TIM
----------------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by SYSTEM on 03-08-2013 21:41:35
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Strohmeyer\...\Run: [GHWAUC6NNZ] - C:\Users\Strohmeyer\AppData\Local\Temp\Zth.exe [x] <===== ATTENTION
HKU\Strohmeyer\...\Run: [PhotoshopElements8SyncAgent] - C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe [1945536 2010-09-06] (Adobe Systems Incorporated)
HKU\Strohmeyer\...\Winlogon: [Shell] explorer.exe,C:\Users\Strohmeyer\AppData\Roaming\skype.dat [151040 2011-11-17] (SelenDev Solutions) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Strohmeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) =================
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-16] ()
==================== Drivers (Whitelisted) ====================
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [74112 2013-01-07] (Identive)
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]
S1 fqdannad; \??\C:\Windows\system32\drivers\fqdannad.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-03 20:44 - 2013-08-03 20:44 - 00000000 ____D C:\Emergency
2
==================== One Month Modified Files and Folders =======
2013-08-03 20:44 - 2013-08-03 20:44 - 00000000 ____D C:\Emergency
2013-08-03 20:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-03 20:41 - 2009-07-13 23:51 - 00103830 _____ C:\Windows\setupact.log
2013-08-03 20:40 - 2009-07-14 00:10 - 01820388 _____ C:\Windows\WindowsUpdate.log
2013-08-03 20:22 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-03 20:22 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 20:21 - 2011-04-27 03:07 - 00000306 ____H C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2013-08-03 20:20 - 2012-08-11 09:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-03 20:19 - 2009-07-14 00:13 - 00733310 _____ C:\Windows\System32\PerfStringBackup.INI
ZeroAccess:
C:\Windows\Installer\{f2d739e6-3664-de0f-ecc0-4d16905b0471}
C:\Windows\Installer\{f2d739e6-3664-de0f-ecc0-4d16905b0471}\@
C:\Windows\Installer\{f2d739e6-3664-de0f-ecc0-4d16905b0471}\n
ZeroAccess:
C:\Users\Strohmeyer\AppData\Local\{f2d739e6-3664-de0f-ecc0-4d16905b0471}
C:\Users\Strohmeyer\AppData\Local\{f2d739e6-3664-de0f-ecc0-4d16905b0471}\@
C:\Users\Strohmeyer\AppData\Local\{f2d739e6-3664-de0f-ecc0-4d16905b0471}\U\00000001.@
C:\Users\Strohmeyer\AppData\Local\{f2d739e6-3664-de0f-ecc0-4d16905b0471}\U\80000000.@
C:\Users\Strohmeyer\AppData\Local\{f2d739e6-3664-de0f-ecc0-4d16905b0471}\U\800000cb.@
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Strohmeyer\firefox.exe
C:\Users\Strohmeyer\iexplore.exe
C:\Users\Strohmeyer\jucheck.exe
C:\Users\Strohmeyer\mstsc.exe
C:\Users\Strohmeyer\opera.exe
C:\Users\Strohmeyer\AppData\Roaming\skype.dat
C:\Users\Strohmeyer\AppData\Roaming\skype.ini
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3032.36 MB
Available physical RAM: 2478.54 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2470.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:117.64 GB) NTFS (Disk=0 Partition=3)
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.69 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive g: (UDISK) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 7144970A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)
LastRegBack: 2013-08-03 20:36
==================== End Of Log ============================