TechSpot

Sirefef, possibly related to Flash Installer virus

By Miguel A
Jul 3, 2012
  1. Hi all,

    I'm on Windows Vista, 64-bit. I have NOD32 as an antivirus, but as luck would have it, somehow something got through. NOD32 keeps detecting Sirefef in a desktop.ini file.

    I suspect that this is related to the flash 11.3 installer that keeps popping up, since Nod32 gives me a "delete / no action" prompt every time the installer shows up. I've tried running scans on safe mode, and also tried a number of programs that I'd seen namedropped around before stumbling across this site (I hope that doesn't screw up the analysis somehow).

    Any help would be appreciated. To this post, I've attached the attach.txt from dds, and will be pasting mabm.txt and dds.txt in a following reply in a minute. GMER yielded no logs.

    Any help would be appreciated.
     

    Attached Files:

  2. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    dds.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_10
    Run by Miguel at 8:34:07 on 2012-07-03
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.1824 [GMT 8:00]
    .
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_service.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_me2me_host.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TightVNC\tvnserver.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files (x86)\MediaMall\PlayOn.exe
    C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
    C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    C:\Users\Miguel\Local Settings\Apps\F.lux\flux.exe
    C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Users\Miguel\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Users\Miguel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Miguel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Miguel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.daemon-search.com/startpage
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    uRun: [Google Update] "C:\Users\Miguel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
    uRun: [DS3 Tool] C:\PROGRA~1\MOTION~1\ds3\DS3_Tool.exe -mini
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [F.lux] "C:\Users\Miguel\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRun: [MusicManager] "C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    StartupFolder: C:\Users\Miguel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Miguel\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    TCP: Interfaces\{C3B6B378-6658-46F8-9CCC-F2D1C37917D5} : NameServer = 8.8.8.8
    TCP: Interfaces\{C3B6B378-6658-46F8-9CCC-F2D1C37917D5} : DhcpNameServer = 192.168.0.1
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB-X64: Foxit Toolbar: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\c5t4xt2g.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://google.com
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
    FF - plugin: C:\Users\Miguel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Miguel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
    R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_service.exe [2012-6-14 343064]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-4-18 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
    R2 vmci;VMware vmci;\??\C:\Windows\system32\drivers\vmci.sys --> C:\Windows\system32\drivers\vmci.sys [?]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
    S2 gupdate1ca316f4c266daa;Google Update Service (gupdate1ca316f4c266daa);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-10 133104]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-12 89920]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-6 1038088]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-10 133104]
    S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
    S3 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2010-4-2 3359600]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]
    .
    =============== Created Last 30 ================
    .
    2012-07-01 13:40:42--------d-----w-C:\Users\Miguel\AppData\Local\ESET
    2012-07-01 10:28:33--------d-----w-C:\Program Files (x86)\Windows Resource Kits
    2012-07-01 09:44:25--------d-----w-C:\Users\Miguel\AppData\Roaming\Malwarebytes
    2012-07-01 09:44:19--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-01 09:44:1824904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-07-01 09:44:18--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-01 08:22:57--------d-----w-C:\TDSSKiller_Quarantine
    2012-07-01 08:13:59--------d-----w-C:\Program Files\ESET
    2012-07-01 06:43:47--------d-----w-C:\Users\Miguel\AppData\Local\ElevatedDiagnostics
    2012-06-23 07:02:45--------d-----w-C:\Program Files\Mercurial
    2012-06-21 14:40:07--------d-----w-C:\Go
    2012-06-07 03:18:28--------d-----w-C:\Program Files (x86)\Dropbox
    .
    ==================== Find3M ====================
    .
    2012-05-06 01:55:123888----a-w-C:\Windows\SysWow64\drivers\NTHANDLE.SYS
    2012-04-16 14:45:54404640----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 8:34:49.17 ===============
     
  3. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    mabm output
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.01.02
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    Miguel :: BADHORSE [administrator]
    7/2/2012 10:58:17 PM
    mbam-log-2012-07-02 (22-58-17).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236610
    Time elapsed: 4 minute(s), 6 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    Please observe forum rules.
    All logs have to be pasted so please provide pasted Attach.txt log.

    Next....

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Hi Broni,

    I don't seem to have that option available in the boot menu. Is there a way to get that feature installed without me having to find the CD (it's in a huge pile and my dvd drive is on loan at the moment)? I am going to go and get this stuff right now, of course, but if it's possible, or if safe mode with command prompt is fine, please let me know so I can save some time.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Sending PM.
     
  7. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Hi, done. Weird thing though--FRST64 didn't work. I suspect it's because the recovery disk I dug up (as the warning below also mentioned) is 32-bit. If this isn't satisfactory, please tell me.

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 04-07-2012 02
    Ran by SYSTEM at 05-07-2012 20:45:15
    Running from H:\
    Windows Vista (TM) Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [182808 2008-07-20] (Intel Corporation)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-07-01] (ESET)
    HKU\Miguel\...\Run: [Google Update] "C:\Users\Miguel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-09-07] (Google Inc.)
    HKU\Miguel\...\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet [4351216 2009-05-26] (Yahoo! Inc.)
    HKU\Miguel\...\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe [53248 2010-04-02] (MediaMall Technologies, Inc.)
    HKU\Miguel\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [369200 2009-10-30] (DT Soft Ltd)
    HKU\Miguel\...\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4818728 2010-05-20] ()
    HKU\Miguel\...\Run: [DS3 Tool] C:\PROGRA~1\MOTION~1\ds3\DS3_Tool.exe -mini [110352 2011-07-10] (www.motioninjoy.com)
    HKU\Miguel\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-03] (Valve Corporation)
    HKU\Miguel\...\Run: [F.lux] "C:\Users\Miguel\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
    HKU\Miguel\...\Run: [MusicManager] "C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
    HKU\Miguel\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-19] (BitTorrent, Inc.)
    HKU\Taks\...\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [x]
    HKU\Taks\...\Run: [Google Update] "C:\Users\Taks\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-26] (Google Inc.)
    HKU\Taks\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x]
    Tcpip\..\Interfaces\{C3B6B378-6658-46F8-9CCC-F2D1C37917D5}: [NameServer]8.8.8.8
    Startup: C:\Users\Miguel\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ================================ Services (Whitelisted) ==================

    2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [144176 2010-06-10] (Apple Inc.)
    2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [345376 2010-05-18] (Apple Inc.)
    3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-04-11] (Microsoft Corporation)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-06] (ESET)
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27648 2008-01-20] (Microsoft Corporation)
    3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2010-02-05] (Acresso Software Inc.)
    3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2010-02-05] (Acresso Software Inc.)
    3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-04-11] (Microsoft Corporation)
    2 gupdate1ca316f4c266daa; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-09-09] (Google Inc.)
    3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [133104 2009-09-09] (Google Inc.)
    2 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [194104 2011-09-23] (Google)
    3 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2275720 2011-05-25] (LogMeIn Inc.)
    2 IAANTMON; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840 2008-07-20] (Intel Corporation)
    3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [73728 2004-10-21] (Macrovision Corporation)
    3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [857432 2009-04-11] (Microsoft Corporation)
    3 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [3359600 2010-04-02] (MediaMall Technologies, Inc.)
    4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon80 [4476096 2005-09-22] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4761920 2009-03-12] (Microsoft Corporation)
    4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [117592 2009-04-11] (Microsoft Corporation)
    3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-25] (Microsoft Corporation)
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
    3 PerfHost; C:\Windows\SysWow64\perfhost.exe [19968 2008-01-20] (Microsoft Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
    3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [316664 2009-07-16] (Valve Corporation)
    2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [248936 2010-07-09] (NVIDIA Corporation)
    4 TVersityMediaServer; "C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" [851968 2009-05-22] ()
    2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.)
    2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe" [113200 2009-10-21] (VMware, Inc.)
    2 VMUSBArbService; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-21] (VMware, Inc.)
    4 YahooAUService; "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [602392 2008-11-09] (Yahoo! Inc.)
    2 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_service.exe" --host-binary="C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_me2me_host.exe" --auth-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json" --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json" [x]
    4 MSSQL$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
    4 MSSQLServerADHelper; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
    4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
    3 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
    3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Player\\" -s ufad-p2v.xml [x]
    2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [x]
    2 VMware NAT Service; C:\Windows\system32\vmnat.exe [x]

    ========================== Drivers (Whitelisted) =============

    3 E1G60; C:\Windows\System32\DRIVERS\E1G6032E.sys [146176 2008-01-20] (Intel Corporation)
    1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-13] (ESET)
    1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-13] (ESET)
    2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-13] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [24072 2009-09-07] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [38960 2009-10-21] (VMware, Inc.)
    3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2009-06-09] (HTC, Corporation)
    3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2010-06-25] (Windows (R) Win 7 DDK provider)
    3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1488032 2008-07-24] (Realtek Semiconductor Corp.)
    4 iteraid; C:\Windows\system32\drivers\iteraid.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
    3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20864 2008-01-20] (Microsoft Corporation)
    3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2010-10-20] (MotioninJoy)
    3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-02-23] (MediaMall Technologies, Inc.)
    3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [184320 2008-09-17] (Realtek Corporation )
    3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50688 2010-04-19] (Apple, Inc.)
    2 vmci; \??\C:\Windows\system32\drivers\vmci.sys [80944 2009-10-21] (VMware, Inc.)
    3 vmkbd2; \??\C:\Windows\system32\drivers\VMkbd.sys [29744 2009-10-21] (VMware, Inc.)
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [20016 2009-10-21] (VMware, Inc.)
    2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [45104 2009-10-21] (VMware, Inc.)
    2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [30256 2009-10-21] (VMware, Inc.)
    2 VMparport; \??\C:\Windows\system32\drivers\VMparport.sys [18480 2009-10-21] (VMware, Inc.)
    2 vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [68144 2009-10-21] (VMware, Inc.)
    2 vstor2-ws60; \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2009-10-11] (VMware, Inc.)
    3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2010-08-19] (Microsoft Corporation)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 libusb0; C:\Windows\System32\drivers\libusb0.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-05 20:45 - 2012-07-05 20:45 - 00000000 ____D C:\FRST
    2012-07-02 06:04 - 2012-07-02 06:27 - 00000162 ____A C:\Users\Miguel\Desktop\CFScript.txt
    2012-07-02 05:18 - 2012-07-02 04:53 - 04568951 ____R (Swearware) C:\Users\Miguel\Desktop\ComboFix.exe
    2012-07-02 04:55 - 2012-07-02 06:29 - 00000000 ___SD C:\32788R22FWJFW
    2012-07-02 04:55 - 2012-07-02 06:29 - 00000000 ____D C:\Qoobox
    2012-07-02 04:55 - 2012-07-02 05:13 - 00000000 ____D C:\Windows\erdnt
    2012-07-02 04:49 - 2012-07-02 04:49 - 00008748 ____A C:\Users\Miguel\Desktop\MBRCheck_07.02.12_20.49.28.txt
    2012-07-01 05:40 - 2012-07-01 05:40 - 00000000 ____D C:\Users\Miguel\AppData\Local\ESET
    2012-07-01 02:28 - 2012-07-01 02:28 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000000 ____D C:\Users\Miguel\AppData\Roaming\Malwarebytes
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-01 01:44 - 2012-04-03 23:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 00:22 - 2012-07-01 00:22 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-01 00:13 - 2012-07-01 02:41 - 00000000 ____D C:\Program Files\ESET
    2012-07-01 00:13 - 2012-07-01 01:20 - 00000000 ____D C:\Users\All Users\ESET
    2012-06-30 23:28 - 2012-06-30 23:28 - 00001101 ____A C:\Users\Miguel\Desktop\Spybot - Search & Destroy.lnk
    2012-06-30 22:41 - 2012-06-30 22:41 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
    2012-06-30 22:41 - 2012-06-30 22:41 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
    2012-06-30 22:37 - 2012-06-30 22:37 - 01179648 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
    2012-06-30 22:37 - 2012-06-30 22:37 - 00131072 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
    2012-06-30 22:37 - 2012-06-30 22:37 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
    2012-06-30 20:35 - 2012-06-30 20:35 - 00020815 ____A C:\Users\Miguel\Downloads\30_Rock_The_Complete_Season_6_[HDTV]_O-Demonoid.me-O_557626.9954.torrent
    2012-06-30 20:34 - 2012-06-30 20:34 - 00021696 ____A C:\Users\Miguel\Downloads\30_Rock_Season_5_(ALL_23_Episodes)_+-Demonoid.me-+_557626.9954.torrent
    2012-06-30 20:30 - 2012-06-30 20:30 - 00020327 ____A C:\Users\Miguel\Downloads\++Demonoid.me++-ESET_Smart_Security_5_or_ESET_NOD32_Antivirus_5_english_and_brazilian_portuguese_[Original]_557626.9954.torrent
    2012-06-30 20:29 - 2012-06-30 20:29 - 00013840 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_The_Walking_Dead_Episodes_1_2_(1_31GB)_557626.9954.torrent
    2012-06-30 07:15 - 2012-06-30 07:14 - 00014721 ____A C:\Users\Miguel\Downloads\-_Demonoid.me_-The_Walking_Dead_EP_1_2_Cracked_NoGrp_557626.9954.torrent
    2012-06-29 23:10 - 2012-06-29 23:10 - 00000000 ____D C:\Users\Miguel\Desktop\apollo
    2012-06-29 09:02 - 2012-06-29 09:02 - 00014709 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Chronicle[2012]DVDrip[ENG]_557626.9954.torrent
    2012-06-29 07:48 - 2012-06-29 07:48 - 00022875 ____A C:\Users\Miguel\Downloads\Suits.S02E03.HDTV.x264-ASAP.[VTV].torrent
    2012-06-28 01:35 - 2012-06-28 01:35 - 00005064 ____A C:\Users\Miguel\Downloads\Futurama.S07E03.HDTV.x264-ASAP.[eztv].torrent
    2012-06-27 09:11 - 2012-06-27 09:11 - 00034785 ____A C:\Users\Miguel\Downloads\The_League_of_Extraordinary_Gentlemen_Century_03_'2009'_(2012)Minutemen_DTs-[Demonoid.me]_557626.9954.torrent
    2012-06-27 09:10 - 2012-06-27 09:10 - 00034785 ____A C:\Users\Miguel\Downloads\9641.tmp
    2012-06-22 23:02 - 2012-06-22 23:02 - 00000000 ____D C:\Program Files\Mercurial
    2012-06-21 06:40 - 2012-06-21 06:40 - 00000000 ____D C:\Go
    2012-06-21 02:58 - 2012-06-21 02:58 - 00012091 ____A C:\Users\Miguel\Downloads\Conan.2012.06.18.Martin.Short-Aubrey.Plaza.HDTV.x264-2HD.[eztv].torrent
    2012-06-15 23:17 - 2012-06-17 06:22 - 00000000 ____D C:\Users\Miguel\Desktop\Wii Game Manager
    2012-06-15 07:26 - 2012-06-15 07:26 - 00045189 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-No_More_Heroes_2_Desperate_Struggle_[NTSC_U]_557626.9954.torrent
    2012-06-15 07:26 - 2012-06-15 07:25 - 00017310 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-Wii_No_More_Heroes_Compressed_and_Scrubbed!_557626.9954.torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007468 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E03.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:53 - 2012-06-10 06:53 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:11 - 2012-06-10 06:11 - 00023669 ____A C:\Users\Miguel\Downloads\Suits_Season_1_Complete-[Demonoid.me]_557626.9954.torrent
    2012-06-10 05:15 - 2012-06-10 05:15 - 00007489 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E13.Why.Cant.You.Read.Me.HDTV.XviD-FQM.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E12.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E11.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E10.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E09.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:27 - 2012-06-10 03:27 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E08.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E07.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E06.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:03 - 2012-06-10 02:03 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E05.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:02 - 2012-06-10 02:02 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E04_HDTV_XviD-LOL.6333299.TPB.torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E03_HDTV_XviD-LOL.6333282.TPB.torrent
    2012-06-09 23:55 - 2012-06-09 23:55 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-09 09:41 - 2012-06-09 09:41 - 00012907 ____A C:\Users\Miguel\Downloads\Young_Justice_Invasion_207_Depths_C_P_-(Demonoid.me)_557626.9954.torrent
    2012-06-09 08:52 - 2012-06-09 08:52 - 00014451 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-The_Legend_of_Korra_S01E09_Out_of_the_Past[720p][Secludedly]_557626.9954.torrent
    2012-06-09 02:53 - 2012-06-09 02:53 - 00022119 ____A C:\Users\Miguel\Downloads\Desperate.Housewives.S08E22E23.HDTV.x264-LOL.[eztv].torrent
    2012-06-08 20:20 - 2012-06-08 20:20 - 00016092 ____A C:\Users\Miguel\Downloads\MythBusters.S10E09.Mailbag.Special.REPACK.HDTV.x264-YesTV.[eztv].torrent
    2012-06-07 08:20 - 2012-06-07 08:20 - 00014625 ____A C:\Users\Miguel\Downloads\o-Demonoid.me-o_Superman_vs_The_Elite_2012_Dvdrip_557626.9954.torrent
    2012-06-06 19:18 - 2012-06-06 19:18 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2012-06-05 19:48 - 2012-06-05 19:48 - 00013332 ____A C:\Users\Miguel\Downloads\Hells.Kitchen.US.S10E01.PDTV.x264-LOL.[eztv].torrent
    2012-06-05 03:20 - 2012-06-05 03:20 - 00020759 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Revenge_The_Complete_Season_1_[HDTV]_EXTRA_557626.9954.torrent

    ============ 3 Months Modified Files ========================

    2012-07-05 04:31 - 2006-11-02 07:40 - 00032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-05 04:31 - 2006-11-02 07:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-05 04:30 - 2009-09-07 05:44 - 00069981 ____A C:\Users\All Users\nvModes.001
    2012-07-05 04:30 - 2006-11-02 07:21 - 00004928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-05 04:30 - 2006-11-02 07:21 - 00004928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-05 04:27 - 2009-09-09 09:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-05 04:27 - 2009-09-07 05:44 - 00069981 ____A C:\Users\All Users\nvModes.dat
    2012-07-05 03:31 - 2009-04-11 07:43 - 01636203 ____A C:\Windows\WindowsUpdate.log
    2012-07-05 02:57 - 2009-09-07 06:00 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000UA.job
    2012-07-05 02:53 - 2009-09-09 09:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-04 18:13 - 2009-09-09 08:59 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
    2012-07-04 12:58 - 2009-09-07 06:00 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000Core.job
    2012-07-03 16:59 - 2006-11-02 04:46 - 00760980 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-03 06:56 - 2009-09-07 05:37 - 00111616 ____A C:\Users\Miguel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-02 06:27 - 2012-07-02 06:04 - 00000162 ____A C:\Users\Miguel\Desktop\CFScript.txt
    2012-07-02 04:53 - 2012-07-02 05:18 - 04568951 ____R (Swearware) C:\Users\Miguel\Desktop\ComboFix.exe
    2012-07-02 04:49 - 2012-07-02 04:49 - 00008748 ____A C:\Users\Miguel\Desktop\MBRCheck_07.02.12_20.49.28.txt
    2012-07-02 03:45 - 2006-11-02 07:39 - 00030692 ____A C:\Windows\PFRO.log
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-30 23:28 - 2012-06-30 23:28 - 00001101 ____A C:\Users\Miguel\Desktop\Spybot - Search & Destroy.lnk
    2012-06-30 22:37 - 2012-06-30 22:37 - 01179648 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
    2012-06-30 22:37 - 2012-06-30 22:37 - 00131072 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
    2012-06-30 22:37 - 2012-06-30 22:37 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
    2012-06-30 20:35 - 2012-06-30 20:35 - 00020815 ____A C:\Users\Miguel\Downloads\30_Rock_The_Complete_Season_6_[HDTV]_O-Demonoid.me-O_557626.9954.torrent
    2012-06-30 20:34 - 2012-06-30 20:34 - 00021696 ____A C:\Users\Miguel\Downloads\30_Rock_Season_5_(ALL_23_Episodes)_+-Demonoid.me-+_557626.9954.torrent
    2012-06-30 20:30 - 2012-06-30 20:30 - 00020327 ____A C:\Users\Miguel\Downloads\++Demonoid.me++-ESET_Smart_Security_5_or_ESET_NOD32_Antivirus_5_english_and_brazilian_portuguese_[Original]_557626.9954.torrent
    2012-06-30 20:29 - 2012-06-30 20:29 - 00013840 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_The_Walking_Dead_Episodes_1_2_(1_31GB)_557626.9954.torrent
    2012-06-30 18:59 - 2009-09-07 06:01 - 00002047 ____A C:\Users\Miguel\Desktop\Google Chrome.lnk
    2012-06-30 07:14 - 2012-06-30 07:15 - 00014721 ____A C:\Users\Miguel\Downloads\-_Demonoid.me_-The_Walking_Dead_EP_1_2_Cracked_NoGrp_557626.9954.torrent
    2012-06-29 09:02 - 2012-06-29 09:02 - 00014709 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Chronicle[2012]DVDrip[ENG]_557626.9954.torrent
    2012-06-29 07:48 - 2012-06-29 07:48 - 00022875 ____A C:\Users\Miguel\Downloads\Suits.S02E03.HDTV.x264-ASAP.[VTV].torrent
    2012-06-29 07:45 - 2011-07-18 09:25 - 00000012 ____A C:\Users\All Users\ReminderNextRun
    2012-06-28 01:35 - 2012-06-28 01:35 - 00005064 ____A C:\Users\Miguel\Downloads\Futurama.S07E03.HDTV.x264-ASAP.[eztv].torrent
    2012-06-27 09:11 - 2012-06-27 09:11 - 00034785 ____A C:\Users\Miguel\Downloads\The_League_of_Extraordinary_Gentlemen_Century_03_'2009'_(2012)Minutemen_DTs-[Demonoid.me]_557626.9954.torrent
    2012-06-27 09:10 - 2012-06-27 09:10 - 00034785 ____A C:\Users\Miguel\Downloads\9641.tmp
    2012-06-26 05:56 - 2009-09-09 04:24 - 00465615 ____A C:\Windows\DirectX.log
    2012-06-21 02:58 - 2012-06-21 02:58 - 00012091 ____A C:\Users\Miguel\Downloads\Conan.2012.06.18.Martin.Short-Aubrey.Plaza.HDTV.x264-2HD.[eztv].torrent
    2012-06-15 07:26 - 2012-06-15 07:26 - 00045189 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-No_More_Heroes_2_Desperate_Struggle_[NTSC_U]_557626.9954.torrent
    2012-06-15 07:25 - 2012-06-15 07:26 - 00017310 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-Wii_No_More_Heroes_Compressed_and_Scrubbed!_557626.9954.torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007468 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E03.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:53 - 2012-06-10 06:53 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:11 - 2012-06-10 06:11 - 00023669 ____A C:\Users\Miguel\Downloads\Suits_Season_1_Complete-[Demonoid.me]_557626.9954.torrent
    2012-06-10 05:15 - 2012-06-10 05:15 - 00007489 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E13.Why.Cant.You.Read.Me.HDTV.XviD-FQM.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E12.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E11.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E10.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E09.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:27 - 2012-06-10 03:27 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E08.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E07.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E06.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:03 - 2012-06-10 02:03 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E05.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:02 - 2012-06-10 02:02 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E04_HDTV_XviD-LOL.6333299.TPB.torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E03_HDTV_XviD-LOL.6333282.TPB.torrent
    2012-06-09 23:55 - 2012-06-09 23:55 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-09 09:41 - 2012-06-09 09:41 - 00012907 ____A C:\Users\Miguel\Downloads\Young_Justice_Invasion_207_Depths_C_P_-(Demonoid.me)_557626.9954.torrent
    2012-06-09 08:52 - 2012-06-09 08:52 - 00014451 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-The_Legend_of_Korra_S01E09_Out_of_the_Past[720p][Secludedly]_557626.9954.torrent
    2012-06-09 02:53 - 2012-06-09 02:53 - 00022119 ____A C:\Users\Miguel\Downloads\Desperate.Housewives.S08E22E23.HDTV.x264-LOL.[eztv].torrent
    2012-06-08 20:20 - 2012-06-08 20:20 - 00016092 ____A C:\Users\Miguel\Downloads\MythBusters.S10E09.Mailbag.Special.REPACK.HDTV.x264-YesTV.[eztv].torrent
    2012-06-07 08:20 - 2012-06-07 08:20 - 00014625 ____A C:\Users\Miguel\Downloads\o-Demonoid.me-o_Superman_vs_The_Elite_2012_Dvdrip_557626.9954.torrent
    2012-06-06 19:18 - 2010-04-08 05:42 - 00000926 ____A C:\Users\Miguel\Desktop\Dropbox.lnk
    2012-06-05 19:48 - 2012-06-05 19:48 - 00013332 ____A C:\Users\Miguel\Downloads\Hells.Kitchen.US.S10E01.PDTV.x264-LOL.[eztv].torrent
    2012-06-05 03:20 - 2012-06-05 03:20 - 00020759 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Revenge_The_Complete_Season_1_[HDTV]_EXTRA_557626.9954.torrent
    2012-06-02 19:17 - 2012-06-02 19:17 - 00014696 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_The_Legend_of_Korra_S01E08_When_Extremes_Meet[720p][Secludedly]_557626.9954.torrent
    2012-06-02 19:16 - 2012-06-02 19:16 - 00012427 ____A C:\Users\Miguel\Downloads\(Demonoid.me)-The_Legend_of_Korra_S01E08_When_Extremes_Meet[720p][Secludedly]_557626.9954.torrent
    2012-06-02 19:16 - 2012-06-02 19:16 - 00010921 ____A C:\Users\Miguel\Downloads\Young_Justice_S02_E06_Animated-((Demonoid.me))_557626.9954.torrent
    2012-06-02 09:18 - 2012-06-02 09:18 - 00029861 ____A C:\Users\Miguel\Downloads\Call_of_Duty_Modern_Warfare_3_[Wii][Pal][Scrubbed]_TLS_o-Demonoid.me-o.torrent
    2012-06-02 01:26 - 2006-11-02 07:26 - 00070415 ____A C:\Windows\setupact.log
    2012-06-01 08:23 - 2012-06-01 08:23 - 00012374 ____A C:\Users\Miguel\Downloads\StarForge_V0.1.torrent
    2012-05-30 22:56 - 2012-05-30 22:56 - 00014357 ____A C:\Users\Miguel\Downloads\Cougar.Town.S03E14E15.HDTV.x264.PROPER-LOL.[eztv].torrent
    2012-05-29 22:54 - 2012-05-29 22:54 - 00000000 ____A C:\Windows\SysWOW64\debug.log
    2012-05-26 20:09 - 2012-05-26 20:09 - 00014160 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_Young_Justice_Invasion_205_Beneath_C_P__557626.9954.torrent
    2012-05-10 20:39 - 2012-05-10 20:39 - 00011115 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Adventure_Time_4x07_In_Your_Footsteps_720p_5_1_aac_557626.9954.torrent
    2012-05-09 09:31 - 2012-05-09 09:31 - 00013433 ____A C:\Users\Miguel\Downloads\Glee.3x19.(HDTV-x264-LOL)[VTV].torrent
    2012-05-08 01:23 - 2012-05-08 01:23 - 00015217 ____A C:\Users\Miguel\Downloads\-_Demonoid.me_-Chuck_Season_5_BDRip_XviD_REWARD_557626.9954.torrent
    2012-05-07 22:15 - 2012-05-07 22:15 - 00005287 ____A C:\Users\Miguel\Downloads\The.Simpsons.S23E20.HDTV.x264-LOL.[eztv].torrent
    2012-05-07 21:21 - 2012-05-07 21:21 - 00012462 ____A C:\Users\Miguel\Downloads\MythBusters.S05E06.More.Myths.Reopened.READNFO.HDTV.x264-MiNDTHEGAP.[eztv].torrent
    2012-05-07 21:21 - 2012-05-07 21:21 - 00009200 ____A C:\Users\Miguel\Downloads\House.S08E20.HDTV.x264-LOL.[eztv].torrent
    2012-05-07 06:17 - 2012-05-07 06:17 - 00014473 ____A C:\Users\Miguel\Downloads\The_Fairly_OddParents_805_Meet_the_OddParents_+-Demonoid.me-+_557626.9954.torrent
    2012-05-07 06:16 - 2012-05-07 06:16 - 00014413 ____A C:\Users\Miguel\Downloads\The_Fairly_OddParents_802_Timmy's_Secret_Wish_[HDTV][TT]-(Demonoid.me)_557626.9954.torrent
    2012-05-07 03:08 - 2012-05-07 03:08 - 00001728 ____A C:\Users\Public\Desktop\QtOctave.lnk
    2012-05-07 03:02 - 2012-05-05 00:36 - 00000948 ____A C:\Users\Miguel\Desktop\GUI Octave.lnk
    2012-05-05 00:33 - 2012-05-05 00:32 - 00383832 ____A C:\Users\Miguel\AppData\Local\dd_vcredistMSI0F6B.txt
    2012-05-05 00:33 - 2012-05-05 00:32 - 00011974 ____A C:\Users\Miguel\AppData\Local\dd_vcredistUI0F6B.txt
    2012-05-04 04:22 - 2009-09-08 07:11 - 00000786 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-04-30 23:12 - 2012-04-30 23:12 - 00013538 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_Adventure_Time_Return_to_the_Nightosphere_720p_557626.9954.torrent
    2012-04-30 23:12 - 2012-04-30 23:12 - 00012670 ____A C:\Users\Miguel\Downloads\Adventure_Time_Daddy's_Little_Monster_720p-[[Demonoid.me]]_557626.9954.torrent
    2012-04-30 21:19 - 2012-04-30 21:19 - 00008020 ____A C:\Users\Miguel\Downloads\House.S08E19.HDTV.x264-LOL.[eztv].torrent
    2012-04-29 20:15 - 2012-04-29 20:15 - 00007365 ____A C:\Users\Miguel\Downloads\Family.Guy.S10E19.HDTV.XviD-2HD.[eztv].torrent
    2012-04-29 08:02 - 2012-04-29 08:02 - 00014447 ____A C:\Users\Miguel\Downloads\Mythbusters.S10E05.Battle.of.The.Sexes.HDTV.XviD-FQM.[eztv].torrent
    2012-04-27 21:30 - 2012-04-27 21:30 - 00043970 ____A C:\Users\Miguel\Downloads\++Demonoid.me++-Legend_of_Korra_S01E04_The_Voice_in_the_Night_(Full_HD_720p_by_avatarchapters_tv)_557626.9954.torrent
    2012-04-26 06:48 - 2012-04-26 06:48 - 00000850 ____A C:\Users\Miguel\MHGibbsTrans.m
    2012-04-26 06:48 - 2012-04-26 06:48 - 00000844 ____A C:\Users\Miguel\MHSWTrans.m
    2012-04-26 04:24 - 2012-04-26 04:24 - 00018736 ____A C:\Users\Miguel\Downloads\(Demonoid.me)-The_Walking_Dead_Episode_1_RELOADED_557626.9954.torrent
    2012-04-26 01:53 - 2012-04-26 01:53 - 00017626 ____A C:\Users\Miguel\Downloads\The_Walking_Dead_Episode_1_(430mb)_+-Demonoid.me-+_557626.9954.torrent
    2012-04-25 22:05 - 2012-04-25 22:05 - 00012104 ____A C:\Users\Miguel\Downloads\Glee.3x17.(HDTV-x264-LOL)[VTV].torrent
    2012-04-20 19:28 - 2012-04-20 19:28 - 00019851 ____A C:\Users\Miguel\Downloads\((Demonoid.me))-Body_Of_Proof_Season_2_[HDTVRip]_cOOt_557626.9954.torrent
    2012-04-20 19:28 - 2012-04-20 19:28 - 00012452 ____A C:\Users\Miguel\Downloads\Body_Of_Proof_Season_2_[HDTVRip]_cOOt_-Demonoid.me-__557626.9954.torrent
    2012-04-20 11:55 - 2012-04-20 11:55 - 00002119 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-04-17 19:12 - 2012-04-17 19:12 - 00013864 ____A C:\Users\Miguel\Downloads\Glee.3x16.(HDTV-x264-LOL)[VTV].torrent
    2012-04-17 06:12 - 2012-04-17 06:12 - 00013535 ____A C:\Users\Miguel\Downloads\Adventure_Time_with_Finn_and_Jake_402a_Web_Weirdos-(Demonoid.me)_557626.9954.torrent
    2012-04-16 21:48 - 2012-04-16 21:48 - 00008780 ____A C:\Users\Miguel\Downloads\House.S08E17.HDTV.x264-LOL.[eztv].torrent
    2012-04-16 06:45 - 2012-04-16 06:45 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-04-15 19:42 - 2012-04-15 19:42 - 00004487 ____A C:\Users\Miguel\Downloads\The.Simpsons.S23E18.HDTV.x264-LOL.[eztv].torrent
    2012-04-15 08:30 - 2012-04-15 08:30 - 00014355 ____A C:\Users\Miguel\Downloads\[[Demonoid.me]]-Young_Justice_125_Usual_Suspects_C_P__557626.9954.torrent
    2012-04-15 08:30 - 2012-04-15 08:30 - 00014355 ____A C:\Users\Miguel\Downloads\(Demonoid.me)-Young_Justice_125_Usual_Suspects_C_P__557626.9954.torrent


    ZeroAccess:
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\L
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\L\00000004.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\L\201d3dde
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\00000004.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\000000cb.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\80000032.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\80000064.@

    ========================= Known DLLs (Whitelisted) ============

    ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.

    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe
    [2009-04-11 08:23] - [2009-04-11 08:23] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

    C:\Windows\System32\winlogon.exe
    [2009-04-11 08:24] - [2009-04-11 08:24] - 0405504 ____A (Microsoft Corporation) 6D0773A3A65D28B663F334C90441D01A

    C:\Windows\System32\wininit.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0123904 ____A (Microsoft Corporation) 117EA87DF785CA1B9D821F6F213DCE07

    C:\Windows\System32\svchost.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0027648 ____A (Microsoft Corporation) CDA9F1373805AF88F6FA4F2064BBA24D

    C:\Windows\System32\services.exe
    [2009-04-11 08:24] - [2009-04-11 08:24] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

    C:\Windows\System32\User32.dll
    [2009-04-11 08:23] - [2009-04-11 08:23] - 0820224 ____A (Microsoft Corporation) F3F5549E69AE8509342E67E4F972CA1C

    C:\Windows\System32\userinit.exe
    [2008-01-20 18:48] - [2008-01-20 18:48] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

    C:\Windows\System32\Drivers\volsnap.sys
    [2009-04-11 08:23] - [2009-04-11 08:23] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D


    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 4093.69 MB
    Available physical RAM: 3519.72 MB
    Total Pagefile: 3843.6 MB
    Available Pagefile: 3626.05 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1983.72 MB

    ======================= Partitions =========================

    2 Drive c: (Wolf) (Fixed) (Total:931.51 GB) (Free:570.8 GB) NTFS
    3 Drive e: (Hart) (Fixed) (Total:931.51 GB) (Free:14.62 GB) NTFS
    4 Drive f: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1227.28 GB) NTFS
    5 Drive g: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
    6 Drive h: (Miguel) (Removable) (Total:3.72 GB) (Free:3.59 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (Ram) (Fixed) (Total:931.51 GB) (Free:2.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 932 GB 1721 KB
    Disk 1 Online 932 GB 1688 KB
    Disk 2 Online 932 GB 1721 KB
    Disk 3 Online 1863 GB 1081 KB
    Disk 4 Online 3827 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 Y Ram NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Wolf NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Hart NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F New Volume NTFS Partition 1863 GB Healthy

    ==================================================================================

    Partitions of Disk 4:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3821 MB 16 KB

    ==================================================================================

    Disk: 4
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 H Miguel FAT32 Removable 3821 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-04 20:00

    ======================= End Of Log ==========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Your system is 32-bit so you have to download 32-bit FRST.
     
  9. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Sorry, I should have explained better. My system is 64-bit, but the recovery disk I dug up was the 32-bit one, so I ran 32-bit FRST, which I hoped would be enough. Apologies; I'll go and find the 64-bit boot disk now so I can run the 64-bit FRST.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    The disk you're booting from doesn't matter as long as you can get to command prompt.
    What matter is FRST type.
     
  11. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Oh, okay. The stuff I pasted above was the output of the 32-bit FRST.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Yes, but you need to run 64-bit FRST.
     
  13. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Finally ran the right one! So sorry for all the delays.

    Scan result of Farbar Recovery Scan Tool Version: 03-07-2012 01
    Ran by SYSTEM at 06-07-2012 22:39:42
    Running from H:\
    Windows Vista (TM) Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [182808 2008-07-20] (Intel Corporation)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-07-01] (ESET)
    HKLM-x32\...\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" [64048 2009-10-21] (VMware, Inc.)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-18] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141608 2010-07-20] (Apple Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1951112 2011-05-25] (LogMeIn Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [136600 2011-06-25] (Sun Microsystems, Inc.)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Miguel\...\Run: [Google Update] "C:\Users\Miguel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-09-07] (Google Inc.)
    HKU\Miguel\...\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet [4351216 2009-05-26] (Yahoo! Inc.)
    HKU\Miguel\...\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe [53248 2010-04-02] (MediaMall Technologies, Inc.)
    HKU\Miguel\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [369200 2009-10-30] (DT Soft Ltd)
    HKU\Miguel\...\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4818728 2010-05-20] ()
    HKU\Miguel\...\Run: [DS3 Tool] C:\PROGRA~1\MOTION~1\ds3\DS3_Tool.exe -mini [110352 2011-07-10] (www.motioninjoy.com)
    HKU\Miguel\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-03] (Valve Corporation)
    HKU\Miguel\...\Run: [F.lux] "C:\Users\Miguel\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
    HKU\Miguel\...\Run: [MusicManager] "C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
    HKU\Miguel\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-19] (BitTorrent, Inc.)
    HKU\Taks\...\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [x]
    HKU\Taks\...\Run: [Google Update] "C:\Users\Taks\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-26] (Google Inc.)
    HKU\Taks\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x]
    Tcpip\..\Interfaces\{C3B6B378-6658-46F8-9CCC-F2D1C37917D5}: [NameServer]8.8.8.8
    Startup: C:\Users\Miguel\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-06] (ESET)
    2 gupdate1ca316f4c266daa; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-09-09] (Google Inc.)
    3 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2275720 2011-05-25] (LogMeIn Inc.)
    3 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [3359600 2010-04-02] (MediaMall Technologies, Inc.)
    4 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [28768528 2005-10-13] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4761920 2009-03-12] (Microsoft Corporation)
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
    2 Themes; C:\Windows\SysWow64\shsvcs.dll [247296 2009-04-11] (Microsoft Corporation)
    4 TVersityMediaServer; "C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" [851968 2009-05-22] ()
    2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.)
    2 VMUSBArbService; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-21] (VMware, Inc.)
    2 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_service.exe" --host-binary="C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_me2me_host.exe" --auth-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json" --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json" [x]
    3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Player\\" -s ufad-p2v.xml [x]

    ========================== Drivers (Whitelisted) =============

    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-13] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-13] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-13] (ESET)
    3 gdrv; \??\C:\Windows\gdrv.sys [24072 2009-09-07] (Windows (R) Server 2003 DDK provider)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()
    3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-02-23] (MediaMall Technologies, Inc.)
    3 usbscan; C:\Windows\SysWow64\Drivers\usbscan.sys [8944 1999-05-04] (Microsoft Corporation)
    3 vmkbd2; \??\C:\Windows\system32\drivers\VMkbd.sys [29744 2009-10-21] (VMware, Inc.)
    2 VMparport; C:\Windows\System32\Drivers\VMparport.sys [18480 2009-10-21] (VMware, Inc.)
    2 vstor2-ws60; \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2009-10-11] (VMware, Inc.)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-06 01:53 - 2012-07-06 01:53 - 00012355 ____A C:\Users\Miguel\Downloads\Windows_Vista_64_bit_Recovery_Disc.4641637.TPB.torrent
    2012-07-06 01:47 - 2012-07-06 01:49 - 00001905 ____A C:\Windows\diagwrn.xml
    2012-07-06 01:47 - 2012-07-06 01:49 - 00001905 ____A C:\Windows\diagerr.xml
    2012-07-05 20:45 - 2012-07-05 20:45 - 00000000 ____D C:\FRST
    2012-07-02 06:04 - 2012-07-02 06:27 - 00000162 ____A C:\Users\Miguel\Desktop\CFScript.txt
    2012-07-02 05:18 - 2012-07-02 04:53 - 04568951 ____R (Swearware) C:\Users\Miguel\Desktop\ComboFix.exe
    2012-07-02 04:55 - 2012-07-02 06:29 - 00000000 ___SD C:\32788R22FWJFW
    2012-07-02 04:55 - 2012-07-02 06:29 - 00000000 ____D C:\Qoobox
    2012-07-02 04:55 - 2012-07-02 05:13 - 00000000 ____D C:\Windows\erdnt
    2012-07-02 04:49 - 2012-07-02 04:49 - 00008748 ____A C:\Users\Miguel\Desktop\MBRCheck_07.02.12_20.49.28.txt
    2012-07-01 05:40 - 2012-07-01 05:40 - 00000000 ____D C:\Users\Miguel\AppData\Local\ESET
    2012-07-01 02:28 - 2012-07-01 02:28 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000000 ____D C:\Users\Miguel\AppData\Roaming\Malwarebytes
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-01 01:44 - 2012-04-03 23:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 00:22 - 2012-07-01 00:22 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-01 00:13 - 2012-07-01 02:41 - 00000000 ____D C:\Program Files\ESET
    2012-07-01 00:13 - 2012-07-01 01:20 - 00000000 ____D C:\Users\All Users\ESET
    2012-06-30 23:28 - 2012-06-30 23:28 - 00001101 ____A C:\Users\Miguel\Desktop\Spybot - Search & Destroy.lnk
    2012-06-30 22:41 - 2012-06-30 22:41 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
    2012-06-30 22:41 - 2012-06-30 22:41 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
    2012-06-30 22:37 - 2012-06-30 22:37 - 01179648 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
    2012-06-30 22:37 - 2012-06-30 22:37 - 00131072 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
    2012-06-30 22:37 - 2012-06-30 22:37 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
    2012-06-30 20:35 - 2012-06-30 20:35 - 00020815 ____A C:\Users\Miguel\Downloads\30_Rock_The_Complete_Season_6_[HDTV]_O-Demonoid.me-O_557626.9954.torrent
    2012-06-30 20:34 - 2012-06-30 20:34 - 00021696 ____A C:\Users\Miguel\Downloads\30_Rock_Season_5_(ALL_23_Episodes)_+-Demonoid.me-+_557626.9954.torrent
    2012-06-30 20:30 - 2012-06-30 20:30 - 00020327 ____A C:\Users\Miguel\Downloads\++Demonoid.me++-ESET_Smart_Security_5_or_ESET_NOD32_Antivirus_5_english_and_brazilian_portuguese_[Original]_557626.9954.torrent
    2012-06-30 20:29 - 2012-06-30 20:29 - 00013840 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_The_Walking_Dead_Episodes_1_2_(1_31GB)_557626.9954.torrent
    2012-06-30 07:15 - 2012-06-30 07:14 - 00014721 ____A C:\Users\Miguel\Downloads\-_Demonoid.me_-The_Walking_Dead_EP_1_2_Cracked_NoGrp_557626.9954.torrent
    2012-06-29 23:10 - 2012-06-29 23:10 - 00000000 ____D C:\Users\Miguel\Desktop\apollo
    2012-06-29 09:02 - 2012-06-29 09:02 - 00014709 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Chronicle[2012]DVDrip[ENG]_557626.9954.torrent
    2012-06-29 07:48 - 2012-06-29 07:48 - 00022875 ____A C:\Users\Miguel\Downloads\Suits.S02E03.HDTV.x264-ASAP.[VTV].torrent
    2012-06-28 01:35 - 2012-06-28 01:35 - 00005064 ____A C:\Users\Miguel\Downloads\Futurama.S07E03.HDTV.x264-ASAP.[eztv].torrent
    2012-06-27 09:11 - 2012-06-27 09:11 - 00034785 ____A C:\Users\Miguel\Downloads\The_League_of_Extraordinary_Gentlemen_Century_03_'2009'_(2012)Minutemen_DTs-[Demonoid.me]_557626.9954.torrent
    2012-06-27 09:10 - 2012-06-27 09:10 - 00034785 ____A C:\Users\Miguel\Downloads\9641.tmp
    2012-06-22 23:02 - 2012-06-22 23:02 - 00000000 ____D C:\Program Files\Mercurial
    2012-06-21 06:40 - 2012-06-21 06:40 - 00000000 ____D C:\Go
    2012-06-21 02:58 - 2012-06-21 02:58 - 00012091 ____A C:\Users\Miguel\Downloads\Conan.2012.06.18.Martin.Short-Aubrey.Plaza.HDTV.x264-2HD.[eztv].torrent
    2012-06-15 23:17 - 2012-06-17 06:22 - 00000000 ____D C:\Users\Miguel\Desktop\Wii Game Manager
    2012-06-15 07:26 - 2012-06-15 07:26 - 00045189 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-No_More_Heroes_2_Desperate_Struggle_[NTSC_U]_557626.9954.torrent
    2012-06-15 07:26 - 2012-06-15 07:25 - 00017310 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-Wii_No_More_Heroes_Compressed_and_Scrubbed!_557626.9954.torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007468 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E03.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:53 - 2012-06-10 06:53 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:11 - 2012-06-10 06:11 - 00023669 ____A C:\Users\Miguel\Downloads\Suits_Season_1_Complete-[Demonoid.me]_557626.9954.torrent
    2012-06-10 05:15 - 2012-06-10 05:15 - 00007489 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E13.Why.Cant.You.Read.Me.HDTV.XviD-FQM.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E12.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E11.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E10.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E09.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:27 - 2012-06-10 03:27 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E08.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E07.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E06.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:03 - 2012-06-10 02:03 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E05.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:02 - 2012-06-10 02:02 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E04_HDTV_XviD-LOL.6333299.TPB.torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E03_HDTV_XviD-LOL.6333282.TPB.torrent
    2012-06-09 23:55 - 2012-06-09 23:55 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-09 09:41 - 2012-06-09 09:41 - 00012907 ____A C:\Users\Miguel\Downloads\Young_Justice_Invasion_207_Depths_C_P_-(Demonoid.me)_557626.9954.torrent
    2012-06-09 08:52 - 2012-06-09 08:52 - 00014451 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-The_Legend_of_Korra_S01E09_Out_of_the_Past[720p][Secludedly]_557626.9954.torrent
    2012-06-09 02:53 - 2012-06-09 02:53 - 00022119 ____A C:\Users\Miguel\Downloads\Desperate.Housewives.S08E22E23.HDTV.x264-LOL.[eztv].torrent
    2012-06-08 20:20 - 2012-06-08 20:20 - 00016092 ____A C:\Users\Miguel\Downloads\MythBusters.S10E09.Mailbag.Special.REPACK.HDTV.x264-YesTV.[eztv].torrent
    2012-06-07 08:20 - 2012-06-07 08:20 - 00014625 ____A C:\Users\Miguel\Downloads\o-Demonoid.me-o_Superman_vs_The_Elite_2012_Dvdrip_557626.9954.torrent
    2012-06-06 19:18 - 2012-06-06 19:18 - 00000000 ____D C:\Program Files (x86)\Dropbox

    ============ 3 Months Modified Files ========================

    2012-07-06 06:31 - 2009-04-11 07:43 - 01741414 ____A C:\Windows\WindowsUpdate.log
    2012-07-06 06:31 - 2006-11-02 07:40 - 00032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-06 06:31 - 2006-11-02 07:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-06 06:31 - 2006-11-02 07:21 - 00004928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-06 06:31 - 2006-11-02 07:21 - 00004928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-06 05:58 - 2009-09-07 06:00 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000UA.job
    2012-07-06 05:52 - 2009-09-09 09:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-06 01:53 - 2012-07-06 01:53 - 00012355 ____A C:\Users\Miguel\Downloads\Windows_Vista_64_bit_Recovery_Disc.4641637.TPB.torrent
    2012-07-06 01:49 - 2012-07-06 01:47 - 00001905 ____A C:\Windows\diagwrn.xml
    2012-07-06 01:49 - 2012-07-06 01:47 - 00001905 ____A C:\Windows\diagerr.xml
    2012-07-06 01:49 - 2006-11-02 07:26 - 00000331 ____A C:\Windows\setupact.log
    2012-07-06 01:47 - 2006-11-02 07:26 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-06 01:44 - 2009-09-09 09:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-06 01:44 - 2009-09-07 05:44 - 00069981 ____A C:\Users\All Users\nvModes.dat
    2012-07-06 01:44 - 2009-09-07 05:44 - 00069981 ____A C:\Users\All Users\nvModes.001
    2012-07-05 18:13 - 2009-09-09 08:59 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
    2012-07-04 12:58 - 2009-09-07 06:00 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000Core.job
    2012-07-03 16:59 - 2006-11-02 04:46 - 00760980 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-03 06:56 - 2009-09-07 05:37 - 00111616 ____A C:\Users\Miguel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-02 06:27 - 2012-07-02 06:04 - 00000162 ____A C:\Users\Miguel\Desktop\CFScript.txt
    2012-07-02 04:53 - 2012-07-02 05:18 - 04568951 ____R (Swearware) C:\Users\Miguel\Desktop\ComboFix.exe
    2012-07-02 04:49 - 2012-07-02 04:49 - 00008748 ____A C:\Users\Miguel\Desktop\MBRCheck_07.02.12_20.49.28.txt
    2012-07-02 03:45 - 2006-11-02 07:39 - 00030692 ____A C:\Windows\PFRO.log
    2012-07-01 01:44 - 2012-07-01 01:44 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-30 23:28 - 2012-06-30 23:28 - 00001101 ____A C:\Users\Miguel\Desktop\Spybot - Search & Destroy.lnk
    2012-06-30 22:37 - 2012-06-30 22:37 - 01179648 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
    2012-06-30 22:37 - 2012-06-30 22:37 - 00131072 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
    2012-06-30 22:37 - 2012-06-30 22:37 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
    2012-06-30 20:35 - 2012-06-30 20:35 - 00020815 ____A C:\Users\Miguel\Downloads\30_Rock_The_Complete_Season_6_[HDTV]_O-Demonoid.me-O_557626.9954.torrent
    2012-06-30 20:34 - 2012-06-30 20:34 - 00021696 ____A C:\Users\Miguel\Downloads\30_Rock_Season_5_(ALL_23_Episodes)_+-Demonoid.me-+_557626.9954.torrent
    2012-06-30 20:30 - 2012-06-30 20:30 - 00020327 ____A C:\Users\Miguel\Downloads\++Demonoid.me++-ESET_Smart_Security_5_or_ESET_NOD32_Antivirus_5_english_and_brazilian_portuguese_[Original]_557626.9954.torrent
    2012-06-30 20:29 - 2012-06-30 20:29 - 00013840 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_The_Walking_Dead_Episodes_1_2_(1_31GB)_557626.9954.torrent
    2012-06-30 18:59 - 2009-09-07 06:01 - 00002047 ____A C:\Users\Miguel\Desktop\Google Chrome.lnk
    2012-06-30 07:14 - 2012-06-30 07:15 - 00014721 ____A C:\Users\Miguel\Downloads\-_Demonoid.me_-The_Walking_Dead_EP_1_2_Cracked_NoGrp_557626.9954.torrent
    2012-06-29 09:02 - 2012-06-29 09:02 - 00014709 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Chronicle[2012]DVDrip[ENG]_557626.9954.torrent
    2012-06-29 07:48 - 2012-06-29 07:48 - 00022875 ____A C:\Users\Miguel\Downloads\Suits.S02E03.HDTV.x264-ASAP.[VTV].torrent
    2012-06-29 07:45 - 2011-07-18 09:25 - 00000012 ____A C:\Users\All Users\ReminderNextRun
    2012-06-28 01:35 - 2012-06-28 01:35 - 00005064 ____A C:\Users\Miguel\Downloads\Futurama.S07E03.HDTV.x264-ASAP.[eztv].torrent
    2012-06-27 09:11 - 2012-06-27 09:11 - 00034785 ____A C:\Users\Miguel\Downloads\The_League_of_Extraordinary_Gentlemen_Century_03_'2009'_(2012)Minutemen_DTs-[Demonoid.me]_557626.9954.torrent
    2012-06-27 09:10 - 2012-06-27 09:10 - 00034785 ____A C:\Users\Miguel\Downloads\9641.tmp
    2012-06-26 05:56 - 2009-09-09 04:24 - 00465615 ____A C:\Windows\DirectX.log
    2012-06-21 02:58 - 2012-06-21 02:58 - 00012091 ____A C:\Users\Miguel\Downloads\Conan.2012.06.18.Martin.Short-Aubrey.Plaza.HDTV.x264-2HD.[eztv].torrent
    2012-06-15 07:26 - 2012-06-15 07:26 - 00045189 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-No_More_Heroes_2_Desperate_Struggle_[NTSC_U]_557626.9954.torrent
    2012-06-15 07:25 - 2012-06-15 07:26 - 00017310 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-Wii_No_More_Heroes_Compressed_and_Scrubbed!_557626.9954.torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007468 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E03.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 07:15 - 2012-06-10 07:15 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:53 - 2012-06-10 06:53 - 00007448 ____A C:\Users\Miguel\Downloads\Happy.Endings.S02E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 06:11 - 2012-06-10 06:11 - 00023669 ____A C:\Users\Miguel\Downloads\Suits_Season_1_Complete-[Demonoid.me]_557626.9954.torrent
    2012-06-10 05:15 - 2012-06-10 05:15 - 00007489 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E13.Why.Cant.You.Read.Me.HDTV.XviD-FQM.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E12.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 05:14 - 2012-06-10 05:14 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E11.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E10.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:28 - 2012-06-10 03:28 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E09.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 03:27 - 2012-06-10 03:27 - 00007414 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E08.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E07.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:12 - 2012-06-10 02:12 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E06.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:03 - 2012-06-10 02:03 - 00007458 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E05.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 02:02 - 2012-06-10 02:02 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E04_HDTV_XviD-LOL.6333299.TPB.torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E02.HDTV.XviD-LOL.[eztv].torrent
    2012-06-10 01:38 - 2012-06-10 01:38 - 00007492 ____A C:\Users\Miguel\Downloads\Happy_Endings_S01E03_HDTV_XviD-LOL.6333282.TPB.torrent
    2012-06-09 23:55 - 2012-06-09 23:55 - 00007498 ____A C:\Users\Miguel\Downloads\Happy.Endings.S01E01.HDTV.XviD-LOL.[eztv].torrent
    2012-06-09 09:41 - 2012-06-09 09:41 - 00012907 ____A C:\Users\Miguel\Downloads\Young_Justice_Invasion_207_Depths_C_P_-(Demonoid.me)_557626.9954.torrent
    2012-06-09 08:52 - 2012-06-09 08:52 - 00014451 ____A C:\Users\Miguel\Downloads\[]Demonoid.me[]-The_Legend_of_Korra_S01E09_Out_of_the_Past[720p][Secludedly]_557626.9954.torrent
    2012-06-09 02:53 - 2012-06-09 02:53 - 00022119 ____A C:\Users\Miguel\Downloads\Desperate.Housewives.S08E22E23.HDTV.x264-LOL.[eztv].torrent
    2012-06-08 20:20 - 2012-06-08 20:20 - 00016092 ____A C:\Users\Miguel\Downloads\MythBusters.S10E09.Mailbag.Special.REPACK.HDTV.x264-YesTV.[eztv].torrent
    2012-06-07 08:20 - 2012-06-07 08:20 - 00014625 ____A C:\Users\Miguel\Downloads\o-Demonoid.me-o_Superman_vs_The_Elite_2012_Dvdrip_557626.9954.torrent
    2012-06-06 19:18 - 2010-04-08 05:42 - 00000926 ____A C:\Users\Miguel\Desktop\Dropbox.lnk
    2012-06-05 19:48 - 2012-06-05 19:48 - 00013332 ____A C:\Users\Miguel\Downloads\Hells.Kitchen.US.S10E01.PDTV.x264-LOL.[eztv].torrent
    2012-06-05 03:20 - 2012-06-05 03:20 - 00020759 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Revenge_The_Complete_Season_1_[HDTV]_EXTRA_557626.9954.torrent
    2012-06-02 19:17 - 2012-06-02 19:17 - 00014696 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_The_Legend_of_Korra_S01E08_When_Extremes_Meet[720p][Secludedly]_557626.9954.torrent
    2012-06-02 19:16 - 2012-06-02 19:16 - 00012427 ____A C:\Users\Miguel\Downloads\(Demonoid.me)-The_Legend_of_Korra_S01E08_When_Extremes_Meet[720p][Secludedly]_557626.9954.torrent
    2012-06-02 19:16 - 2012-06-02 19:16 - 00010921 ____A C:\Users\Miguel\Downloads\Young_Justice_S02_E06_Animated-((Demonoid.me))_557626.9954.torrent
    2012-06-02 09:18 - 2012-06-02 09:18 - 00029861 ____A C:\Users\Miguel\Downloads\Call_of_Duty_Modern_Warfare_3_[Wii][Pal][Scrubbed]_TLS_o-Demonoid.me-o.torrent
    2012-06-01 08:23 - 2012-06-01 08:23 - 00012374 ____A C:\Users\Miguel\Downloads\StarForge_V0.1.torrent
    2012-05-30 22:56 - 2012-05-30 22:56 - 00014357 ____A C:\Users\Miguel\Downloads\Cougar.Town.S03E14E15.HDTV.x264.PROPER-LOL.[eztv].torrent
    2012-05-29 22:54 - 2012-05-29 22:54 - 00000000 ____A C:\Windows\SysWOW64\debug.log
    2012-05-26 20:09 - 2012-05-26 20:09 - 00014160 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_Young_Justice_Invasion_205_Beneath_C_P__557626.9954.torrent
    2012-05-10 20:39 - 2012-05-10 20:39 - 00011115 ____A C:\Users\Miguel\Downloads\+-Demonoid.me-+_Adventure_Time_4x07_In_Your_Footsteps_720p_5_1_aac_557626.9954.torrent
    2012-05-09 09:31 - 2012-05-09 09:31 - 00013433 ____A C:\Users\Miguel\Downloads\Glee.3x19.(HDTV-x264-LOL)[VTV].torrent
    2012-05-08 01:23 - 2012-05-08 01:23 - 00015217 ____A C:\Users\Miguel\Downloads\-_Demonoid.me_-Chuck_Season_5_BDRip_XviD_REWARD_557626.9954.torrent
    2012-05-07 22:15 - 2012-05-07 22:15 - 00005287 ____A C:\Users\Miguel\Downloads\The.Simpsons.S23E20.HDTV.x264-LOL.[eztv].torrent
    2012-05-07 21:21 - 2012-05-07 21:21 - 00012462 ____A C:\Users\Miguel\Downloads\MythBusters.S05E06.More.Myths.Reopened.READNFO.HDTV.x264-MiNDTHEGAP.[eztv].torrent
    2012-05-07 21:21 - 2012-05-07 21:21 - 00009200 ____A C:\Users\Miguel\Downloads\House.S08E20.HDTV.x264-LOL.[eztv].torrent
    2012-05-07 06:17 - 2012-05-07 06:17 - 00014473 ____A C:\Users\Miguel\Downloads\The_Fairly_OddParents_805_Meet_the_OddParents_+-Demonoid.me-+_557626.9954.torrent
    2012-05-07 06:16 - 2012-05-07 06:16 - 00014413 ____A C:\Users\Miguel\Downloads\The_Fairly_OddParents_802_Timmy's_Secret_Wish_[HDTV][TT]-(Demonoid.me)_557626.9954.torrent
    2012-05-07 03:08 - 2012-05-07 03:08 - 00001728 ____A C:\Users\Public\Desktop\QtOctave.lnk
    2012-05-07 03:02 - 2012-05-05 00:36 - 00000948 ____A C:\Users\Miguel\Desktop\GUI Octave.lnk
    2012-05-05 17:55 - 2012-05-05 17:55 - 00003888 ____A C:\Windows\SysWOW64\Drivers\NTHANDLE.SYS
    2012-05-05 00:33 - 2012-05-05 00:32 - 00383832 ____A C:\Users\Miguel\AppData\Local\dd_vcredistMSI0F6B.txt
    2012-05-05 00:33 - 2012-05-05 00:32 - 00011974 ____A C:\Users\Miguel\AppData\Local\dd_vcredistUI0F6B.txt
    2012-05-04 04:22 - 2009-09-08 07:11 - 00000786 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-04-30 23:12 - 2012-04-30 23:12 - 00013538 ____A C:\Users\Miguel\Downloads\x-Demonoid.me-x_Adventure_Time_Return_to_the_Nightosphere_720p_557626.9954.torrent
    2012-04-30 23:12 - 2012-04-30 23:12 - 00012670 ____A C:\Users\Miguel\Downloads\Adventure_Time_Daddy's_Little_Monster_720p-[[Demonoid.me]]_557626.9954.torrent
    2012-04-30 21:19 - 2012-04-30 21:19 - 00008020 ____A C:\Users\Miguel\Downloads\House.S08E19.HDTV.x264-LOL.[eztv].torrent
    2012-04-29 20:15 - 2012-04-29 20:15 - 00007365 ____A C:\Users\Miguel\Downloads\Family.Guy.S10E19.HDTV.XviD-2HD.[eztv].torrent
    2012-04-29 08:02 - 2012-04-29 08:02 - 00014447 ____A C:\Users\Miguel\Downloads\Mythbusters.S10E05.Battle.of.The.Sexes.HDTV.XviD-FQM.[eztv].torrent
    2012-04-27 21:30 - 2012-04-27 21:30 - 00043970 ____A C:\Users\Miguel\Downloads\++Demonoid.me++-Legend_of_Korra_S01E04_The_Voice_in_the_Night_(Full_HD_720p_by_avatarchapters_tv)_557626.9954.torrent
    2012-04-26 06:48 - 2012-04-26 06:48 - 00000850 ____A C:\Users\Miguel\MHGibbsTrans.m
    2012-04-26 06:48 - 2012-04-26 06:48 - 00000844 ____A C:\Users\Miguel\MHSWTrans.m
    2012-04-26 04:24 - 2012-04-26 04:24 - 00018736 ____A C:\Users\Miguel\Downloads\(Demonoid.me)-The_Walking_Dead_Episode_1_RELOADED_557626.9954.torrent
    2012-04-26 01:53 - 2012-04-26 01:53 - 00017626 ____A C:\Users\Miguel\Downloads\The_Walking_Dead_Episode_1_(430mb)_+-Demonoid.me-+_557626.9954.torrent
    2012-04-25 22:05 - 2012-04-25 22:05 - 00012104 ____A C:\Users\Miguel\Downloads\Glee.3x17.(HDTV-x264-LOL)[VTV].torrent
    2012-04-20 19:28 - 2012-04-20 19:28 - 00019851 ____A C:\Users\Miguel\Downloads\((Demonoid.me))-Body_Of_Proof_Season_2_[HDTVRip]_cOOt_557626.9954.torrent
    2012-04-20 19:28 - 2012-04-20 19:28 - 00012452 ____A C:\Users\Miguel\Downloads\Body_Of_Proof_Season_2_[HDTVRip]_cOOt_-Demonoid.me-__557626.9954.torrent
    2012-04-20 11:55 - 2012-04-20 11:55 - 00002119 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-04-17 19:12 - 2012-04-17 19:12 - 00013864 ____A C:\Users\Miguel\Downloads\Glee.3x16.(HDTV-x264-LOL)[VTV].torrent
    2012-04-17 06:12 - 2012-04-17 06:12 - 00013535 ____A C:\Users\Miguel\Downloads\Adventure_Time_with_Finn_and_Jake_402a_Web_Weirdos-(Demonoid.me)_557626.9954.torrent
    2012-04-16 21:48 - 2012-04-16 21:48 - 00008780 ____A C:\Users\Miguel\Downloads\House.S08E17.HDTV.x264-LOL.[eztv].torrent
    2012-04-16 06:45 - 2012-04-16 06:45 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-04-15 19:42 - 2012-04-15 19:42 - 00004487 ____A C:\Users\Miguel\Downloads\The.Simpsons.S23E18.HDTV.x264-LOL.[eztv].torrent
    2012-04-15 08:30 - 2012-04-15 08:30 - 00014355 ____A C:\Users\Miguel\Downloads\[[Demonoid.me]]-Young_Justice_125_Usual_Suspects_C_P__557626.9954.torrent
    2012-04-15 08:30 - 2012-04-15 08:30 - 00014355 ____A C:\Users\Miguel\Downloads\(Demonoid.me)-Young_Justice_125_Usual_Suspects_C_P__557626.9954.torrent


    ZeroAccess:
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\L
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\L\00000004.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\L\201d3dde
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\00000004.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\00000008.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\000000cb.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\80000032.@
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694}\U\80000064.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-04-11 08:24] - [2009-04-11 08:24] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 4093.69 MB
    Available physical RAM: 3411.89 MB
    Total Pagefile: 3829.96 MB
    Available Pagefile: 3504.67 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    2 Drive c: (Wolf) (Fixed) (Total:931.51 GB) (Free:571.01 GB) NTFS
    3 Drive e: (Hart) (Fixed) (Total:931.51 GB) (Free:14.62 GB) NTFS
    4 Drive f: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1219.51 GB) NTFS
    5 Drive g: (LRMCXFRE_EN_DVD) (CDROM) (Total:3.57 GB) (Free:0 GB) UDF
    6 Drive h: (Miguel) (Removable) (Total:3.72 GB) (Free:3.59 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (Ram) (Fixed) (Total:931.51 GB) (Free:2.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 932 GB 1721 KB
    Disk 1 Online 932 GB 1688 KB
    Disk 2 Online 932 GB 1721 KB
    Disk 3 Online 1863 GB 1081 KB
    Disk 4 Online 3827 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 Y Ram NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Wolf NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Hart NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F New Volume NTFS Partition 1863 GB Healthy

    ==================================================================================

    Partitions of Disk 4:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3821 MB 16 KB

    ==================================================================================

    Disk: 4
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 H Miguel FAT32 Removable 3821 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-06 01:49

    ======================= End Of Log ==========================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good job :)

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  15. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Here we go.

    Farbar Recovery Scan Tool Version: 03-07-2012 01
    Ran by SYSTEM at 2012-07-07 11:52:20
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-04-11 08:24] - [2009-04-11 08:24] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-04-11 08:24] - [2009-04-11 08:24] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\SysWOW64\services.exe
    [2009-04-11 08:24] - [2009-04-11 08:24] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\System32\services.exe
    [2009-04-11 08:24] - [2009-04-11 08:24] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

    ====== End Of Search ======
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  17. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Fixlog.txt is below. Combofix is currently running and I'll post the log as soon as it's done. Thanks for all the help so far!

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-07-2012 01
    Ran by SYSTEM at 2012-07-07 12:25:10 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{5f85b80a-15fe-f376-3713-51a7ed233694} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  18. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    Combofix log here!

    ComboFix 12-07-06.02 - Miguel 07/07/2012 12:42:04.1.4 - x64
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2488 [GMT 8:00]
    Running from: c:\users\Miguel\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Miguel\AppData\Local\.#
    c:\users\Public\HoNClient-0.1.49.exe
    c:\users\Taks\ChromeSetup.exe
    c:\users\Taks\Documents\~WRL0001.tmp
    c:\windows\apppatch\AppLoc.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\IsUn0411.exe
    c:\windows\SysWow64\DEBUG.log
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\crlogo.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\exportd.gif
    c:\windows\SysWow64\images\toolbar\First.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\Firstd.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\gotopaged.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreed.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\Last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\Lastd.gif
    c:\windows\SysWow64\images\toolbar\Next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\Nextd.gif
    c:\windows\SysWow64\images\toolbar\Prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\Prevd.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\printd.gif
    c:\windows\SysWow64\images\toolbar\Refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\Search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\searchd.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\Magnify.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-07 04:51 . 2012-07-07 04:51--------d-----w-c:\users\Taks\AppData\Local\temp
    2012-07-07 04:51 . 2012-07-07 04:51--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-06 04:45 . 2012-07-06 04:45--------d-----w-C:\FRST
    2012-07-01 13:40 . 2012-07-01 13:40--------d-----w-c:\users\Miguel\AppData\Local\ESET
    2012-07-01 10:28 . 2012-07-01 10:28--------d-----w-c:\program files (x86)\Windows Resource Kits
    2012-07-01 09:44 . 2012-07-01 09:44--------d-----w-c:\users\Miguel\AppData\Roaming\Malwarebytes
    2012-07-01 09:44 . 2012-07-01 09:44--------d-----w-c:\programdata\Malwarebytes
    2012-07-01 09:44 . 2012-07-01 09:44--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-01 09:44 . 2012-04-04 07:5624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-01 08:22 . 2012-07-01 08:22--------d-----w-C:\TDSSKiller_Quarantine
    2012-07-01 08:13 . 2012-07-01 10:41--------d-----w-c:\program files\ESET
    2012-07-01 06:43 . 2012-07-01 06:43--------d-----w-c:\users\Miguel\AppData\Local\ElevatedDiagnostics
    2012-06-23 07:02 . 2012-06-23 07:02--------d-----w-c:\program files\Mercurial
    2012-06-21 14:40 . 2012-06-21 14:40--------d-----w-C:\Go
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-06 01:55 . 2012-05-06 01:553888----a-w-c:\windows\SysWow64\drivers\NTHANDLE.SYS
    2012-04-16 14:45 . 2012-04-16 14:45404640----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
    "PlayOn"="c:\program files (x86)\MediaMall\PlayOn.exe" [2010-04-02 53248]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    "AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-05-20 4818728]
    "DS3 Tool"="c:\progra~1\MOTION~1\ds3\DS3_Tool.exe" [2011-07-10 110352]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-04 1242448]
    "F.lux"="c:\users\Miguel\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "MusicManager"="c:\users\Miguel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-19 880496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-10-21 64048]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
    "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2011-06-25 136600]
    .
    c:\users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Miguel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-07 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 04:15]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-09 17:02]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-09 17:02]
    .
    2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000Core.job
    - c:\users\Miguel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-07 14:00]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000UA.job
    - c:\users\Miguel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-07 14:00]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Miguel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]
    "Skytel"="Skytel.exe" [2008-07-24 1833504]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-07-02 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.daemon-search.com/startpage
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: Interfaces\{C3B6B378-6658-46F8-9CCC-F2D1C37917D5}: NameServer = 8.8.8.8
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\c5t4xt2g.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-05609132.sys
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    AddRemove-ViewIng - c:\windows\IsUn0411.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Google\Chrome Remote Desktop\remoting_service.exe
    c:\program files (x86)\Google\Chrome Remote Desktop\remoting_me2me_host.exe
    c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    c:\program files (x86)\TightVNC\tvnserver.exe
    c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-07 13:00:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-07 05:00
    .
    Pre-Run: 613,555,638,272 bytes free
    Post-Run: 615,936,552,960 bytes free
    .
    - - End Of File - - 7048EAEEFDD019410E1E742B4D739B5D
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good :)

    How is computer doing?

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==========================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    I haven't reconnected it to the internet since running Combofix, but my antivirus isn't giving me warnings anymore :D I'll start running Malwarebytes now.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good :)

    You have to reconnect to update MBAM.
     
  22. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    I notice that I no longer have access to the Documents and Settings folder, or to my Application Data folder (I've got Administrator privileges), which I've not had problems with before. Is this normal?

    Here's the log from MBAM; will paste OTL logs in a minute:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.07.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    Miguel :: BADHORSE [administrator]

    7/7/2012 1:27:51 PM
    mbam-log-2012-07-07 (13-27-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239902
    Time elapsed: 4 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  23. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    OTL.Txt (I don't see any Extras.txt on my desktop):

    OTL logfile created on: 7/7/2012 1:35:49 PM - Run 2
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Miguel\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 52.45% Memory free
    8.20 Gb Paging File | 6.30 Gb Available in Paging File | 76.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.51 Gb Total Space | 573.70 Gb Free Space | 61.59% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 2.61 Gb Free Space | 0.28% Space Free | Partition Type: NTFS
    Drive E: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 931.51 Gb Total Space | 14.63 Gb Free Space | 1.57% Space Free | Partition Type: NTFS
    Drive G: | 1863.01 Gb Total Space | 1226.18 Gb Free Space | 65.82% Space Free | Partition Type: NTFS

    Computer Name: BADHORSE | User Name: Miguel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/07 13:34:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Miguel\Desktop\OTL.exe
    PRC - [2012/06/14 22:05:06 | 006,688,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_me2me_host.exe
    PRC - [2012/06/14 22:05:06 | 000,343,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_service.exe
    PRC - [2012/06/02 07:17:16 | 013,806,592 | ---- | M] (Google Inc.) -- C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    PRC - [2012/05/25 02:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Miguel\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/20 00:40:52 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/08/04 15:03:18 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/07/08 21:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
    PRC - [2010/05/20 19:50:56 | 004,818,728 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
    PRC - [2010/04/02 22:02:58 | 000,053,248 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\PlayOn.exe
    PRC - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2009/10/22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    PRC - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2009/10/22 04:43:30 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
    PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    PRC - [2009/08/29 14:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Miguel\Local Settings\Apps\F.lux\flux.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/07 12:55:30 | 000,079,480 | ---- | M] () -- C:\jexepackres\JX8A610\miniupnpc.dll
    MOD - [2012/07/07 12:55:30 | 000,034,166 | ---- | M] () -- C:\jexepackres\JX8A610\natpmp.dll
    MOD - [2012/06/29 23:46:54 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/29 23:46:50 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/06/29 23:46:50 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/29 23:46:50 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/29 23:46:50 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/06/02 07:06:02 | 000,344,064 | ---- | M] () -- C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    MOD - [2012/06/02 07:05:48 | 000,346,624 | ---- | M] () -- C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    MOD - [2012/06/02 07:04:48 | 000,198,656 | ---- | M] () -- C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    MOD - [2012/06/02 07:04:46 | 000,364,032 | ---- | M] () -- C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/05/20 19:50:56 | 004,818,728 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
    MOD - [2009/10/22 04:43:58 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
    MOD - [2009/10/22 04:43:46 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
    MOD - [2009/08/29 14:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Miguel\Local Settings\Apps\F.lux\flux.exe
    MOD - [2009/05/26 21:06:28 | 000,913,408 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2009/04/12 00:55:45 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\35f20a6b69d5c7033b4b1873456e5074\System.ServiceProcess.ni.dll
    MOD - [2009/04/12 00:55:41 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
    MOD - [2009/04/12 00:55:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
    MOD - [2009/04/12 00:54:48 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
    MOD - [2009/04/12 00:54:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2010/02/06 12:33:47 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/03/12 20:02:28 | 004,761,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV:64bit: - [2008/01/21 10:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/01/21 10:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
    SRV - [2012/06/14 22:05:06 | 000,343,064 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\remoting_service.exe -- (chromoting) @C:\Program Files (x86)
    SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/07/08 21:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
    SRV - [2010/04/02 22:05:28 | 003,359,600 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
    SRV - [2010/02/06 12:33:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2009/10/22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
    SRV - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/05/23 07:34:34 | 000,851,968 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2009/04/12 00:24:52 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2010/10/21 15:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
    DRV:64bit: - [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/02/24 14:12:34 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
    DRV:64bit: - [2009/10/22 04:45:28 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2009/10/22 04:45:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
    DRV:64bit: - [2009/10/22 04:45:22 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
    DRV:64bit: - [2009/10/22 04:45:14 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2009/10/22 04:45:12 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2009/10/22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2009/10/22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2009/10/22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2009/06/10 15:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
    DRV:64bit: - [2008/09/17 19:52:20 | 000,184,320 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/07/20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/01/21 10:50:10 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2008/01/21 10:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV - [2009/10/12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2009/09/07 21:53:37 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
    DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
    DRV - [1999/05/05 06:22:00 | 000,008,944 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbscan.sys -- (usbscan)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miguel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miguel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Miguel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/07/01 18:41:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/01 14:15:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/01 14:15:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/07/01 18:41:10 | 000,000,000 | ---D | M]

    [2010/02/01 19:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miguel\AppData\Roaming\Mozilla\Extensions
    [2010/02/01 19:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miguel\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2012/07/01 17:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\c5t4xt2g.default\extensions
    [2012/07/01 17:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2009/09/07 22:38:09 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Miguel\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miguel\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miguel\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Miguel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Chrome Remote Desktop BETA = C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\1.5.1132.18_0\
    CHR - Extension: Bastion = C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\

    O1 HOSTS File: ([2012/07/07 12:54:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
    O3 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
    O3:64bit: - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [F.lux] C:\Users\Miguel\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [MusicManager] C:\Users\Miguel\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Miguel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Taks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1954714350-379289342-1461462268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Domains: amazon.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: hulu.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: youtube.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: amazon.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: hulu.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: youtube.com ([]* in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3B6B378-6658-46F8-9CCC-F2D1C37917D5}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3B6B378-6658-46F8-9CCC-F2D1C37917D5}: NameServer = 8.8.8.8
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Miguel\Pictures\wallpaper\maldives.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Miguel\Pictures\wallpaper\maldives.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/07 13:34:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Miguel\Desktop\OTL.exe
    [2012/07/07 12:54:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/07 12:34:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/07 12:34:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/07 12:34:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/06 12:45:07 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/02 21:18:37 | 004,573,044 | R--- | C] (Swearware) -- C:\Users\Miguel\Desktop\ComboFix.exe
    [2012/07/02 20:55:40 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/02 20:55:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/01 21:40:42 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\ESET
    [2012/07/01 18:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2012/07/01 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support Logs
    [2012/07/01 18:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
    [2012/07/01 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Roaming\Malwarebytes
    [2012/07/01 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/01 17:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/01 17:44:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/01 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/01 16:22:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/01 16:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2012/07/01 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/07/01 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\ElevatedDiagnostics
    [2012/07/01 14:41:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
    [2012/07/01 14:41:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
    [2012/07/01 14:41:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
    [2012/06/30 15:10:19 | 000,000,000 | ---D | C] -- C:\Users\Miguel\Desktop\apollo
    [2012/06/23 15:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mercurial 2.2.2
    [2012/06/23 15:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mercurial
    [2012/06/21 22:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Programming Language
    [2012/06/21 22:40:07 | 000,000,000 | ---D | C] -- C:\Go
    [2012/06/16 15:17:46 | 000,000,000 | ---D | C] -- C:\Users\Miguel\Desktop\Wii Game Manager
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/07 13:35:25 | 000,760,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/07 13:35:25 | 000,644,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/07 13:35:25 | 000,119,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/07 13:34:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Miguel\Desktop\OTL.exe
    [2012/07/07 12:59:10 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000UA.job
    [2012/07/07 12:54:23 | 000,069,981 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/07/07 12:54:23 | 000,069,981 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/07/07 12:54:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/07 12:54:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/07 12:53:52 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/07 12:53:52 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/07 12:53:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/07 12:26:10 | 004,573,044 | R--- | M] (Swearware) -- C:\Users\Miguel\Desktop\ComboFix.exe
    [2012/07/07 10:53:42 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/07 10:13:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/07/07 04:58:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1954714350-379289342-1461462268-1000Core.job
    [2012/07/06 17:49:56 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/07/06 17:49:56 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/07/03 22:56:42 | 000,111,616 | ---- | M] () -- C:\Users\Miguel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/01 17:44:20 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 15:28:49 | 000,001,101 | ---- | M] () -- C:\Users\Miguel\Desktop\Spybot - Search & Destroy.lnk
    [2012/07/01 14:37:11 | 001,179,648 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
    [2012/07/01 14:37:11 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
    [2012/07/01 14:37:11 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
    [2012/07/01 10:59:34 | 000,002,047 | ---- | M] () -- C:\Users\Miguel\Desktop\Google Chrome.lnk
    [2012/07/01 10:59:34 | 000,002,009 | ---- | M] () -- C:\Users\Miguel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/06/29 23:45:29 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/07 12:34:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/07 12:34:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/07 12:34:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/07 12:34:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/07 12:34:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/06 17:47:31 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/07/06 17:47:31 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/07/01 17:44:20 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 15:28:49 | 000,001,101 | ---- | C] () -- C:\Users\Miguel\Desktop\Spybot - Search & Destroy.lnk
    [2012/07/01 14:37:03 | 001,179,648 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
    [2012/07/01 14:37:03 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
    [2012/07/01 14:37:03 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
    [2012/05/06 09:55:12 | 000,003,888 | ---- | C] () -- C:\Windows\SysWow64\drivers\NTHANDLE.SYS
    [2012/04/26 22:48:37 | 000,000,850 | ---- | C] () -- C:\Users\Miguel\MHGibbsTrans.m
    [2012/04/26 22:48:23 | 000,000,844 | ---- | C] () -- C:\Users\Miguel\MHSWTrans.m
    [2011/07/19 01:25:57 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
    [2011/05/15 12:17:32 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2011/04/23 18:18:45 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
    [2011/03/28 20:34:53 | 000,090,636 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2010/12/13 22:08:15 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\DECODER.DLL
    [2010/10/19 23:16:45 | 000,000,680 | ---- | C] () -- C:\Users\Miguel\AppData\Local\d3d9caps.dat
    [2010/09/12 18:03:59 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
    [2009/09/07 23:40:16 | 000,024,226 | ---- | C] () -- C:\Users\Miguel\AppData\Roaming\UserTile.png
    [2009/09/07 21:44:15 | 000,069,981 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/09/07 21:44:07 | 000,069,981 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/09/07 21:37:27 | 000,111,616 | ---- | C] () -- C:\Users\Miguel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/07 21:32:47 | 000,000,732 | ---- | C] () -- C:\Users\Miguel\AppData\Local\d3d9caps64.dat

    ========== LOP Check ==========

    [2009/10/07 20:30:51 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\.emacs.d
    [2011/11/19 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\.minecraft
    [2012/03/29 20:59:37 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\.techniclauncher
    [2011/08/06 19:46:32 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\AtomZombieData
    [2011/02/14 20:18:21 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\AtomZombieDemoData
    [2012/03/09 19:09:06 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Bitcoin
    [2009/11/06 00:40:32 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Console
    [2009/09/21 01:46:07 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\DAEMON Tools Lite
    [2012/03/31 19:43:27 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Doublefine
    [2012/07/07 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Dropbox
    [2010/02/01 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Flickr
    [2012/05/20 15:43:47 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\fltk.org
    [2009/09/07 22:38:28 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Foxit
    [2011/01/13 19:53:47 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Foxit Software
    [2010/11/26 23:55:52 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\GetRightToGo
    [2011/03/31 17:45:19 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\HandBrake
    [2009/10/31 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\ImgBurn
    [2011/08/06 13:06:25 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Lazy 8 Studios
    [2010/10/09 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\MotioninJoy
    [2009/09/07 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Opera
    [2012/03/10 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Origin
    [2009/09/07 23:40:16 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\PeerNetworking
    [2010/03/15 20:37:26 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\RenPy
    [2010/12/23 23:29:09 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\ScummVM
    [2009/10/16 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Subversion
    [2012/07/07 13:36:41 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\uTorrent
    [2010/11/26 23:57:25 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\Winsome Technologies
    [2011/05/16 00:59:33 | 000,000,000 | ---D | M] -- C:\Users\Miguel\AppData\Roaming\X-Chat 2
    [2010/04/18 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\.purple
    [2010/04/18 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\Autodesk
    [2010/04/18 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\Design Science
    [2010/04/18 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\Dev-Cpp
    [2010/04/18 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\Foxit
    [2010/04/18 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\gtk-2.0
    [2010/04/18 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\National Instruments
    [2010/04/18 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\Songbird2
    [2010/04/18 17:17:53 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\Ufasoft
    [2010/04/18 17:17:53 | 000,000,000 | ---D | M] -- C:\Users\Taks\AppData\Roaming\uTorrent
    [2012/07/07 12:51:54 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    What exactly happens?
     
  25. Miguel A

    Miguel A TS Rookie Topic Starter Posts: 31

    "C:\Users\Miguel\Application Data is not accessible. Access is denied."

    Same for C:\Documents and Settings. If I cd into there from the command prompt and try to list the contents, it prints "File Not Found".

    On closer inspection, though, I just realized that these are all shortcuts. I think the correct directory is C:\Users\Miguel\AppData? This directory works fine, and seems to contain the files I expected to find in Application Data.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...