - 00000000 ____D () C:\Users\arbitraryusername\Documents\iZotope
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\iZotope
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Program Files\Steinberg
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Program Files\Common Files\VST3
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Program Files (x86)\iZotope
2014-02-09 18:38 - 2014-02-09 18:38 - 00000881 _____ () C:\Users\arbitraryusername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2014-02-08 16:41 - 2014-02-08 16:41 - 00000000 ____D () C:\Users\arbitraryusername\Documents\AlienFX
2014-02-08 16:36 - 2014-02-08 16:36 - 00000000 ____D () C:\Program Files\Alienware
2014-02-08 16:32 - 2014-02-08 16:32 - 00000000 ____D () C:\dell
2014-02-06 23:13 - 2014-02-06 23:13 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-02-06 17:02 - 2014-02-06 17:02 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Intel Corporation
2014-02-06 17:02 - 2014-02-06 17:02 - 00000000 ____D () C:\ProgramData\Intel
2014-02-06 17:00 - 2014-02-06 17:00 - 00000000 ____D () C:\Users\arbitraryusername\Intel
2014-02-06 16:55 - 2014-02-06 16:55 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\MaxxMEM2_Preview
2014-02-06 16:48 - 2013-07-29 11:56 - 00240864 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2014-02-06 16:47 - 2014-02-06 16:52 - 00000000 ____D () C:\Program Files (x86)\RAPID
2014-02-06 16:47 - 2014-02-06 16:47 - 00000000 ____D () C:\Windows\system32\RAPID
2014-02-06 16:36 - 2014-02-06 16:37 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-02-05 19:13 - 2014-03-07 14:34 - 00000000 ____D () C:\AdwCleaner
2014-02-05 19:03 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-05 19:03 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-05 19:03 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-05 19:03 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-05 19:02 - 2014-02-05 19:03 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
 
==================== One Month Modified Files and Folders =======
 
2014-03-07 14:55 - 2014-03-07 14:54 - 00016857 _____ () C:\Users\arbitraryusername\Desktop\FRST.txt
2014-03-07 14:54 - 2014-03-07 14:54 - 02156544 _____ (Farbar) C:\Users\arbitraryusername\Desktop\FRST64.exe
2014-03-07 14:54 - 2014-03-07 14:54 - 00000000 ____D () C:\FRST
2014-03-07 14:53 - 2014-03-07 14:53 - 00000885 _____ () C:\Users\arbitraryusername\Desktop\JRT.txt
2014-03-07 14:46 - 2013-08-12 17:11 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 14:44 - 2009-07-13 20:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 14:44 - 2009-07-13 20:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 14:42 - 2009-07-13 21:13 - 00880646 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 14:41 - 2014-03-07 14:41 - 00000000 ____D () C:\Windows\ERUNT
2014-03-07 14:40 - 2014-03-07 14:40 - 01037734 _____ (Thisisu) C:\Users\arbitraryusername\Desktop\JRT.exe
2014-03-07 14:40 - 2014-03-07 14:40 - 00001223 _____ () C:\Users\arbitraryusername\Desktop\AdwCleaner[S1].txt
2014-03-07 14:40 - 2013-09-13 06:37 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\arbitrary stuff
2014-03-07 14:39 - 2009-06-14 21:28 - 01892422 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 14:37 - 2013-09-26 12:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-07 14:37 - 2013-08-31 07:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-07 14:37 - 2013-08-12 18:34 - 00000000 ___RD () C:\drive
2014-03-07 14:36 - 2013-08-12 17:11 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 14:35 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 14:35 - 2009-07-13 20:51 - 00009787 _____ () C:\Windows\setupact.log
2014-03-07 14:34 - 2014-02-05 19:13 - 00000000 ____D () C:\AdwCleaner
2014-03-07 14:33 - 2013-08-12 17:29 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Skype
2014-03-07 14:22 - 2013-10-09 14:13 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640340611-2025921864-2384136447-1001UA.job
2014-03-07 09:37 - 2013-10-09 14:13 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640340611-2025921864-2384136447-1001Core.job
2014-03-06 23:54 - 2013-08-12 18:49 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Local\PMB Files
2014-03-06 23:54 - 2013-08-12 18:49 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-06 17:18 - 2014-03-06 17:18 - 00000000 ____D () C:\ProgramData\Stanford
2014-03-06 15:47 - 2014-03-06 15:47 - 00000876 _____ () C:\Windows\SysWOW64\2014-03-06_15-47-33_League of Legends.log
2014-03-06 15:47 - 2014-03-06 15:47 - 00000525 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-03-06 15:42 - 2014-03-06 15:42 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Oracle
2014-03-06 15:04 - 2013-08-12 18:24 - 00011976 _____ () C:\Windows\PFRO.log
2014-03-05 18:18 - 2014-03-05 18:18 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Lavasoft
2014-03-05 18:17 - 2014-03-05 18:17 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\LavasoftStatistics
2014-03-05 18:12 - 2013-11-10 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-05 18:01 - 2014-03-05 18:01 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-05 18:00 - 2014-03-05 18:00 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-05 17:59 - 2014-03-05 17:59 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-04 18:50 - 2013-08-13 11:23 - 00002364 _____ () C:\Users\arbitraryusername\.kdiff3rc
2014-03-04 16:19 - 2014-03-04 16:19 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\submit
2014-03-04 15:23 - 2013-09-24 10:54 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Mozilla
2014-03-04 12:44 - 2014-03-04 12:44 - 00000000 ____D () C:\Users\arbitraryusername\.idlerc
2014-03-04 12:44 - 2009-06-14 21:29 - 00000000 ____D () C:\Users\arbitraryusername
2014-03-03 11:52 - 2014-02-28 16:48 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\packetdumps
2014-03-02 22:07 - 2014-01-23 11:43 - 00000000 ____D () C:\ProgramData\VMware
2014-02-28 21:14 - 2014-02-28 21:14 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\lab3
2014-02-28 18:58 - 2013-08-12 17:52 - 00000000 ____D () C:\workspace
2014-02-28 16:29 - 2014-02-28 16:29 - 00031501 _____ () C:\ComboFix.txt
2014-02-28 16:29 - 2014-02-28 16:16 - 00000000 ____D () C:\Qoobox
2014-02-28 16:27 - 2014-03-05 18:33 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-183343.backup
2014-02-28 16:27 - 2014-02-28 16:15 - 00000000 ____D () C:\Windows\erdnt
2014-02-28 16:27 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-28 16:27 - 2009-06-14 21:29 - 00000000 ___RD () C:\Users\arbitraryusername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-28 16:25 - 2013-09-17 13:44 - 00000000 ____D () C:\Program Files (x86)\HipChat
2014-02-28 15:33 - 2014-02-28 15:04 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Wireshark
2014-02-28 14:53 - 2014-02-28 14:53 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-28 14:53 - 2014-02-28 14:52 - 00000000 ____D () C:\Program Files\Wireshark
2014-02-28 14:51 - 2014-02-28 14:50 - 27981224 _____ (Wireshark development team) C:\Users\arbitraryusername\Desktop\Wireshark-win64-1.10.5.exe
2014-02-27 12:53 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\arbitraryusername\Tracing
2014-02-27 12:53 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\arbitraryusername\Documents\My Meetings
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\ProgramData\Applications
2014-02-25 13:38 - 2013-08-13 06:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-22 21:31 - 2013-11-02 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 14:50 - 2014-02-16 12:16 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\lab2
2014-02-20 07:27 - 2013-08-23 11:01 - 00000000 ____D () C:\Users\arbitraryusername\.matplotlib
2014-02-19 10:32 - 2014-02-19 10:32 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\Newman
2014-02-15 23:50 - 2013-08-13 06:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 23:49 - 2013-08-12 18:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 16:19 - 2013-08-27 08:45 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Local\TGitCache
2014-02-14 20:04 - 2014-02-14 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 09:22 - 2013-09-12 16:28 - 00874862 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 09:17 - 2013-10-09 14:13 - 00003954 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-640340611-2025921864-2384136447-1001UA
2014-02-14 09:17 - 2013-10-09 14:13 - 00003558 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-640340611-2025921864-2384136447-1001Core
2014-02-13 18:41 - 2013-08-12 17:11 - 00003916 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 18:41 - 2013-08-12 17:11 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 14:15 - 2014-02-13 14:15 - 00005799 _____ () C:\Users\arbitraryusername\Desktop\servoRemote.py
2014-02-13 14:15 - 2014-02-13 14:15 - 00003003 _____ () C:\Users\arbitraryusername\Desktop\Hawkeye_v2.0_Pied_Wagtail.py
2014-02-13 14:15 - 2014-02-13 14:15 - 00001775 _____ () C:\Users\arbitraryusername\Desktop\franges.py
2014-02-10 21:59 - 2013-08-12 18:13 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\done
2014-02-10 21:57 - 2014-01-22 13:21 - 00000000 ____D () C:\Users\arbitraryusername\Documents\MATLAB
2014-02-09 20:16 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\arbitraryusername\Documents\iZotope
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\iZotope
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Program Files\Steinberg
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Program Files\Common Files\VST3
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Program Files (x86)\iZotope
2014-02-09 19:04 - 2013-08-12 18:13 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\uTorrent
2014-02-09 18:38 - 2014-02-09 18:38 - 00000881 _____ () C:\Users\arbitraryusername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2014-02-09 18:38 - 2013-09-06 17:43 - 00000000 ____D () C:\ProgramData\Ableton
2014-02-08 16:41 - 2014-02-08 16:41 - 00000000 ____D () C:\Users\arbitraryusername\Documents\AlienFX
2014-02-08 16:40 - 2009-07-13 20:45 - 00420664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-08 16:38 - 2013-08-31 04:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-08 16:38 - 2013-08-12 17:10 - 00109232 _____ () C:\Users\arbitraryusername\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-08 16:36 - 2014-02-08 16:36 - 00000000 ____D () C:\Program Files\Alienware
2014-02-08 16:34 - 2013-09-06 05:26 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Local\Downloaded Installations
2014-02-08 16:34 - 2013-08-20 17:04 - 00007605 _____ () C:\Users\arbitraryusername\AppData\Local\Resmon.ResmonCfg
2014-02-08 16:32 - 2014-02-08 16:32 - 00000000 ____D () C:\dell
2014-02-06 23:13 - 2014-02-06 23:13 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-02-06 17:02 - 2014-02-06 17:02 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Roaming\Intel Corporation
2014-02-06 17:02 - 2014-02-06 17:02 - 00000000 ____D () C:\ProgramData\Intel
2014-02-06 17:02 - 2013-08-13 10:10 - 00000000 ____D () C:\Program Files\Intel
2014-02-06 17:00 - 2014-02-06 17:00 - 00000000 ____D () C:\Users\arbitraryusername\Intel
2014-02-06 16:55 - 2014-02-06 16:55 - 00000000 ____D () C:\Users\arbitraryusername\Desktop\MaxxMEM2_Preview
2014-02-06 16:52 - 2014-02-06 16:47 - 00000000 ____D () C:\Program Files (x86)\RAPID
2014-02-06 16:47 - 2014-02-06 16:47 - 00000000 ____D () C:\Windows\system32\RAPID
2014-02-06 16:37 - 2014-02-06 16:36 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-02-06 04:16 - 2014-02-14 09:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-14 09:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-14 09:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-14 09:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-14 09:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-14 09:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-14 09:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-14 09:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-14 09:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-14 09:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-14 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-14 09:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-14 09:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-14 09:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-14 09:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-14 09:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-14 09:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-14 09:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-14 09:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-14 09:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-14 09:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-14 09:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-14 09:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-14 09:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-14 09:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-14 09:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-14 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-14 09:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-14 09:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-14 09:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-14 09:16 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-14 09:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-14 09:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-14 09:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-14 09:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-14 09:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-14 09:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-14 09:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-14 09:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 19:03 - 2014-02-05 19:02 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-05 19:03 - 2013-09-24 10:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-05 19:03 - 2013-09-24 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-05 18:54 - 2013-09-17 13:44 - 00000000 ____D () C:\Users\arbitraryusername\AppData\Local\Adobe
 
Some content of TEMP:
====================
C:\Users\arbitraryusername\AppData\Local\Temp\avgnt.exe
C:\Users\arbitraryusername\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 23:34
 
==================== End Of Log ============================
 
________________________________________________________________________
 
And I've attached Addition.txt
 
Thanks so much again!

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 AM

Posted 08 March 2014 - 09:03 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [FAStartup] - [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=617686&fr=spigot-yhp-ie
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
CHR Extension: (Poppit) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-03-02]
S3 ALSysIO; \??\C:\Users\ARBITR~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ARBITR~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

This process has been disable in MSConfig.
MSCONFIG\startupreg: SearchProtection => "C:\Users\arbitraryusername\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
You should remove it completely it malware.
===


Restart the computer normally.

One more check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know if the problem persists.

#6 outofideas94305

outofideas94305
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 08 March 2014 - 01:00 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2014 01
Ran by arbitraryusername at 2014-03-08 09:19:27 Run:1
Running from C:\Users\arbitraryusername\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [FAStartup] - [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=617686&fr=spigot-yhp-ie
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
CHR Extension: (Poppit) - C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-03-02]
S3 ALSysIO; \??\C:\Users\ARBITR~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ARBITR~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
 
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
C:\Users\arbitraryusername\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => Moved successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
catchme => Service deleted successfully.
cpuz136 => Service deleted successfully.
 
==== End of Fixlog ====
 
 

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Ad-Aware Antivirus   
Avira Desktop        
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.70  
 Mozilla Firefox (27.0.1) 
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
I couldn't find any searchprotection files anywhere (particularly not in the location referred to in the startup entry), so I'm not sure about that. 
 
Thanks so much!


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 AM

Posted 08 March 2014 - 01:48 PM

Forget about it then.

You look good.



If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#8 outofideas94305

outofideas94305
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 08 March 2014 - 02:47 PM

Awesome--thanks so much again--just out of curiosity, would you prefer one of those firewalls over windows firewall?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 AM

Posted 09 March 2014 - 07:24 AM

The main thing is to have a firewall. Which you do.
Read this article and decide if you want to change.
http://www.makeuseof.com/tag/windows-7-firewall-compares-firewalls/

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 AM

Posted 15 March 2014 - 08:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users