Hi,
My Mom's laptop is a mess.
Restarting the laptop takes 15 minutes.
Also, whenever she clicks new tab on mozilla firefox, babylonsearch loads although the default site is google. Tried running avg but nothing detected. Changed config of mozillla manually but to no avail.
I suspect that this laptop is highly infected with various malwares/viruses.
I hope someone can help me run a thorough clean up of her system.
since I've done this before just recently to remove virus from my own pc, I ran farbar64 on my mom's laptop and here's the log.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 24-09-2012 20:18:16
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dldtmon.exe] "C:\Program Files (x86)\Dell V305\dldtmon.exe" [672424 2009-07-30] ()
HKLM\...\Run: [dldtamon] "C:\Program Files (x86)\Dell V305\dldtamon.exe" [16040 2009-07-30] ()
HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2010-08-09] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2010-08-09] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s [316072 2010-08-09] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [273544 2011-07-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\HELEN GC ANG\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler [210208 2008-09-26] (Acresso Corporation)
HKU\HELEN GC ANG\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433872 2011-10-21] (Sony Ericsson)
HKU\HELEN GC ANG\...\Run: [Google Update] "C:\Users\HELEN GC ANG\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-06] (Google Inc.)
HKU\HELEN GC ANG\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1020816 2012-06-16] (BitTorrent, Inc.)
HKU\HELEN GC ANG\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\HELEN GC ANG\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
HKU\HELEN GC ANG\...\Run: [download beast] "C:\Program Files (x86)\Download Beast\DownloadBeast.exe" -h [x]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-09] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
Startup: C:\Users\HELEN GC ANG\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] ()
2 dldt_device; C:\Windows\system32\dldtcoms.exe -service [1044648 2009-07-09] ( )
2 dldt_device; C:\Windows\SysWow64\dldtcoms.exe -service [594600 2009-07-09] ( )
2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1052328 2010-05-21] ( )
2 dlea_device; C:\Windows\SysWow64\dleacoms.exe -service [598696 2010-05-21] ( )
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-09-06] (Trusteer Ltd.)
3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 Browser Manager; C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
==================== Drivers (Whitelisted) =====================
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-20] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-06] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-06] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-06] (Trusteer Ltd.)
3 s0017bus; C:\Windows\System32\Drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
3 s0017mdfl; C:\Windows\System32\Drivers\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
3 s0017mdm; C:\Windows\System32\Drivers\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
3 s0017mgmt; C:\Windows\System32\Drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
3 s0017nd5; C:\Windows\System32\Drivers\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
3 s0017obex; C:\Windows\System32\Drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
3 s0017unic; C:\Windows\System32\Drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
3 seehcri; C:\Windows\System32\Drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
2 srservice; [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-09-24 20:13 - 2012-09-24 20:18 - 00000000 ____D C:\FRST
2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 05:55 - 2012-09-24 06:01 - 00000850 ____A C:\Windows\setupact.log
2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-24 02:07 - 2012-09-24 06:01 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Symantec
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\VS Revo Group
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\VS Revo Group
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\VS Revo Group
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Download Beast
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Download Beast
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Download Beast
2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\2YourFace
2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Macromedia
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Macromedia
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Macromedia
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-08-21 00:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files\iTunes
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-14 01:59 - 2012-09-14 01:59 - 00000000 ____D C:\Program Files\iPod
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\Application Data\PlatinumHideIP
==================== 3 Months Modified Files ==================
2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\dleascan.log
2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\Application Data\dleascan.log
2012-09-24 06:02 - 2011-05-06 00:43 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 06:01 - 2012-09-24 05:55 - 00000850 ____A C:\Windows\setupact.log
2012-09-24 06:01 - 2012-09-24 02:07 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
2012-09-24 06:01 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-24 05:59 - 2009-07-14 00:10 - 02013739 ____A C:\Windows\WindowsUpdate.log
2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-24 05:57 - 2009-07-14 00:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
2012-09-24 05:52 - 2011-05-07 13:29 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000UA.job
2012-09-24 05:41 - 2011-03-27 01:06 - 00000000 ____A C:\Users\HELEN GC ANG\Desktop\Password to add other computers.txt
2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\My Documents\Expenses 2010.xlsx
2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\Documents\Expenses 2010.xlsx
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-24 05:14 - 2011-05-06 00:43 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-09-24 01:52 - 2011-05-07 13:29 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000Core.job
2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\All Users\Desktop\DivX Plus Player.lnk
2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-09-18 19:52 - 2010-06-23 14:40 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\dleaJSW.log
2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\Application Data\dleaJSW.log
2012-09-14 10:30 - 2012-08-19 09:31 - 00000413 ____A C:\user.js
2012-09-14 02:11 - 2012-05-09 08:21 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-14 02:11 - 2012-02-19 18:58 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-09-06 22:07 - 2011-02-25 04:51 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-08-24 00:59 - 2012-08-24 09:27 - 03927560 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\CCleaner Professional + Business Edition v3.22.1800.exe
2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\HELEN GC ANG\Desktop\MiPony.lnk
2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\Guest\Desktop\MiPony.lnk
2012-08-22 08:01 - 2012-08-22 08:00 - 03974437 ____A C:\Users\HELEN GC ANG\Downloads\Mipony-Installer.exe
2012-08-21 00:01 - 2012-09-14 02:00 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 00:01 - 2010-06-20 09:47 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 00:01 - 2010-06-20 09:47 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-01 07:00 - 2012-08-01 06:59 - 03907920 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\ccsetup321.exe
2012-07-29 10:44 - 2012-07-29 10:43 - 03879800 ____A (AVG Technologies) C:\Users\HELEN GC ANG\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-07-29 10:18 - 2012-07-29 10:17 - 22617148 ____A C:\Users\HELEN GC ANG\Downloads\vlc-2.0.3-win32.exe
2012-07-29 00:00 - 2012-07-28 23:54 - 00635392 ____A C:\Users\HELEN GC ANG\Downloads\BestCodecsPack.exe
2012-07-27 06:08 - 2012-07-24 16:47 - 02027315 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\All Users\Desktop\Safari.lnk
2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-07-25 14:21 - 2012-07-25 14:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\WebpageIcons.db
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\WebpageIcons.db
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\AppData\Local\WebpageIcons.db
2012-07-18 13:15 - 2012-08-20 16:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 16:43 - 2012-07-17 16:43 - 02682336 ____A (Speedchecker Limited ) C:\Users\HELEN GC ANG\Downloads\pcsu_80bc0023f43348be92cb0cb1654b3c66_.exe
2012-07-16 19:20 - 2012-07-16 19:20 - 01665985 ____A C:\Users\HELEN GC ANG\Desktop\Unlocker1.9.1.exe
2012-07-16 19:17 - 2012-07-16 19:17 - 00352936 ____A (Softonic) C:\Users\HELEN GC ANG\Downloads\SoftonicDownloader_for_unlocker.exe
2012-07-11 04:27 - 2012-07-11 04:27 - 00543024 ____A (Microsoft Corporation) C:\Users\HELEN GC ANG\Downloads\IE9-Windows7-x64-enu.exe
2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\dlea.log
2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\Application Data\dlea.log
2012-07-04 17:16 - 2012-08-20 16:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-20 16:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-20 16:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-20 16:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-20 16:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 23:55 - 2012-08-20 16:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 23:09 - 2012-08-20 16:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 22:56 - 2012-08-20 16:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 22:49 - 2012-08-20 16:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 22:49 - 2012-08-20 16:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 22:48 - 2012-08-20 16:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 22:47 - 2012-08-20 16:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 22:45 - 2012-08-20 16:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 22:44 - 2012-08-20 16:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 22:43 - 2012-08-20 16:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 22:42 - 2012-08-20 16:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 22:40 - 2012-08-20 16:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 22:39 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 22:35 - 2012-08-20 16:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 19:52 - 2012-08-20 16:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 19:27 - 2012-08-20 16:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 19:16 - 2012-08-20 16:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 19:09 - 2012-08-20 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 19:09 - 2012-08-20 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 19:08 - 2012-08-20 16:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 19:07 - 2012-08-20 16:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 19:06 - 2012-08-20 16:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 19:04 - 2012-08-20 16:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 19:04 - 2012-08-20 16:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 19:01 - 2012-08-20 16:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 19:01 - 2012-08-20 16:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 19:00 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 18:57 - 2012-08-20 16:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-15 11:33:22
Restore point made on: 2012-09-18 19:52:22
Restore point made on: 2012-09-18 20:50:27
Restore point made on: 2012-09-18 20:52:57
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 3032.36 MB
Available physical RAM: 2499.71 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2503.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:174.06 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (RAVI 16GB) (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 15 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 6024 KB
==================================================================================
Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RAVI 16GB FAT32 Removable 15 GB Healthy
=========================================================
Last Boot: 2012-09-14 02:35
==================== End Of Log =============================
My Mom's laptop is a mess.
Restarting the laptop takes 15 minutes.
Also, whenever she clicks new tab on mozilla firefox, babylonsearch loads although the default site is google. Tried running avg but nothing detected. Changed config of mozillla manually but to no avail.
I suspect that this laptop is highly infected with various malwares/viruses.
I hope someone can help me run a thorough clean up of her system.
since I've done this before just recently to remove virus from my own pc, I ran farbar64 on my mom's laptop and here's the log.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 24-09-2012 20:18:16
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dldtmon.exe] "C:\Program Files (x86)\Dell V305\dldtmon.exe" [672424 2009-07-30] ()
HKLM\...\Run: [dldtamon] "C:\Program Files (x86)\Dell V305\dldtamon.exe" [16040 2009-07-30] ()
HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2010-08-09] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2010-08-09] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s [316072 2010-08-09] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [273544 2011-07-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\HELEN GC ANG\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler [210208 2008-09-26] (Acresso Corporation)
HKU\HELEN GC ANG\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433872 2011-10-21] (Sony Ericsson)
HKU\HELEN GC ANG\...\Run: [Google Update] "C:\Users\HELEN GC ANG\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-06] (Google Inc.)
HKU\HELEN GC ANG\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1020816 2012-06-16] (BitTorrent, Inc.)
HKU\HELEN GC ANG\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\HELEN GC ANG\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
HKU\HELEN GC ANG\...\Run: [download beast] "C:\Program Files (x86)\Download Beast\DownloadBeast.exe" -h [x]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-09] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
Startup: C:\Users\HELEN GC ANG\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] ()
2 dldt_device; C:\Windows\system32\dldtcoms.exe -service [1044648 2009-07-09] ( )
2 dldt_device; C:\Windows\SysWow64\dldtcoms.exe -service [594600 2009-07-09] ( )
2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1052328 2010-05-21] ( )
2 dlea_device; C:\Windows\SysWow64\dleacoms.exe -service [598696 2010-05-21] ( )
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-09-06] (Trusteer Ltd.)
3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 Browser Manager; C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
==================== Drivers (Whitelisted) =====================
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-20] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-06] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-06] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-06] (Trusteer Ltd.)
3 s0017bus; C:\Windows\System32\Drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
3 s0017mdfl; C:\Windows\System32\Drivers\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
3 s0017mdm; C:\Windows\System32\Drivers\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
3 s0017mgmt; C:\Windows\System32\Drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
3 s0017nd5; C:\Windows\System32\Drivers\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
3 s0017obex; C:\Windows\System32\Drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
3 s0017unic; C:\Windows\System32\Drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
3 seehcri; C:\Windows\System32\Drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
2 srservice; [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-09-24 20:13 - 2012-09-24 20:18 - 00000000 ____D C:\FRST
2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 05:55 - 2012-09-24 06:01 - 00000850 ____A C:\Windows\setupact.log
2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-24 02:07 - 2012-09-24 06:01 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Symantec
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\VS Revo Group
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\VS Revo Group
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\VS Revo Group
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Download Beast
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Download Beast
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Download Beast
2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\2YourFace
2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Macromedia
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Macromedia
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Macromedia
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-08-21 00:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files\iTunes
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-14 01:59 - 2012-09-14 01:59 - 00000000 ____D C:\Program Files\iPod
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\Application Data\PlatinumHideIP
==================== 3 Months Modified Files ==================
2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\dleascan.log
2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\Application Data\dleascan.log
2012-09-24 06:02 - 2011-05-06 00:43 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 06:01 - 2012-09-24 05:55 - 00000850 ____A C:\Windows\setupact.log
2012-09-24 06:01 - 2012-09-24 02:07 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
2012-09-24 06:01 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-24 05:59 - 2009-07-14 00:10 - 02013739 ____A C:\Windows\WindowsUpdate.log
2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-24 05:57 - 2009-07-14 00:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
2012-09-24 05:52 - 2011-05-07 13:29 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000UA.job
2012-09-24 05:41 - 2011-03-27 01:06 - 00000000 ____A C:\Users\HELEN GC ANG\Desktop\Password to add other computers.txt
2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\My Documents\Expenses 2010.xlsx
2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\Documents\Expenses 2010.xlsx
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-24 05:14 - 2011-05-06 00:43 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-09-24 01:52 - 2011-05-07 13:29 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000Core.job
2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\All Users\Desktop\DivX Plus Player.lnk
2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-09-18 19:52 - 2010-06-23 14:40 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\dleaJSW.log
2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\Application Data\dleaJSW.log
2012-09-14 10:30 - 2012-08-19 09:31 - 00000413 ____A C:\user.js
2012-09-14 02:11 - 2012-05-09 08:21 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-14 02:11 - 2012-02-19 18:58 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-09-06 22:07 - 2011-02-25 04:51 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-08-24 00:59 - 2012-08-24 09:27 - 03927560 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\CCleaner Professional + Business Edition v3.22.1800.exe
2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\HELEN GC ANG\Desktop\MiPony.lnk
2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\Guest\Desktop\MiPony.lnk
2012-08-22 08:01 - 2012-08-22 08:00 - 03974437 ____A C:\Users\HELEN GC ANG\Downloads\Mipony-Installer.exe
2012-08-21 00:01 - 2012-09-14 02:00 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 00:01 - 2010-06-20 09:47 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 00:01 - 2010-06-20 09:47 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-01 07:00 - 2012-08-01 06:59 - 03907920 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\ccsetup321.exe
2012-07-29 10:44 - 2012-07-29 10:43 - 03879800 ____A (AVG Technologies) C:\Users\HELEN GC ANG\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-07-29 10:18 - 2012-07-29 10:17 - 22617148 ____A C:\Users\HELEN GC ANG\Downloads\vlc-2.0.3-win32.exe
2012-07-29 00:00 - 2012-07-28 23:54 - 00635392 ____A C:\Users\HELEN GC ANG\Downloads\BestCodecsPack.exe
2012-07-27 06:08 - 2012-07-24 16:47 - 02027315 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\All Users\Desktop\Safari.lnk
2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-07-25 14:21 - 2012-07-25 14:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\WebpageIcons.db
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\WebpageIcons.db
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\AppData\Local\WebpageIcons.db
2012-07-18 13:15 - 2012-08-20 16:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 16:43 - 2012-07-17 16:43 - 02682336 ____A (Speedchecker Limited ) C:\Users\HELEN GC ANG\Downloads\pcsu_80bc0023f43348be92cb0cb1654b3c66_.exe
2012-07-16 19:20 - 2012-07-16 19:20 - 01665985 ____A C:\Users\HELEN GC ANG\Desktop\Unlocker1.9.1.exe
2012-07-16 19:17 - 2012-07-16 19:17 - 00352936 ____A (Softonic) C:\Users\HELEN GC ANG\Downloads\SoftonicDownloader_for_unlocker.exe
2012-07-11 04:27 - 2012-07-11 04:27 - 00543024 ____A (Microsoft Corporation) C:\Users\HELEN GC ANG\Downloads\IE9-Windows7-x64-enu.exe
2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\dlea.log
2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\Application Data\dlea.log
2012-07-04 17:16 - 2012-08-20 16:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-20 16:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-20 16:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-20 16:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-20 16:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 23:55 - 2012-08-20 16:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 23:09 - 2012-08-20 16:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 22:56 - 2012-08-20 16:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 22:49 - 2012-08-20 16:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 22:49 - 2012-08-20 16:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 22:48 - 2012-08-20 16:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 22:47 - 2012-08-20 16:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 22:45 - 2012-08-20 16:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 22:44 - 2012-08-20 16:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 22:43 - 2012-08-20 16:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 22:42 - 2012-08-20 16:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 22:40 - 2012-08-20 16:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 22:39 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 22:35 - 2012-08-20 16:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 19:52 - 2012-08-20 16:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 19:27 - 2012-08-20 16:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 19:16 - 2012-08-20 16:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 19:09 - 2012-08-20 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 19:09 - 2012-08-20 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 19:08 - 2012-08-20 16:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 19:07 - 2012-08-20 16:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 19:06 - 2012-08-20 16:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 19:04 - 2012-08-20 16:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 19:04 - 2012-08-20 16:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 19:01 - 2012-08-20 16:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 19:01 - 2012-08-20 16:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 19:00 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 18:57 - 2012-08-20 16:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-15 11:33:22
Restore point made on: 2012-09-18 19:52:22
Restore point made on: 2012-09-18 20:50:27
Restore point made on: 2012-09-18 20:52:57
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 3032.36 MB
Available physical RAM: 2499.71 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2503.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:174.06 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (RAVI 16GB) (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 15 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 6024 KB
==================================================================================
Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RAVI 16GB FAT32 Removable 15 GB Healthy
=========================================================
Last Boot: 2012-09-14 02:35
==================== End Of Log =============================