TechSpot

Serifef.ab and p

Solved
By Sistrunk
Dec 9, 2012
  1. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:22 on 01/01/2013 by Jose
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "ms0cfg32.exe"
    No files found.

    -= EOF =-
     
  2. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    It looks like MBAM is reporting some non-existing file.
    That's why all other scans come up clean.
    As to why I'm not sure.

    1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
    2. Restart your computer (very important).
    3. Download and run this utility.
    4. It will ask to restart your computer (please allow it to).
    5. After the computer restarts, install the latest version from here.

    Run fresh scan afterwards.
     
  3. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

  4. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.01.04

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jose :: RYAN-LAPTOP [administrator]

    Protection: Enabled

    1/1/2013 8:49:29 PM
    MBAM-log-2013-01-01 (21-06-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218079
    Time elapsed: 16 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    c:\users\jose\appdata\local\temp\ms0cfg32.exe (Exploit.Drop.GS) -> No action taken.

    (end)
     
  5. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    It must be some MBAM glitch.
    I don't see anything malicious anywhere else and I assume your computer is behaving properly?

    Let's run one more check with FRST.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  6. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 21 days old)
    Ran by SYSTEM at 01-01-2013 21:45:42
    Running from E:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKLM-x32\...\Run: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe" [378128 2010-01-14] (PC Tools)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Jose\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: [NameServer]8.26.56.26,156.154.70.22
    Tcpip\..\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: [NameServer]8.26.56.26,156.154.70.22

    ==================== Services (Whitelisted) ===================

    4 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1054568 2010-03-27] (Acronis)
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-11-21] (Acronis)
    2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-19] ()
    4 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
    2 jjtAutoLaunch; "C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe" [114688 2002-01-22] (Sound Devices, LLC)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-24] ()
    2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] ()
    4 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
    2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe service [70928 2010-01-14] (PC Tools)
    4 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-09-24] ()
    4 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-09-24] ()
    3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV [4999680 2011-07-27] (Moonware Studios)
    2 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [28672 2011-08-26] (http://libusb-win32.sourceforge.net)
    3 Linksys_adapter; C:\Windows\System32\DRIVERS\AE1200vista64.sys [1227840 2011-03-30] (Broadcom Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-11-21] (Acronis)
    0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
    3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
    0 TfSysMon; C:\Windows\System32\Drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
    2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-25] (Cyberlink Corp.)
    1 Beep; [x]
    4 eabfiltr; [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-01 17:38 - 2013-01-01 17:38 - 00000000 ____D C:\Users\Jose\Application Data\Malwarebytes
    2013-01-01 17:38 - 2013-01-01 17:38 - 00000000 ____D C:\Users\Jose\AppData\Roaming\Malwarebytes
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000948 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2013-01-01 17:36 - 2013-01-01 17:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-01 17:36 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-01-01 17:32 - 2013-01-01 17:35 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Jose\Desktop\mbam-setup-1.70.0.1100.exe
    2013-01-01 17:26 - 2013-01-01 17:28 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Jose\Desktop\mbam-clean-1.60.2.0003.exe
    2013-01-01 16:22 - 2013-01-01 16:27 - 00000426 ____A C:\Users\Jose\Desktop\SystemLook.txt
    2013-01-01 16:21 - 2013-01-01 16:21 - 00165376 ____A C:\Users\Jose\Desktop\SystemLook_x64.exe
    2013-01-01 15:12 - 2013-01-01 15:13 - 00002218 ____A C:\Users\Jose\Desktop\Result.txt
    2013-01-01 15:12 - 2013-01-01 15:12 - 00815681 ____A (Farbar) C:\Users\Jose\Downloads\ListParts64(1).exe
    2013-01-01 15:10 - 2013-01-01 15:11 - 00815681 ____A (Farbar) C:\Users\Jose\Desktop\ListParts64.exe
    2013-01-01 12:04 - 2013-01-01 12:05 - 15952832 ____A (Foxit Corporation ) C:\Users\Jose\Desktop\FoxitReader544.1128_enu_Setup(1).exe
    2013-01-01 11:47 - 2013-01-01 12:10 - 00000000 ____D C:\Users\Jose\Desktop\New Folder (3)
    2012-12-31 09:51 - 2012-12-31 09:51 - 00062539 ____A C:\ComboFix.txt
    2012-12-31 09:03 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-12-31 08:55 - 2012-12-31 08:55 - 00000000 ____A C:\Users\Jose\Desktop\New Text Document (2).txt
    2012-12-29 21:04 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-12-29 21:04 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-12-29 21:04 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-12-29 21:04 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-12-29 21:04 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-12-29 21:04 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-12-29 21:04 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-12-29 21:02 - 2012-12-31 09:51 - 00000000 ____D C:\Qoobox
    2012-12-29 21:00 - 2012-12-29 20:58 - 05015826 ____R (Swearware) C:\Users\Jose\Desktop\ComboFix.exe
    2012-12-29 20:59 - 2012-12-29 21:00 - 05015826 ____A (Swearware) C:\Users\Jose\Downloads\ComboFix(1).exe
    2012-12-29 20:58 - 2012-12-29 20:58 - 05015826 ____A (Swearware) C:\Users\Jose\Downloads\ComboFix.exe
    2012-12-29 19:30 - 2012-12-29 19:31 - 00000000 ____D C:\Users\Jose\Desktop\New Folder (2)
    2012-12-29 17:36 - 2012-12-29 17:50 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-12-29 17:36 - 2012-12-29 17:50 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-12-29 15:03 - 2012-12-29 15:03 - 00000000 ____D C:\Users\Jose\{0999de33-b52b-4756-9832-f0780bd5e174}
    2012-12-29 15:01 - 2012-12-29 15:01 - 00000000 ____D C:\Users\Jose\{4ed2df66-902c-44a9-a5ca-073f4f97296f}
    2012-12-29 14:50 - 2012-12-29 14:51 - 00271867 ____A C:\Users\Jose\Desktop\Windows6.0-KB2347290-x86.msu
    2012-12-29 14:49 - 2012-12-29 14:49 - 01131376 ____A C:\Users\Jose\Desktop\Windows6.0-KB975560-x86.msu
    2012-12-29 14:43 - 2012-12-29 14:44 - 00333195 ____A C:\Users\Jose\Downloads\Windows6.1-KB2347290-x86.msu
    2012-12-29 11:04 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-12-29 11:04 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-12-29 11:04 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-12-29 11:04 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-12-29 11:04 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-12-29 11:04 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-12-29 11:04 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-12-29 11:04 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-12-29 11:04 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-12-29 11:04 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-12-29 11:04 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-12-29 11:04 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-12-29 11:04 - 2009-07-14 04:19 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
    2012-12-29 11:04 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
    2012-12-29 10:32 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-12-29 10:32 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-12-29 10:32 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-12-29 10:32 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-12-29 10:32 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-12-29 10:32 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-12-29 10:32 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-12-29 10:32 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-12-29 10:32 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-12-29 10:32 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-12-29 10:32 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-12-29 10:32 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-12-29 10:32 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-12-29 10:32 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-12-29 10:32 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-12-29 10:32 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-12-29 10:32 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-12-29 10:32 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-12-29 10:32 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-12-29 10:32 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-12-29 10:32 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-12-29 10:32 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-12-29 10:31 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-12-29 10:31 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-12-29 10:31 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-12-29 10:31 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-12-29 10:31 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-12-29 10:31 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-12-29 10:31 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-12-29 10:31 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-12-29 10:31 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-12-29 10:31 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-12-29 10:28 - 2012-12-16 05:31 - 00048128 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-29 10:28 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-29 10:28 - 2012-12-16 03:08 - 00368128 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-29 10:28 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-29 10:26 - 2012-11-12 17:55 - 02770432 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-12-29 10:26 - 2012-11-12 17:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-12-29 10:26 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-12-29 10:26 - 2012-09-28 08:34 - 01210368 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-12-29 10:26 - 2012-09-28 08:13 - 00860160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-12-29 10:26 - 2012-09-25 08:31 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-12-29 10:26 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-12-29 10:26 - 2012-08-21 03:50 - 00267648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
    2012-12-29 10:21 - 2012-11-02 02:45 - 00477696 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2012-12-29 10:21 - 2012-11-02 02:45 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll
    2012-12-29 10:21 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2012-12-29 10:21 - 2012-11-02 00:59 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
    2012-12-29 10:21 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
    2012-12-29 10:14 - 2012-12-29 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-12-29 09:43 - 2012-12-29 09:43 - 00000490 ____A C:\JavaRa.log
    2012-12-29 09:39 - 2012-12-29 09:39 - 00000000 ____D C:\Users\All Users\Sun
    2012-12-29 09:39 - 2012-12-29 09:39 - 00000000 ____D C:\Users\All Users\Application Data\Sun
    2012-12-29 09:39 - 2012-12-29 09:37 - 00859072 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-12-29 09:39 - 2012-12-29 09:37 - 00779704 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-12-29 09:39 - 2012-12-29 09:37 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-12-29 09:38 - 2012-12-29 09:37 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-12-29 09:38 - 2012-12-29 09:37 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-12-29 09:38 - 2012-12-29 09:37 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-12-29 09:33 - 2012-12-29 09:34 - 00896016 ____A (Oracle Corporation) C:\Users\Jose\Downloads\jxpiinstall.exe
    2012-12-29 09:29 - 2012-12-29 09:31 - 15952832 ____A (Foxit Corporation ) C:\Users\Jose\Downloads\FoxitReader544.1128_enu_Setup.exe
    2012-12-29 08:41 - 2012-12-29 08:43 - 00856731 ____A C:\Users\Jose\Downloads\SecurityCheck.exe
    2012-12-28 22:18 - 2012-12-28 22:18 - 02322184 ____A (ESET) C:\Users\Jose\Downloads\esetsmartinstaller_enu.exe
    2012-12-28 22:11 - 2012-12-28 22:11 - 00448512 ____A (OldTimer Tools) C:\Users\Jose\Downloads\TFC.exe
    2012-12-28 20:15 - 2012-12-28 20:15 - 00998752 ____A (Solid State Networks) C:\Users\Jose\Downloads\install_reader10_en_mssd_aih(1).exe
    2012-12-28 18:43 - 2012-12-28 18:43 - 00602112 ____A (OldTimer Tools) C:\Users\Jose\Downloads\OTL(1).exe
    2012-12-28 18:37 - 2012-12-28 18:38 - 00602112 ____A (OldTimer Tools) C:\Users\Jose\Downloads\OTL.exe
    2012-12-28 18:06 - 2012-12-28 18:07 - 00998752 ____A (Solid State Networks) C:\Users\Jose\Downloads\install_reader10_en_mssd_aih.exe
    2012-12-28 17:18 - 2012-12-28 17:18 - 00000104 ____A C:\Users\Jose\Computer - Shortcut.lnk
    2012-12-28 16:53 - 2012-12-28 16:55 - 00000000 ____D C:\Users\Jose\Desktop\Souswitch
    2012-12-28 14:23 - 2012-12-28 16:11 - 00000000 ____D C:\Windows\erdnt
    2012-12-28 13:14 - 2012-12-28 16:36 - 00054024 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
    2012-12-28 13:14 - 2012-12-28 16:36 - 00045832 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
    2012-12-27 17:59 - 2012-12-27 17:59 - 00758784 ____A C:\Users\Jose\Downloads\RogueKiller.exe
    2012-12-27 17:46 - 2012-12-27 17:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AE1200vista64_01005.Wdf
    2012-12-27 17:44 - 2011-03-30 19:54 - 01227840 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\AE1200vista64.sys
    2012-12-27 17:44 - 2011-03-30 19:54 - 00095544 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlcoi.dll
    2012-12-27 17:44 - 2011-03-30 19:51 - 03900928 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvsrv64.dll
    2012-12-27 17:44 - 2011-03-30 19:51 - 03566592 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvui64.dll
    2012-12-27 17:44 - 2007-11-05 04:23 - 00040464 ___RA (CACE Technologies) C:\Windows\System32\Drivers\npf.sys
    2012-12-27 17:44 - 2006-11-02 06:04 - 01919968 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01005.dll
    2012-12-18 19:21 - 2012-12-18 19:21 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com


    ==================== One Month Modified Files and Folders =======

    2013-01-01 21:45 - 2013-01-01 21:45 - 00000000 ____D C:\FRST
    2013-01-01 18:35 - 2010-02-03 13:04 - 00196608 ____A C:\Windows\System32\Ikeext.etl
    2013-01-01 18:35 - 2009-02-12 14:44 - 01723920 ____A C:\Windows\WindowsUpdate.log
    2013-01-01 18:35 - 2006-11-02 07:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-01-01 18:35 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-01 18:35 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-01 18:35 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-01 18:34 - 2006-11-02 07:27 - 00191080 ____A C:\Windows\setupact.log
    2013-01-01 17:38 - 2013-01-01 17:38 - 00000000 ____D C:\Users\Jose\Application Data\Malwarebytes
    2013-01-01 17:38 - 2013-01-01 17:38 - 00000000 ____D C:\Users\Jose\AppData\Roaming\Malwarebytes
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000948 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-01 17:37 - 2013-01-01 17:37 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2013-01-01 17:37 - 2013-01-01 17:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-01 17:35 - 2013-01-01 17:32 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Jose\Desktop\mbam-setup-1.70.0.1100.exe
    2013-01-01 17:31 - 2011-02-23 13:21 - 00000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2013-01-01 17:30 - 2008-01-20 19:26 - 00235018 ____A C:\Windows\PFRO.log
    2013-01-01 17:28 - 2013-01-01 17:26 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Jose\Desktop\mbam-clean-1.60.2.0003.exe
    2013-01-01 17:09 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\tracing
    2013-01-01 16:27 - 2013-01-01 16:22 - 00000426 ____A C:\Users\Jose\Desktop\SystemLook.txt
    2013-01-01 16:21 - 2013-01-01 16:21 - 00165376 ____A C:\Users\Jose\Desktop\SystemLook_x64.exe
    2013-01-01 15:13 - 2013-01-01 15:12 - 00002218 ____A C:\Users\Jose\Desktop\Result.txt
    2013-01-01 15:12 - 2013-01-01 15:12 - 00815681 ____A (Farbar) C:\Users\Jose\Downloads\ListParts64(1).exe
    2013-01-01 15:11 - 2013-01-01 15:10 - 00815681 ____A (Farbar) C:\Users\Jose\Desktop\ListParts64.exe
    2013-01-01 12:10 - 2013-01-01 11:47 - 00000000 ____D C:\Users\Jose\Desktop\New Folder (3)
    2013-01-01 12:05 - 2013-01-01 12:04 - 15952832 ____A (Foxit Corporation ) C:\Users\Jose\Desktop\FoxitReader544.1128_enu_Setup(1).exe
    2012-12-31 09:51 - 2012-12-31 09:51 - 00062539 ____A C:\ComboFix.txt
    2012-12-31 09:51 - 2012-12-29 21:02 - 00000000 ____D C:\Qoobox
    2012-12-31 09:36 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
    2012-12-31 08:55 - 2012-12-31 08:55 - 00000000 ____A C:\Users\Jose\Desktop\New Text Document (2).txt
    2012-12-29 21:00 - 2012-12-29 20:59 - 05015826 ____A (Swearware) C:\Users\Jose\Downloads\ComboFix(1).exe
    2012-12-29 20:58 - 2012-12-29 21:00 - 05015826 ____R (Swearware) C:\Users\Jose\Desktop\ComboFix.exe
    2012-12-29 20:58 - 2012-12-29 20:58 - 05015826 ____A (Swearware) C:\Users\Jose\Downloads\ComboFix.exe
    2012-12-29 19:31 - 2012-12-29 19:30 - 00000000 ____D C:\Users\Jose\Desktop\New Folder (2)
    2012-12-29 17:50 - 2012-12-29 17:36 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-12-29 17:50 - 2012-12-29 17:36 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-12-29 17:50 - 2008-10-23 01:21 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
    2012-12-29 17:50 - 2008-10-23 01:21 - 00000000 ____D C:\Users\All Users\Adobe
    2012-12-29 16:58 - 2010-11-17 17:12 - 00000000 ____D C:\Program Files (x86)\ThreatFire
    2012-12-29 15:30 - 2010-11-07 18:34 - 00000000 ____D C:\Windows\pss
    2012-12-29 15:11 - 2009-03-01 17:29 - 00000000 ____D C:\users\Jose
    2012-12-29 15:03 - 2012-12-29 15:03 - 00000000 ____D C:\Users\Jose\{0999de33-b52b-4756-9832-f0780bd5e174}
    2012-12-29 15:01 - 2012-12-29 15:01 - 00000000 ____D C:\Users\Jose\{4ed2df66-902c-44a9-a5ca-073f4f97296f}
    2012-12-29 14:51 - 2012-12-29 14:50 - 00271867 ____A C:\Users\Jose\Desktop\Windows6.0-KB2347290-x86.msu
    2012-12-29 14:49 - 2012-12-29 14:49 - 01131376 ____A C:\Users\Jose\Desktop\Windows6.0-KB975560-x86.msu
    2012-12-29 14:44 - 2012-12-29 14:43 - 00333195 ____A C:\Users\Jose\Downloads\Windows6.1-KB2347290-x86.msu
    2012-12-29 13:20 - 2008-10-22 23:45 - 00000012 ____A C:\Windows\bthservsdp.dat
    2012-12-29 12:02 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
    2012-12-29 11:41 - 2006-11-02 07:21 - 00325464 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-29 11:39 - 2012-05-04 03:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-12-29 11:21 - 2006-11-02 04:46 - 00771898 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-29 11:15 - 2008-10-23 01:11 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-12-29 11:15 - 2008-10-23 01:11 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-12-29 10:16 - 2012-12-29 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-12-29 10:07 - 2009-03-01 17:37 - 00080864 ____A C:\Users\Jose\Local Settings\GDIPFONTCACHEV1.DAT
    2012-12-29 10:07 - 2009-03-01 17:37 - 00080864 ____A C:\Users\Jose\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-12-29 10:07 - 2009-03-01 17:37 - 00080864 ____A C:\Users\Jose\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-12-29 09:43 - 2012-12-29 09:43 - 00000490 ____A C:\JavaRa.log
    2012-12-29 09:43 - 2008-10-23 01:43 - 00000000 ____D C:\Program Files (x86)\Java
    2012-12-29 09:39 - 2012-12-29 09:39 - 00000000 ____D C:\Users\All Users\Sun
    2012-12-29 09:39 - 2012-12-29 09:39 - 00000000 ____D C:\Users\All Users\Application Data\Sun
    2012-12-29 09:37 - 2012-12-29 09:39 - 00859072 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-12-29 09:37 - 2012-12-29 09:39 - 00779704 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-12-29 09:37 - 2012-12-29 09:39 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-12-29 09:37 - 2012-12-29 09:38 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-12-29 09:37 - 2012-12-29 09:38 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-12-29 09:37 - 2012-12-29 09:38 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-12-29 09:34 - 2012-12-29 09:33 - 00896016 ____A (Oracle Corporation) C:\Users\Jose\Downloads\jxpiinstall.exe
    2012-12-29 09:31 - 2012-12-29 09:29 - 15952832 ____A (Foxit Corporation ) C:\Users\Jose\Downloads\FoxitReader544.1128_enu_Setup.exe
    2012-12-29 09:23 - 2008-10-23 01:21 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-12-29 08:43 - 2012-12-29 08:41 - 00856731 ____A C:\Users\Jose\Downloads\SecurityCheck.exe
    2012-12-28 22:18 - 2012-12-28 22:18 - 02322184 ____A (ESET) C:\Users\Jose\Downloads\esetsmartinstaller_enu.exe
    2012-12-28 22:11 - 2012-12-28 22:11 - 00448512 ____A (OldTimer Tools) C:\Users\Jose\Downloads\TFC.exe
    2012-12-28 20:19 - 2009-05-27 04:40 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Adobe
    2012-12-28 20:19 - 2009-05-27 04:40 - 00000000 ____D C:\Users\Jose\Local Settings\Adobe
    2012-12-28 20:19 - 2009-05-27 04:40 - 00000000 ____D C:\Users\Jose\AppData\Local\Adobe
    2012-12-28 20:15 - 2012-12-28 20:15 - 00998752 ____A (Solid State Networks) C:\Users\Jose\Downloads\install_reader10_en_mssd_aih(1).exe
    2012-12-28 18:43 - 2012-12-28 18:43 - 00602112 ____A (OldTimer Tools) C:\Users\Jose\Downloads\OTL(1).exe
    2012-12-28 18:38 - 2012-12-28 18:37 - 00602112 ____A (OldTimer Tools) C:\Users\Jose\Downloads\OTL.exe
    2012-12-28 18:07 - 2012-12-28 18:06 - 00998752 ____A (Solid State Networks) C:\Users\Jose\Downloads\install_reader10_en_mssd_aih.exe
    2012-12-28 17:18 - 2012-12-28 17:18 - 00000104 ____A C:\Users\Jose\Computer - Shortcut.lnk
    2012-12-28 16:57 - 2010-06-13 21:28 - 00000000 ____D C:\Users\Jose\Application Data\vlc
    2012-12-28 16:57 - 2010-06-13 21:28 - 00000000 ____D C:\Users\Jose\AppData\Roaming\vlc
    2012-12-28 16:55 - 2012-12-28 16:53 - 00000000 ____D C:\Users\Jose\Desktop\Souswitch
    2012-12-28 16:55 - 2011-10-27 05:26 - 00000000 ___RD C:\Users\Jose\Desktop\Processor presets
    2012-12-28 16:51 - 2012-04-23 16:27 - 00000000 ____D C:\Users\Jose\Desktop\RYAN
    2012-12-28 16:50 - 2012-06-29 15:18 - 00000000 ____D C:\Users\Jose\Desktop\Alliance music fri
    2012-12-28 16:36 - 2012-12-28 13:14 - 00054024 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
    2012-12-28 16:36 - 2012-12-28 13:14 - 00045832 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
    2012-12-28 16:31 - 2006-11-02 05:33 - 00000000 __RHD C:\users\Default
    2012-12-28 16:11 - 2012-12-28 14:23 - 00000000 ____D C:\Windows\erdnt
    2012-12-28 13:14 - 2012-11-23 05:47 - 00000000 ____D C:\Program Files (x86)\Comodo
    2012-12-27 21:10 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
    2012-12-27 21:10 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
    2012-12-27 21:10 - 2006-11-02 04:33 - 85721088 ____A C:\Windows\System32\config\software_previous
    2012-12-27 21:10 - 2006-11-02 04:33 - 55574528 ____A C:\Windows\System32\config\components_previous
    2012-12-27 21:10 - 2006-11-02 04:33 - 26214400 ____A C:\Windows\System32\config\system_previous
    2012-12-27 21:10 - 2006-11-02 04:33 - 00327680 ____A C:\Windows\System32\config\default_previous
    2012-12-27 21:10 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam_previous
    2012-12-27 21:10 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security_previous
    2012-12-27 17:59 - 2012-12-27 17:59 - 00758784 ____A C:\Users\Jose\Downloads\RogueKiller.exe
    2012-12-27 17:46 - 2012-12-27 17:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AE1200vista64_01005.Wdf
    2012-12-18 19:21 - 2012-12-18 19:21 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-12-16 05:31 - 2012-12-29 10:28 - 00048128 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-16 05:12 - 2012-12-29 10:28 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-16 03:08 - 2012-12-29 10:28 - 00368128 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-16 02:50 - 2012-12-29 10:28 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-14 13:49 - 2013-01-01 17:36 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Windows Live
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Windows Live
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\AppData\Local\Windows Live
    2012-12-09 20:48 - 2012-11-23 05:50 - 00000000 ____D C:\Users\Jose\{945e8b33-257c-47a6-a7b1-1bea1374f118}
    2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com
    2012-12-09 18:29 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2012-12-09 18:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys
    [2012-12-29 10:26] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B


    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-23 05:51:24
    Restore point made on: 2012-12-09 15:07:43
    Restore point made on: 2012-12-27 17:45:49
    Restore point made on: 2012-12-27 18:09:51
    Restore point made on: 2012-12-27 18:17:52
    Restore point made on: 2012-12-27 20:48:54
    Restore point made on: 2012-12-28 16:12:22
    Restore point made on: 2012-12-29 06:49:22
    Restore point made on: 2012-12-29 09:16:24
    Restore point made on: 2012-12-29 09:22:07
    Restore point made on: 2012-12-29 09:36:49
    Restore point made on: 2012-12-29 09:49:41
    Restore point made on: 2012-12-29 10:27:40
    Restore point made on: 2012-12-29 12:15:42
    Restore point made on: 2012-12-29 15:03:21
    Restore point made on: 2012-12-29 15:05:17
    Restore point made on: 2012-12-29 15:11:39
    Restore point made on: 2012-12-29 19:36:22
    Restore point made on: 2012-12-31 10:17:09
    Restore point made on: 2013-01-01 12:45:17

    ==================== Memory info ===========================

    Percentage of memory in use: 32%
    Total physical RAM: 1789.02 MB
    Available physical RAM: 1209.38 MB
    Total Pagefile: 1535.46 MB
    Available Pagefile: 1186.87 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:285.18 GB) (Free:117.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (My 1GB) (Removable) (Total:0.93 GB) (Free:0.73 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 954 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 285 GB 1024 KB
    Partition 2 Primary 13 GB 285 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 C NTFS Partition 285 GB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 953 MB 4096 B

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E My 1GB FAT Removable 953 MB Healthy

    =========================================================

    Last Boot: 2013-01-01 17:37

    ==================== End Of Log =============================
     
  7. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Absolutely nothing there.
    All clean.

    If you're not experiencing any current issues we have no choice but leave it at that.
     
  8. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Yea, looked at the directory and that file doesn't exist. So I guess we're good to go. Thank you very much Broni!! I'm not sure how you guys do what you do, but its much appreciated. Happy new year and thanks again.
     
  9. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Happy New Year and good luck!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.