Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ukash Hijacking
Message
<blockquote data-quote="ten9six" data-source="post: 117856" data-attributes="member: 7737"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2013 03</p><p>Ran by SYSTEM on 24-04-2013 13:24:53</p><p>Running from G:\Paul</p><p>Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet002</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]</p><p>HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]</p><p>HKLM\...\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe" [x]</p><p>HKLM\...\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe" [x]</p><p>HKLM\...\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [x]</p><p>HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]</p><p>HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [x]</p><p>BootExecute: autocheck autochk * lsdelete</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2008-03-31] (AuthenTec Inc.)</p><p>S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-03-19] (Skype Technologies S.A.)</p><p>S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]</p><p>S2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [x]</p><p>S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [x]</p><p>S2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [x]</p><p>S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]</p><p>S2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [x]</p><p>S3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [x]</p><p>S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]</p><p>S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]</p><p>S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]</p><p>S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x]</p><p>S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [x]</p><p>S3 msiserver; %systemroot%\system32\msiexec /V [x]</p><p>S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [x]</p><p>S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]</p><p>S2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [x]</p><p>S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]</p><p>S3 ServiceLayer; "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [x]</p><p>S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x]</p><p>S3 SmartFaceVWatchSrv; "C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe" [x]</p><p>S2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]</p><p>S2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [x]</p><p>S2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [x]</p><p>S2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x]</p><p>S2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [x]</p><p>S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [x]</p><p>S2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]</p><p>S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]</p><p>S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x]</p><p>S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]</p><p>S3 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-02-29] (Alfa Corporation)</p><p>S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-25] (AuthenTec, Inc.)</p><p>S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-21] (AVG Technologies CZ, s.r.o. )</p><p>S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-14] (AVG Technologies CZ, s.r.o. )</p><p>S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-20] (AVG Technologies CZ, s.r.o. )</p><p>S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-01] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-20] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-15] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-13] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-20] (AVG Technologies CZ, s.r.o.)</p><p>S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-19] (AVG Technologies)</p><p>S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-10] ()</p><p>S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-06-19] (Lavasoft AB)</p><p>S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-07-13] (Printing Communications Assoc., Inc. (PCAUSA))</p><p>S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)</p><p>S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2010-05-22] ()</p><p>S3 SWNC8U55; C:\Windows\System32\DRIVERS\swnc8u55.sys [164480 2007-11-19] (Sierra Wireless Inc.)</p><p>S3 SWUMX55; C:\Windows\System32\DRIVERS\swumx55.sys [140672 2007-11-19] (Sierra Wireless Inc.)</p><p>S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)</p><p>S3 IpInIp; system32\DRIVERS\ipinip.sys [x]</p><p>S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]</p><p>S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]</p><p>S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]</p><p>S2 OpenLibSys; \??\C:\Program Files\NXP\FM Radio\OpenLibSys.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-04-24 13:24 - 2013-04-24 13:24 - 00000000 ____D C:\FRST</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-04-24 13:24 - 2013-04-24 13:24 - 00000000 ____D C:\FRST</p><p>2013-04-24 13:14 - 2008-10-04 15:02 - 00000000 ____D C:\users\Michelle</p><p>2013-04-23 18:29 - 2008-10-04 13:17 - 01885255 ____A C:\Windows\WindowsUpdate.log</p><p>2013-04-23 18:29 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2013-04-23 18:29 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-04-23 18:28 - 2012-08-11 22:09 - 00003415 ____A C:\Windows\setupact.log</p><p>2013-04-23 18:28 - 2010-02-25 03:05 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-04-23 18:26 - 2011-11-06 16:36 - 00091640 ____A C:\aaw7boot.log</p><p>2013-04-23 18:26 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-04-23 18:26 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-04-23 16:15 - 2006-11-02 02:33 - 00755350 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-04-23 15:32 - 2011-07-18 17:17 - 00000064 ____A C:\Windows\System32\rp_stats.dat</p><p>2013-04-23 15:32 - 2011-07-18 17:17 - 00000044 ____A C:\Windows\System32\rp_rules.dat</p><p>2013-04-23 15:09 - 2010-02-25 03:05 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-04-22 21:50 - 2006-11-02 04:47 - 00061440 ____A C:\Windows\System32\umstartup.etl</p><p>2013-04-18 22:48 - 2012-06-29 19:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-21-3787745059-794909223-3978064198-1000\$d9e77c65513ee53e2d014397449dd4bc</p><p></p><p>==================== Known DLLs (ALL) =========================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-03-19 07:38:45</p><p>Restore point made on: 2013-03-20 02:57:13</p><p>Restore point made on: 2013-03-26 03:55:22</p><p>Restore point made on: 2013-03-30 21:12:08</p><p>Restore point made on: 2013-03-31 07:29:52</p><p>Restore point made on: 2013-03-31 18:44:40</p><p>Restore point made on: 2013-04-03 02:31:24</p><p>Restore point made on: 2013-04-09 00:09:07</p><p>Restore point made on: 2013-04-12 00:29:46</p><p>Restore point made on: 2013-04-15 05:34:16</p><p>Restore point made on: 2013-04-15 18:02:00</p><p>Restore point made on: 2013-04-16 16:25:40</p><p>Restore point made on: 2013-04-16 17:50:39</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 12%</p><p>Total physical RAM: 4093.07 MB</p><p>Available physical RAM: 3592.03 MB</p><p>Total Pagefile: 3949.34 MB</p><p>Available Pagefile: 3748.01 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1966.31 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (S3A6597D005) (Fixed) (Total:176.6 GB) (Free:123.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]</p><p>Drive d: () (Fixed) (Total:186.31 GB) (Free:154.73 GB) NTFS</p><p>Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS</p><p>Drive g: () (Removable) (Total:1.95 GB) (Free:1.14 GB) FAT</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 0 Online 186 GB 6144 KB </p><p> Disk 1 Online 186 GB 0 B </p><p> Disk 2 Online 2001 MB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 OEM 1500 MB 1024 KB</p><p> Partition 2 Primary 177 GB 1501 MB</p><p> Partition 3 Primary 8 GB 178 GB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : 27</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 4 F TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 C S3A6597D005 NTFS Partition 177 GB Healthy </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 3</p><p>Type : 17</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p>There is no volume associated with this partition.</p><p></p><p>=========================================================</p><p></p><p>Partitions of Disk 1:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Primary 186 GB 1024 KB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 1</p><p>Partition 1</p><p>Type : 07</p><p>Hidden: No</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 D NTFS Partition 186 GB Healthy </p><p></p><p>=========================================================</p><p></p><p>Partitions of Disk 2:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p>* Partition 1 Primary 2001 MB 0 B</p><p></p><p>==================================================================================</p><p></p><p>Disk: 2</p><p>There is no partition selected.</p><p></p><p>There is no partition selected.</p><p>Please select a partition and try again.</p><p></p><p>=========================================================</p><p>============================== MBR & Partition Table ==================</p><p></p><p>====================================================================</p><p>Disk: 0 (MBR Code: Windows Vista) (Size: 186 GB) (Disk ID: 0101C97E)</p><p>Partition 1: (Not Active) - (Size=1 GB) - (Type=27)</p><p>Partition 2: (Active) - (Size=177 GB) - (Type=07) (NTFS)</p><p>Partition 3: (Not Active) - (Size=8 GB) - (Type=17)</p><p></p><p>====================================================================</p><p>Disk: 1 (MBR Code: Windows Vista) (Size: 186 GB) (Disk ID: 57ABCDAD)</p><p>Partition 1: (Not Active) - (Size=186 GB) - (Type=07) (NTFS)</p><p></p><p>====================================================================</p><p>Disk: 2 (Size: 2 GB) (Disk ID: 73696420)</p><p>Partition 1: (Not Active) - (Size=260 GB) - (Type=20)</p><p>Partition 2: (Not Active) - (Size=257 GB) - (Type=6B)</p><p>Partition 3: (Not Active) - (Size=667 GB) - (Type=53)</p><p>Partition 4: (Active) - (Size=10 MB) - (Type=49)</p><p></p><p></p><p>Last Boot: 2013-04-23 16:16</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="ten9six, post: 117856, member: 7737"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2013 03 Ran by SYSTEM on 24-04-2013 13:24:53 Running from G:\Paul Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x] HKLM\...\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe" [x] HKLM\...\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe" [x] HKLM\...\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [x] HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x] HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [x] BootExecute: autocheck autochk * lsdelete ========================== Services (Whitelisted) ================= S2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2008-03-31] (AuthenTec Inc.) S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-03-19] (Skype Technologies S.A.) S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [x] S2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [x] S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [x] S2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [x] S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x] S2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [x] S3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [x] S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x] S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x] S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x] S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [x] S3 msiserver; %systemroot%\system32\msiexec /V [x] S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [x] S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x] S2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [x] S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x] S3 ServiceLayer; "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [x] S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x] S3 SmartFaceVWatchSrv; "C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe" [x] S2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x] S2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [x] S2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [x] S2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x] S2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [x] S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [x] S2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x] S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x] S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x] S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x] S3 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [x] ==================== Drivers (Whitelisted) ==================== S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-02-29] (Alfa Corporation) S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-25] (AuthenTec, Inc.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-21] (AVG Technologies CZ, s.r.o. ) S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-14] (AVG Technologies CZ, s.r.o. ) S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-20] (AVG Technologies CZ, s.r.o. ) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-01] (AVG Technologies CZ, s.r.o.) S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-20] (AVG Technologies CZ, s.r.o.) S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-15] (AVG Technologies CZ, s.r.o.) S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-13] (AVG Technologies CZ, s.r.o.) S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-20] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-19] (AVG Technologies) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-10] () S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-06-19] (Lavasoft AB) S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-07-13] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.) S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2010-05-22] () S3 SWNC8U55; C:\Windows\System32\DRIVERS\swnc8u55.sys [164480 2007-11-19] (Sierra Wireless Inc.) S3 SWUMX55; C:\Windows\System32\DRIVERS\swumx55.sys [140672 2007-11-19] (Sierra Wireless Inc.) S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 OpenLibSys; \??\C:\Program Files\NXP\FM Radio\OpenLibSys.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-24 13:24 - 2013-04-24 13:24 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======== 2013-04-24 13:24 - 2013-04-24 13:24 - 00000000 ____D C:\FRST 2013-04-24 13:14 - 2008-10-04 15:02 - 00000000 ____D C:\users\Michelle 2013-04-23 18:29 - 2008-10-04 13:17 - 01885255 ____A C:\Windows\WindowsUpdate.log 2013-04-23 18:29 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-04-23 18:29 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-23 18:28 - 2012-08-11 22:09 - 00003415 ____A C:\Windows\setupact.log 2013-04-23 18:28 - 2010-02-25 03:05 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-23 18:26 - 2011-11-06 16:36 - 00091640 ____A C:\aaw7boot.log 2013-04-23 18:26 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-23 18:26 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-23 16:15 - 2006-11-02 02:33 - 00755350 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-23 15:32 - 2011-07-18 17:17 - 00000064 ____A C:\Windows\System32\rp_stats.dat 2013-04-23 15:32 - 2011-07-18 17:17 - 00000044 ____A C:\Windows\System32\rp_rules.dat 2013-04-23 15:09 - 2010-02-25 03:05 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-22 21:50 - 2006-11-02 04:47 - 00061440 ____A C:\Windows\System32\umstartup.etl 2013-04-18 22:48 - 2012-06-29 19:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3787745059-794909223-3978064198-1000\$d9e77c65513ee53e2d014397449dd4bc ==================== Known DLLs (ALL) ========================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-19 07:38:45 Restore point made on: 2013-03-20 02:57:13 Restore point made on: 2013-03-26 03:55:22 Restore point made on: 2013-03-30 21:12:08 Restore point made on: 2013-03-31 07:29:52 Restore point made on: 2013-03-31 18:44:40 Restore point made on: 2013-04-03 02:31:24 Restore point made on: 2013-04-09 00:09:07 Restore point made on: 2013-04-12 00:29:46 Restore point made on: 2013-04-15 05:34:16 Restore point made on: 2013-04-15 18:02:00 Restore point made on: 2013-04-16 16:25:40 Restore point made on: 2013-04-16 17:50:39 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 4093.07 MB Available physical RAM: 3592.03 MB Total Pagefile: 3949.34 MB Available Pagefile: 3748.01 MB Total Virtual: 2047.88 MB Available Virtual: 1966.31 MB ==================== Drives ================================ Drive c: (S3A6597D005) (Fixed) (Total:176.6 GB) (Free:123.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:186.31 GB) (Free:154.73 GB) NTFS Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS Drive g: () (Removable) (Total:1.95 GB) (Free:1.14 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 186 GB 6144 KB Disk 1 Online 186 GB 0 B Disk 2 Online 2001 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 1500 MB 1024 KB Partition 2 Primary 177 GB 1501 MB Partition 3 Primary 8 GB 178 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C S3A6597D005 NTFS Partition 177 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 186 GB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D NTFS Partition 186 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 2001 MB 0 B ================================================================================== Disk: 2 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 186 GB) (Disk ID: 0101C97E) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=177 GB) - (Type=07) (NTFS) Partition 3: (Not Active) - (Size=8 GB) - (Type=17) ==================================================================== Disk: 1 (MBR Code: Windows Vista) (Size: 186 GB) (Disk ID: 57ABCDAD) Partition 1: (Not Active) - (Size=186 GB) - (Type=07) (NTFS) ==================================================================== Disk: 2 (Size: 2 GB) (Disk ID: 73696420) Partition 1: (Not Active) - (Size=260 GB) - (Type=20) Partition 2: (Not Active) - (Size=257 GB) - (Type=6B) Partition 3: (Not Active) - (Size=667 GB) - (Type=53) Partition 4: (Active) - (Size=10 MB) - (Type=49) Last Boot: 2013-04-23 16:16 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
