I can't access anything on the infected computer. I am accessing these forums from a different computer. When the infected computer boots up normally, a full screen ad from moneypac appears and will not let me leave. I cannot access keyboard shortcuts or options for my computer. I can only turn my computer off manually from here. When I boot up in safe mode, the computer automatically reboots immediately after displaying the desktop. I obtained the scans that I have by following the instructions of DragonMaster Jay in this thread:
http://www.computerhope.com/forum/index.php?topic=134248.0 which I will paste below for your convienence. The scans I got are also copy and pasted below that. Thank you for your help with this issue.
Instructions that I followedOTLPE + Farbar Recovery Scan Tool
Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
Insert the flash drive with FRST on it
Locate the flash drive and run FSRT
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
FRST.txtScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2013 02
Ran by SYSTEM at 23-01-2013 10:02:12
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-07-15] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [DictionaryBoss Search Scope Monitor] "C:\PROGRA~1\DICTIO~2\bar\1.bin\v4srchmn.exe" /m=2 /w /h [42536 2012-08-09] (MindSpark)
HKLM\...\Run: [DictionaryBoss Browser Plugin Loader] C:\PROGRA~1\DICTIO~2\bar\1.bin\v4brmon.exe [30096 2012-08-09] (VER_COMPANY_NAME)
HKLM\...\Run: [AntiMalware] "C:\Documents and Settings\All Users\Application Data\AntiMalware.exe" [33272 2013-01-22] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
HKU\Admin.MEDFLOW\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\roomB2\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\roomB2\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\roomB2\Application Data\skype.dat [45568 2010-12-09] ()
HKU\roomb4\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\roomb4\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3882312 2008-12-02] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.252 206.13.28.12
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
==================== Services (Whitelisted) ===================
2 DictionaryBossService; C:\PROGRA~1\DICTIO~2\bar\1.bin\v4barsvc.exe [42504 2012-08-09] (COMPANYVERS_NAME)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
4 NetTcpPortSharing; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
==================== Drivers (Whitelisted) ====================
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
3 k57w2k; C:\Windows\System32\DRIVERS\k57xp32.sys [176640 2008-07-15] (Broadcom Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
0 SFAUDIO; C:\Windows\System32\drivers\sfaudio.sys [24064 2008-07-15] (Sonic Focus, Inc)
4 Abiosdsk;
4 Atdisk;
1 Changer;
1 lbrtfdc;
1 PCIDump;
3 PDCOMP;
3 PDFRAME;
3 PDRELI;
3 PDRFRAME;
4 Simbad;
3 WDICA;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-01-22 19:26 - 2013-01-22 19:26 - 00090112 ____A C:\Windows\Minidump\Mini012213-02.dmp
2013-01-22 19:22 - 2013-01-22 19:22 - 00090112 ____A C:\Windows\Minidump\Mini012213-01.dmp
2013-01-22 19:22 - 2013-01-22 19:22 - 00000000 ____D C:\Windows\Minidump
2013-01-22 19:14 - 2013-01-23 12:53 - 00000004 ____A C:\Documents and Settings\roomB2\Application Data\skype.ini
2013-01-22 15:01 - 2013-01-22 15:01 - 00033272 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\AntiMalware.exe
2013-01-16 10:40 - 2013-01-16 10:41 - 00009507 ____A C:\Windows\KB2799329-IE8.log
2013-01-10 10:57 - 2013-01-10 10:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-01-10 10:56 - 2013-01-10 10:57 - 00008039 ____A C:\Windows\KB2757638.log
2013-01-02 14:31 - 2013-01-02 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CyberLink
==================== One Month Modified Files and Folders ========
2013-01-23 12:32 - 2009-10-10 14:50 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2013-01-23 12:25 - 2008-04-25 16:28 - 01500459 ____A C:\Windows\WindowsUpdate.log
2013-01-23 10:46 - 2012-04-26 10:05 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-01-23 10:37 - 2009-12-16 15:12 - 00000062 __ASH C:\Documents and Settings\roomB2\Local Settings\desktop.ini
2013-01-23 10:37 - 2008-04-25 11:16 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-01-23 10:36 - 2008-04-25 16:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-01-23 10:36 - 2008-04-25 16:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-01-23 10:36 - 2008-04-25 16:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-23 10:36 - 2008-04-25 04:25 - 00000159 ____A C:\Windows\wiadebug.log
2013-01-23 10:36 - 2008-04-25 04:25 - 00000049 ____A C:\Windows\wiaservc.log
2013-01-23 10:36 - 2008-04-25 04:17 - 00000000 ____D C:\Windows\security
2013-01-23 10:01 - 2013-01-23 10:01 - 00000000 ____D C:\FRST
2013-01-22 19:32 - 2008-04-25 16:32 - 00032634 ____A C:\Windows\SchedLgU.Txt
2013-01-22 19:28 - 2009-12-16 15:12 - 00000178 ___SH C:\Documents and Settings\roomB2\ntuser.ini
2013-01-22 19:26 - 2013-01-22 19:26 - 00090112 ____A C:\Windows\Minidump\Mini012213-02.dmp
2013-01-22 19:26 - 2009-10-10 14:52 - 00000000 __SHD C:\Windows\CSC
2013-01-22 19:22 - 2013-01-22 19:22 - 00090112 ____A C:\Windows\Minidump\Mini012213-01.dmp
2013-01-22 19:22 - 2013-01-22 19:22 - 00000000 ____D C:\Windows\Minidump
2013-01-22 15:01 - 2013-01-22 15:01 - 00033272 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\AntiMalware.exe
2013-01-22 12:34 - 2010-03-15 14:43 - 00000410 ____A C:\Windows\BRWMARK.INI
2013-01-18 17:17 - 2010-01-05 16:59 - 00000000 ____D C:\Documents and Settings\roomB2\Application Data\Eyemaginations.LUMA
2013-01-16 10:41 - 2013-01-16 10:40 - 00009507 ____A C:\Windows\KB2799329-IE8.log
2013-01-16 10:41 - 2009-10-22 13:30 - 00000000 ____D C:\Windows\ie8updates
2013-01-16 10:41 - 2009-04-23 14:21 - 00106258 ____A C:\Windows\updspapi.log
2013-01-16 10:41 - 2008-04-25 04:22 - 01608649 ____A C:\Windows\iis6.log
2013-01-16 10:41 - 2008-04-25 04:22 - 01442651 ____A C:\Windows\FaxSetup.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00700162 ____A C:\Windows\ocgen.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00661037 ____A C:\Windows\tsoc.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00486718 ____A C:\Windows\comsetup.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00448810 ____A C:\Windows\msmqinst.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00294562 ____A C:\Windows\ntdtcsetup.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00250792 ____A C:\Windows\netfxocm.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00099180 ____A C:\Windows\MedCtrOC.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00079404 ____A C:\Windows\ocmsn.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00072202 ____A C:\Windows\tabletoc.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00071891 ____A C:\Windows\msgsocm.log
2013-01-16 10:41 - 2008-04-25 04:22 - 00001374 ____A C:\Windows\imsins.log
2013-01-16 10:40 - 2009-04-23 14:21 - 00000000 ___HD C:\Windows\$hf_mig$
2013-01-10 11:15 - 2008-04-25 16:34 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-10 11:07 - 2008-04-25 04:22 - 00614030 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-10 10:57 - 2013-01-10 10:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-01-10 10:57 - 2013-01-10 10:56 - 00008039 ____A C:\Windows\KB2757638.log
2013-01-10 10:57 - 2008-04-25 04:22 - 00001374 ____A C:\Windows\imsins.BAK
2013-01-06 00:34 - 2009-04-23 14:21 - 06009856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-01-06 00:34 - 2008-04-25 11:16 - 06009856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-01-04 10:45 - 2009-12-16 15:12 - 00000000 ____D C:\Documents and Settings\roomB2\Local Settings\Application Data\PowerDVD DX
2013-01-02 14:31 - 2013-01-02 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CyberLink
2012-12-24 13:18 - 2008-04-25 04:21 - 00096664 ____A C:\Windows\System32\FNTCACHE.DAT
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2013-01-23 10:38 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP838
RP: -> 2013-01-22 10:43 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP837
RP: -> 2013-01-21 10:42 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP836
RP: -> 2013-01-18 10:37 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP835
RP: -> 2013-01-17 10:45 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP834
RP: -> 2013-01-16 10:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP833
RP: -> 2013-01-16 10:40 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP832
RP: -> 2013-01-15 10:37 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP831
RP: -> 2013-01-14 10:55 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP830
RP: -> 2013-01-14 01:30 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP829
RP: -> 2013-01-13 10:55 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP828
RP: -> 2013-01-13 04:45 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP827
RP: -> 2013-01-13 01:58 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP826
RP: -> 2013-01-12 10:55 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP825
RP: -> 2013-01-12 01:24 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP824
RP: -> 2013-01-11 10:47 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP823
RP: -> 2013-01-10 11:07 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP822
RP: -> 2013-01-10 10:55 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP821
RP: -> 2013-01-09 10:46 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP820
RP: -> 2013-01-08 10:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP819
RP: -> 2013-01-07 10:45 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP818
RP: -> 2013-01-07 10:44 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP817
RP: -> 2013-01-04 10:47 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP816
RP: -> 2013-01-02 10:37 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP815
RP: -> 2012-12-27 12:35 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP814
RP: -> 2012-12-26 11:33 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP813
RP: -> 2012-12-24 13:33 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP812
RP: -> 2012-12-21 15:53 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP811
RP: -> 2012-12-21 10:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP810
RP: -> 2012-12-20 10:50 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP809
RP: -> 2012-12-19 10:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP808
RP: -> 2012-12-18 10:56 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP807
RP: -> 2012-12-17 10:46 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP806
RP: -> 2012-12-14 10:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP805
RP: -> 2012-12-13 10:57 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP804
RP: -> 2012-12-13 10:55 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP803
RP: -> 2012-12-12 10:54 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP802
RP: -> 2012-12-11 10:42 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP801
RP: -> 2012-12-10 11:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP800
RP: -> 2012-12-07 10:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP799
RP: -> 2012-12-06 11:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP798
RP: -> 2012-12-05 10:38 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP797
RP: -> 2012-12-04 10:48 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP796
RP: -> 2012-12-03 01:29 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP795
RP: -> 2012-12-02 10:55 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP794
RP: -> 2012-12-02 05:00 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP793
RP: -> 2012-12-02 01:28 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP792
RP: -> 2012-12-01 10:55 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP791
RP: -> 2012-12-01 01:14 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP790
RP: -> 2012-11-30 10:47 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP789
RP: -> 2012-11-29 10:44 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP788
RP: -> 2012-11-28 10:45 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP787
RP: -> 2012-11-27 10:45 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP786
RP: -> 2012-11-26 10:50 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP785
RP: -> 2012-11-21 10:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP784
RP: -> 2012-11-20 10:40 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP783
RP: -> 2012-11-19 10:45 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP782
RP: -> 2012-11-16 10:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP781
RP: -> 2012-11-15 10:54 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP780
RP: -> 2012-11-14 19:13 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP779
RP: -> 2012-11-14 10:38 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP778
RP: -> 2012-11-13 10:48 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP777
RP: -> 2012-11-12 10:47 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP776
RP: -> 2012-11-09 10:46 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP775
RP: -> 2012-11-08 10:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP774
RP: -> 2012-11-07 10:42 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP773
RP: -> 2012-11-06 10:43 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP772
RP: -> 2012-11-05 10:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP771
RP: -> 2012-11-02 09:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP770
RP: -> 2012-11-01 09:43 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP769
RP: -> 2012-10-31 10:06 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP768
RP: -> 2012-10-30 09:50 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP767
RP: -> 2012-10-29 09:42 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP766
RP: -> 2012-10-26 10:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP765
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 2036.9 MB
Available physical RAM: 1788.5 MB
Total Pagefile: 1867.61 MB
Available Pagefile: 1806.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:115 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (USB DISK) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
The disk management services could not complete the operation.
=========================================================
==================== End Of Log ============================
Search.txtFarbar Recovery Scan Tool (x86) Version: 21-01-2013 02
Ran by SYSTEM at 2013-01-23 10:04:04
Running from D:\
================== Search: "services.exe" ===================
C:\WINDOWS\system32\services.exe
[2008-04-25 11:16] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\system32\dllcache\services.exe
[2009-10-12 05:20] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-10-13 09:54] - [2008-04-14 07:00] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-10-12 05:20] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
=== End Of Search ===