Scan result of Farbar Recovery Scan Tool Version: 11-02-2012 Ran by SYSTEM at 2012-02-13 19:05:03 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3179088 2009-08-07] (Dell Inc.) HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.) HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] () HKLM-x32\...\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision ) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [38768 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2009-02-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [FAStartup] [x] HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.0.2 Lsa: [Notification Packages] scecli FAPassSync ==================== Services (Whitelisted) ====== 2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-05] (Creative Technology Ltd) 3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-06-07] (Macrovision Europe Ltd.) 3 McODS; C:\Program Files\McAfee\VIRUSS~1\mcods.exe [696848 2009-06-16] (McAfee, Inc.) 3 McShield; "C:\Program Files\McAfee\VIRUSS~1\mcshield.exe" [155456 2009-06-18] (McAfee, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.) 2 FAService; "c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe" [x] 2 mcmscsvc; %ProgramFiles(x86)%\McAfee\MSC\mcmscsvc.exe [x] 4 McNASvc; %CommonProgramFiles(x86)%\mcafee\mna\mcnasvc.exe [x] 4 McProxy; %CommonProgramFiles(x86)%\mcafee\mcproxy\mcproxy.exe [x] 3 McSysmon; "%ProgramFiles(x86)%\McAfee\VIRUSS~1\mcsysmon.exe" [x] 4 MpfService; %ProgramFiles(x86)%\McAfee\MPF\MPFSrv.exe [x] 3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [x] 2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] 3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [x] ========================== Drivers (Whitelisted) ============= 3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6233088 2010-01-21] (ATI Technologies Inc.) 3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [60416 2009-03-09] (ITE Tech. Inc. ) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.) 1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.) 1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.) 2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () 1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-02-13 19:04 - 2012-02-13 19:05 - 0000000 ____D C:\FRST 2012-02-11 17:47 - 2012-02-11 17:47 - 0000000 ____D C:\Emergency 2012-02-11 17:28 - 2012-02-11 17:47 - 0000000 ____D C:\Windows\SMINST ============ 3 Months Modified Files and Folders ============= 2012-02-11 17:47 - 2012-02-11 17:47 - 0000000 ____D C:\Emergency 2012-02-11 17:47 - 2012-02-11 17:28 - 0000000 ____D C:\Windows\SMINST ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 6132.5 MB Available physical RAM: 5470.5 MB Total Pagefile: 6130.65 MB Available Pagefile: 5450.56 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:381.4 GB) NTFS 2 Drive d: (KAPGRE) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS 3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.84 GB) NTFS ==>[System with boot components (obtained from reading drive)] 4 Drive f: () (Removable) (Total:14.9 GB) (Free:14.85 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 39 MB Partition 3 Primary 451 GB 14 GB Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 451 GB Healthy Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 16 KB Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 14 GB Healthy ========================================================== TDL4: custom:26000022 ========================================================== Last Boot: 2010-06-07 11:53 ======================= End Of Log ==========================