I suppose I have the same sirefef infection most people seem to be having these days. Constant reboot, Windows defender errors, etc. I ran frst64.exe and am pasting the frst.txt log and the search.txt log below. Thanks in advance for your help!
frst.txt:
Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 17-07-2012 18:07:13
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro64.exe" [381440 2007-10-22] (Kmaestro)
HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [3832064 2009-09-11] (O&O Software GmbH)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DelReg] "C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe" [196608 2008-05-13] ()
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~3.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [345 2012-07-17] ()
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Buzz\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Jeff\...\Run: [AdobeBridge] [x]
HKU\Jeff\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-22] (Google Inc.)
HKU\Jeff\...\Run: [Akamai NetSession Interface] "C:\Users\Jeff\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Jeff\...\Run: [Google Update] "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-17] (Google Inc.)
HKU\Zenna\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) ======
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc)
3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
3 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [85096 2009-03-21] (Autodesk)
2 gupdate1c9f38b1e522df4; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-06-22] (Google Inc.)
2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [335888 2012-06-11] (Verizon)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-03-17] (Alcatel-Lucent)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 O&O Defrag; "C:\Program Files\OO Software\Defrag\oodag.exe" [2287360 2009-09-11] (O&O Software GmbH)
2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2010-06-15] ()
2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2010-09-02] (SupportSoft, Inc.)
3 Roxio UPnP Renderer 11; "C:\Program Files (x86)\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
========================== Drivers (Whitelisted) =============
3 chdrvr01; C:\Windows\System32\Drivers\chdrvr01.sys [248928 2009-01-12] (CH Products)
3 chdrvr02; C:\Windows\System32\Drivers\chdrvr02.sys [10720 2008-11-25] (CH Products)
3 chdrvr03; C:\Windows\System32\Drivers\chdrvr03.sys [15200 2008-11-25] (CH Products)
3 DCamUSBSTK02H; C:\Windows\System32\DRIVERS\STK02HW2.sys [106496 2007-03-21] (Syntek Ltd.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-11-11] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [528232 2010-01-05] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-11-11] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-11-11] (McAfee, Inc.)
3 MSI_DVD_010507; \??\C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
3 MSI_MSIBIOS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
3 MSI_VGASYS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys [14960 2010-05-10] ()
3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [45600 2009-12-17] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2009-03-04] (Duplex Secure Ltd.)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [x]
3 WEBNTACCESS; \??\C:\Windows\system32\NTACCESS.SYS [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-17 18:07 - 2012-07-17 18:07 - 00000000 ____D C:\FRST
2012-07-08 17:38 - 2012-07-08 17:40 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2012-07-08 17:37 - 2012-07-08 17:38 - 00748246 ____A ( ) C:\Users\Jeff\Downloads\reshack_setup.exe
2012-07-08 16:50 - 2012-07-08 16:53 - 26528591 ____A C:\Users\Jeff\Downloads\Pearson.CompTIA.Aplus.220-701.220-702.Cert.Guide.Oct.2009.rar
2012-07-08 13:07 - 2012-07-08 13:08 - 00000000 ____D C:\Users\Jeff\Downloads\Mike Meyers' CompTIA A+ Certification All in one Exam guide seventh edition
2012-07-07 11:45 - 2012-07-17 14:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-05 07:27 - 2012-07-05 07:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-01 18:20 - 2012-07-01 18:20 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-01 18:20 - 2012-07-01 18:20 - 00000000 ____D C:\Program Files\iTunes
2012-07-01 18:20 - 2012-07-01 18:20 - 00000000 ____D C:\Program Files\iPod
2012-07-01 18:20 - 2012-07-01 18:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-01 13:28 - 2012-07-01 13:29 - 15839341 ____A C:\Users\Jeff\Downloads\GameMaker 8 standard.rar
2012-06-28 08:00 - 2012-07-17 14:00 - 00567666 ____A C:\Windows\setupact.log
2012-06-28 08:00 - 2012-06-28 08:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-24 11:39 - 2012-06-28 11:47 - 00001001 ____A C:\Users\Jeff\Desktop\PyScripter.lnk
2012-06-24 11:39 - 2012-06-24 11:39 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\PyScripter
2012-06-24 11:38 - 2012-06-24 11:39 - 00000000 ____D C:\Program Files\PyScripter
2012-06-24 11:36 - 2012-06-24 11:36 - 05041764 ____A (PyScripter ) C:\Users\Jeff\Downloads\PyScripter-v2.5.3-x64-Setup.exe
2012-06-24 11:35 - 2012-06-24 11:35 - 00000000 ____D C:\Python32
2012-06-24 11:33 - 2012-06-24 11:34 - 18554880 ____A C:\Users\Jeff\Downloads\python-3.2.3.amd64.msi
2012-06-21 05:36 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 05:36 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 05:36 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 05:36 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 05:35 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 05:35 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 05:35 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 05:35 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 05:35 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 10:15 - 2012-06-20 10:15 - 00000000 ____D C:\Users\Jeff\AppData\Local\{30114BAA-D439-4F18-9F48-BF206BFF7BFE}
2012-06-18 10:47 - 2012-06-18 12:16 - 00000000 ____D C:\Users\Jeff\Desktop\Pics for frames
2012-06-18 04:52 - 2012-06-18 04:52 - 00000000 ____A C:\Users\Jeff\Sti_Trace.log
2012-06-18 04:32 - 2012-06-18 04:32 - 00000000 ____D C:\Users\Jeff\AppData\Local\Macromedia
============ 3 Months Modified Files ========================
2012-07-17 14:01 - 2009-06-30 08:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-17 14:00 - 2012-07-07 11:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-17 14:00 - 2012-06-28 08:00 - 00567666 ____A C:\Windows\setupact.log
2012-07-17 14:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 14:00 - 2009-03-08 10:23 - 01397954 ____A C:\Windows\System32\oodbs.lor
2012-07-13 11:05 - 2012-02-17 09:55 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835454708-304363085-1163990656-1000UA.job
2012-07-13 10:39 - 2009-08-26 14:10 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-13 10:38 - 2009-06-30 08:53 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-13 10:14 - 2012-03-29 07:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-13 10:14 - 2011-05-18 05:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-13 08:59 - 2009-10-22 07:25 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-13 08:59 - 2009-10-22 07:25 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 16:05 - 2012-02-17 09:55 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835454708-304363085-1163990656-1000Core.job
2012-07-08 17:38 - 2012-07-08 17:37 - 00748246 ____A ( ) C:\Users\Jeff\Downloads\reshack_setup.exe
2012-07-08 17:32 - 2009-07-13 21:13 - 00786700 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 16:53 - 2012-07-08 16:50 - 26528591 ____A C:\Users\Jeff\Downloads\Pearson.CompTIA.Aplus.220-701.220-702.Cert.Guide.Oct.2009.rar
2012-07-05 07:24 - 2009-10-22 09:02 - 01684675 ____A C:\Windows\WindowsUpdate.log
2012-07-01 18:20 - 2012-07-01 18:20 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-01 13:29 - 2012-07-01 13:28 - 15839341 ____A C:\Users\Jeff\Downloads\GameMaker 8 standard.rar
2012-06-28 11:47 - 2012-06-24 11:39 - 00001001 ____A C:\Users\Jeff\Desktop\PyScripter.lnk
2012-06-28 08:00 - 2012-06-28 08:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-24 11:36 - 2012-06-24 11:36 - 05041764 ____A (PyScripter ) C:\Users\Jeff\Downloads\PyScripter-v2.5.3-x64-Setup.exe
2012-06-24 11:34 - 2012-06-24 11:33 - 18554880 ____A C:\Users\Jeff\Downloads\python-3.2.3.amd64.msi
2012-06-18 04:52 - 2012-06-18 04:52 - 00000000 ____A C:\Users\Jeff\Sti_Trace.log
2012-06-16 16:41 - 2009-07-13 20:45 - 03267096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 13:18 - 2009-11-18 04:37 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-06 04:43 - 2011-01-28 10:11 - 00780534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-06 04:28 - 2011-01-28 10:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-02 14:19 - 2012-06-21 05:36 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 05:36 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 05:36 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 05:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 05:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 05:36 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 05:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 05:35 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 05:35 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 07:00 - 2012-05-30 07:00 - 05387407 ____A C:\Users\Jeff\Downloads\absinthe-win-2.0.4.zip
2012-05-30 07:00 - 2012-05-29 22:21 - 05466948 ____A (Igor Pavlov) C:\Users\Jeff\Downloads\absinthe-win-2.0.4.exe
2012-05-26 10:00 - 2012-03-26 13:39 - 00073408 ____A C:\Users\Jeff\Documents\kitchen_counters.dwg
2012-05-26 07:18 - 2011-05-13 05:54 - 00000328 ____A C:\Users\Jeff\Documents\plot.log
2012-05-22 07:50 - 2012-05-22 07:50 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-17 18:47 - 2012-06-16 13:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-16 13:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-16 13:13 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-16 13:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-16 13:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-16 13:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-16 13:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-16 13:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-16 13:13 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-16 13:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-16 13:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-16 13:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-16 13:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-16 13:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-16 13:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-16 13:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-16 13:13 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-16 13:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-16 13:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-16 13:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-16 13:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-16 13:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-16 13:13 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-16 13:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-16 13:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-16 13:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-16 13:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-16 13:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 04:32 - 2012-05-15 04:32 - 00001972 ____A C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
2012-05-14 18:46 - 2012-05-07 10:05 - 00001005 ____A C:\Users\Public\Desktop\English Manual.pdf.lnk
2012-05-14 18:46 - 2012-05-07 10:05 - 00000963 ____A C:\Users\Public\Desktop\EZCA Config.exe.lnk
2012-05-14 18:45 - 2012-05-14 18:45 - 00002048 ____A C:\Windows\ezdokcam1.lic
2012-05-14 17:32 - 2012-06-16 12:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 06:43 - 2012-05-14 06:43 - 02266400 ____A () C:\Users\Jeff\Downloads\FSGATAPX_US_RI.exe
2012-05-11 18:02 - 2012-05-11 18:02 - 00046169 ____A C:\Users\Jeff\Desktop\irony-17.jpeg
2012-05-10 13:30 - 2009-10-22 11:12 - 00114440 ____A C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-07 09:45 - 2012-05-07 09:45 - 02686569 ____A C:\Users\Jeff\Downloads\EZCA_ P3D_beta.rar
2012-05-07 05:59 - 2012-05-07 05:59 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-07 05:59 - 2012-05-07 05:59 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-07 05:59 - 2012-05-07 05:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-07 05:59 - 2012-05-07 05:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-07 05:59 - 2010-05-26 04:00 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-06 17:39 - 2012-05-06 17:38 - 06717602 ____A ( Flight1, Inc.) C:\Users\Jeff\Downloads\EZdokCamera.exe
2012-05-05 18:49 - 2012-05-05 18:49 - 00003120 ____A C:\Windows\SysWOW64\WTPOV5BJ.ocx
2012-05-05 18:49 - 2012-05-05 18:49 - 00003120 ____A C:\Windows\G98AYLBP.ocx
2012-05-05 18:40 - 2012-05-05 18:40 - 00002749 ____A C:\Users\Public\Desktop\Prepar3D.lnk
2012-05-05 16:05 - 2012-05-05 15:50 - 4287355882 ____A C:\Users\Jeff\Downloads\Prepar3D_Academic_1.3.3708.0-002.zip
2012-05-05 15:32 - 2012-05-05 14:40 - 2147351890 ____A C:\Users\Jeff\Downloads\Prepar3D_Academic_1.3.3708.0-003.zip
2012-05-05 15:03 - 2012-05-05 14:32 - 3918277517 ____A C:\Users\Jeff\Downloads\Prepar3D_Academic_1.3.3708.0-001.zip
2012-05-04 03:06 - 2012-06-16 12:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-16 12:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-16 12:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 06:01 - 2012-05-02 06:01 - 00696543 ____A C:\Users\Jeff\Desktop\Obama-golf-3.psd
2012-05-02 05:56 - 2012-05-02 05:56 - 01015779 ____A C:\Users\Jeff\Downloads\Gotham_Font_Family.zip
2012-04-30 21:40 - 2012-06-16 12:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-16 12:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-16 12:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-16 12:59 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-16 12:59 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 10:45 - 2012-04-24 10:45 - 07526070 ____A C:\Users\Jeff\Downloads\FSUIPC4.zip
2012-04-24 10:38 - 2012-04-24 10:38 - 00001125 ____A C:\Users\Zenna\Desktop\FS Instant Approach.lnk
2012-04-24 10:38 - 2012-04-24 10:38 - 00001125 ____A C:\Users\Jeff\Desktop\FS Instant Approach.lnk
2012-04-24 10:38 - 2012-04-24 10:38 - 00001125 ____A C:\Users\Buzz\Desktop\FS Instant Approach.lnk
2012-04-24 10:38 - 2006-11-02 04:34 - 00000305 ____A C:\Windows\win.ini
2012-04-24 10:36 - 2012-04-24 10:36 - 05532058 ____A C:\Users\Jeff\Downloads\FS_Instant_Approach_Setup.zip
2012-04-23 21:37 - 2012-06-16 12:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-16 12:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-16 12:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-16 12:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-16 12:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-16 12:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
ZeroAccess:
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\@
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\L
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\n
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U\00000001.@
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U\80000000.@
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U\800000cb.@
ZeroAccess:
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\@
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\L
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 12278.12 MB
Available physical RAM: 11234.43 MB
Total Pagefile: 12276.27 MB
Available Pagefile: 11225.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:931.51 GB) (Free:432.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.92 GB) (Free:1.9 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1968 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 931 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FAT Removable 1967 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-08 14:07
======================= End Of Log ==========================
Search.txt
Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-17 18:31:37
Running from D:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
frst.txt:
Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 17-07-2012 18:07:13
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro64.exe" [381440 2007-10-22] (Kmaestro)
HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [3832064 2009-09-11] (O&O Software GmbH)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DelReg] "C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe" [196608 2008-05-13] ()
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~3.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [345 2012-07-17] ()
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Buzz\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Jeff\...\Run: [AdobeBridge] [x]
HKU\Jeff\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-22] (Google Inc.)
HKU\Jeff\...\Run: [Akamai NetSession Interface] "C:\Users\Jeff\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Jeff\...\Run: [Google Update] "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-17] (Google Inc.)
HKU\Zenna\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) ======
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc)
3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
3 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [85096 2009-03-21] (Autodesk)
2 gupdate1c9f38b1e522df4; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-06-22] (Google Inc.)
2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [335888 2012-06-11] (Verizon)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-03-17] (Alcatel-Lucent)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 O&O Defrag; "C:\Program Files\OO Software\Defrag\oodag.exe" [2287360 2009-09-11] (O&O Software GmbH)
2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2010-06-15] ()
2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2010-09-02] (SupportSoft, Inc.)
3 Roxio UPnP Renderer 11; "C:\Program Files (x86)\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
========================== Drivers (Whitelisted) =============
3 chdrvr01; C:\Windows\System32\Drivers\chdrvr01.sys [248928 2009-01-12] (CH Products)
3 chdrvr02; C:\Windows\System32\Drivers\chdrvr02.sys [10720 2008-11-25] (CH Products)
3 chdrvr03; C:\Windows\System32\Drivers\chdrvr03.sys [15200 2008-11-25] (CH Products)
3 DCamUSBSTK02H; C:\Windows\System32\DRIVERS\STK02HW2.sys [106496 2007-03-21] (Syntek Ltd.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-11-11] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [528232 2010-01-05] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-11-11] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-11-11] (McAfee, Inc.)
3 MSI_DVD_010507; \??\C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
3 MSI_MSIBIOS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
3 MSI_VGASYS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys [14960 2010-05-10] ()
3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [45600 2009-12-17] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2009-03-04] (Duplex Secure Ltd.)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [x]
3 WEBNTACCESS; \??\C:\Windows\system32\NTACCESS.SYS [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-17 18:07 - 2012-07-17 18:07 - 00000000 ____D C:\FRST
2012-07-08 17:38 - 2012-07-08 17:40 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2012-07-08 17:37 - 2012-07-08 17:38 - 00748246 ____A ( ) C:\Users\Jeff\Downloads\reshack_setup.exe
2012-07-08 16:50 - 2012-07-08 16:53 - 26528591 ____A C:\Users\Jeff\Downloads\Pearson.CompTIA.Aplus.220-701.220-702.Cert.Guide.Oct.2009.rar
2012-07-08 13:07 - 2012-07-08 13:08 - 00000000 ____D C:\Users\Jeff\Downloads\Mike Meyers' CompTIA A+ Certification All in one Exam guide seventh edition
2012-07-07 11:45 - 2012-07-17 14:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-05 07:27 - 2012-07-05 07:27 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-01 18:20 - 2012-07-01 18:20 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-01 18:20 - 2012-07-01 18:20 - 00000000 ____D C:\Program Files\iTunes
2012-07-01 18:20 - 2012-07-01 18:20 - 00000000 ____D C:\Program Files\iPod
2012-07-01 18:20 - 2012-07-01 18:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-01 13:28 - 2012-07-01 13:29 - 15839341 ____A C:\Users\Jeff\Downloads\GameMaker 8 standard.rar
2012-06-28 08:00 - 2012-07-17 14:00 - 00567666 ____A C:\Windows\setupact.log
2012-06-28 08:00 - 2012-06-28 08:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-24 11:39 - 2012-06-28 11:47 - 00001001 ____A C:\Users\Jeff\Desktop\PyScripter.lnk
2012-06-24 11:39 - 2012-06-24 11:39 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\PyScripter
2012-06-24 11:38 - 2012-06-24 11:39 - 00000000 ____D C:\Program Files\PyScripter
2012-06-24 11:36 - 2012-06-24 11:36 - 05041764 ____A (PyScripter ) C:\Users\Jeff\Downloads\PyScripter-v2.5.3-x64-Setup.exe
2012-06-24 11:35 - 2012-06-24 11:35 - 00000000 ____D C:\Python32
2012-06-24 11:33 - 2012-06-24 11:34 - 18554880 ____A C:\Users\Jeff\Downloads\python-3.2.3.amd64.msi
2012-06-21 05:36 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 05:36 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 05:36 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 05:36 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 05:35 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 05:35 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 05:35 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 05:35 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 05:35 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 10:15 - 2012-06-20 10:15 - 00000000 ____D C:\Users\Jeff\AppData\Local\{30114BAA-D439-4F18-9F48-BF206BFF7BFE}
2012-06-18 10:47 - 2012-06-18 12:16 - 00000000 ____D C:\Users\Jeff\Desktop\Pics for frames
2012-06-18 04:52 - 2012-06-18 04:52 - 00000000 ____A C:\Users\Jeff\Sti_Trace.log
2012-06-18 04:32 - 2012-06-18 04:32 - 00000000 ____D C:\Users\Jeff\AppData\Local\Macromedia
============ 3 Months Modified Files ========================
2012-07-17 14:01 - 2009-06-30 08:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-17 14:00 - 2012-07-07 11:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-17 14:00 - 2012-06-28 08:00 - 00567666 ____A C:\Windows\setupact.log
2012-07-17 14:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 14:00 - 2009-03-08 10:23 - 01397954 ____A C:\Windows\System32\oodbs.lor
2012-07-13 11:05 - 2012-02-17 09:55 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835454708-304363085-1163990656-1000UA.job
2012-07-13 10:39 - 2009-08-26 14:10 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-13 10:38 - 2009-06-30 08:53 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-13 10:14 - 2012-03-29 07:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-13 10:14 - 2011-05-18 05:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-13 08:59 - 2009-10-22 07:25 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-13 08:59 - 2009-10-22 07:25 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 16:05 - 2012-02-17 09:55 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835454708-304363085-1163990656-1000Core.job
2012-07-08 17:38 - 2012-07-08 17:37 - 00748246 ____A ( ) C:\Users\Jeff\Downloads\reshack_setup.exe
2012-07-08 17:32 - 2009-07-13 21:13 - 00786700 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 16:53 - 2012-07-08 16:50 - 26528591 ____A C:\Users\Jeff\Downloads\Pearson.CompTIA.Aplus.220-701.220-702.Cert.Guide.Oct.2009.rar
2012-07-05 07:24 - 2009-10-22 09:02 - 01684675 ____A C:\Windows\WindowsUpdate.log
2012-07-01 18:20 - 2012-07-01 18:20 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-01 13:29 - 2012-07-01 13:28 - 15839341 ____A C:\Users\Jeff\Downloads\GameMaker 8 standard.rar
2012-06-28 11:47 - 2012-06-24 11:39 - 00001001 ____A C:\Users\Jeff\Desktop\PyScripter.lnk
2012-06-28 08:00 - 2012-06-28 08:00 - 00000000 ____A C:\Windows\setuperr.log
2012-06-24 11:36 - 2012-06-24 11:36 - 05041764 ____A (PyScripter ) C:\Users\Jeff\Downloads\PyScripter-v2.5.3-x64-Setup.exe
2012-06-24 11:34 - 2012-06-24 11:33 - 18554880 ____A C:\Users\Jeff\Downloads\python-3.2.3.amd64.msi
2012-06-18 04:52 - 2012-06-18 04:52 - 00000000 ____A C:\Users\Jeff\Sti_Trace.log
2012-06-16 16:41 - 2009-07-13 20:45 - 03267096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 13:18 - 2009-11-18 04:37 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-06 04:43 - 2011-01-28 10:11 - 00780534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-06 04:28 - 2011-01-28 10:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-02 14:19 - 2012-06-21 05:36 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 05:36 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 05:36 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 05:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 05:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 05:36 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 05:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 05:35 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 05:35 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 07:00 - 2012-05-30 07:00 - 05387407 ____A C:\Users\Jeff\Downloads\absinthe-win-2.0.4.zip
2012-05-30 07:00 - 2012-05-29 22:21 - 05466948 ____A (Igor Pavlov) C:\Users\Jeff\Downloads\absinthe-win-2.0.4.exe
2012-05-26 10:00 - 2012-03-26 13:39 - 00073408 ____A C:\Users\Jeff\Documents\kitchen_counters.dwg
2012-05-26 07:18 - 2011-05-13 05:54 - 00000328 ____A C:\Users\Jeff\Documents\plot.log
2012-05-22 07:50 - 2012-05-22 07:50 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-17 18:47 - 2012-06-16 13:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-16 13:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-16 13:13 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-16 13:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-16 13:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-16 13:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-16 13:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-16 13:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-16 13:13 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-16 13:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-16 13:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-16 13:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-16 13:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-16 13:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-16 13:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-16 13:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-16 13:13 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-16 13:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-16 13:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-16 13:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-16 13:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-16 13:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-16 13:13 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-16 13:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-16 13:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-16 13:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-16 13:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-16 13:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 04:32 - 2012-05-15 04:32 - 00001972 ____A C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
2012-05-14 18:46 - 2012-05-07 10:05 - 00001005 ____A C:\Users\Public\Desktop\English Manual.pdf.lnk
2012-05-14 18:46 - 2012-05-07 10:05 - 00000963 ____A C:\Users\Public\Desktop\EZCA Config.exe.lnk
2012-05-14 18:45 - 2012-05-14 18:45 - 00002048 ____A C:\Windows\ezdokcam1.lic
2012-05-14 17:32 - 2012-06-16 12:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 06:43 - 2012-05-14 06:43 - 02266400 ____A () C:\Users\Jeff\Downloads\FSGATAPX_US_RI.exe
2012-05-11 18:02 - 2012-05-11 18:02 - 00046169 ____A C:\Users\Jeff\Desktop\irony-17.jpeg
2012-05-10 13:30 - 2009-10-22 11:12 - 00114440 ____A C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-07 09:45 - 2012-05-07 09:45 - 02686569 ____A C:\Users\Jeff\Downloads\EZCA_ P3D_beta.rar
2012-05-07 05:59 - 2012-05-07 05:59 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-07 05:59 - 2012-05-07 05:59 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-07 05:59 - 2012-05-07 05:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-07 05:59 - 2012-05-07 05:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-07 05:59 - 2010-05-26 04:00 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-06 17:39 - 2012-05-06 17:38 - 06717602 ____A ( Flight1, Inc.) C:\Users\Jeff\Downloads\EZdokCamera.exe
2012-05-05 18:49 - 2012-05-05 18:49 - 00003120 ____A C:\Windows\SysWOW64\WTPOV5BJ.ocx
2012-05-05 18:49 - 2012-05-05 18:49 - 00003120 ____A C:\Windows\G98AYLBP.ocx
2012-05-05 18:40 - 2012-05-05 18:40 - 00002749 ____A C:\Users\Public\Desktop\Prepar3D.lnk
2012-05-05 16:05 - 2012-05-05 15:50 - 4287355882 ____A C:\Users\Jeff\Downloads\Prepar3D_Academic_1.3.3708.0-002.zip
2012-05-05 15:32 - 2012-05-05 14:40 - 2147351890 ____A C:\Users\Jeff\Downloads\Prepar3D_Academic_1.3.3708.0-003.zip
2012-05-05 15:03 - 2012-05-05 14:32 - 3918277517 ____A C:\Users\Jeff\Downloads\Prepar3D_Academic_1.3.3708.0-001.zip
2012-05-04 03:06 - 2012-06-16 12:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-16 12:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-16 12:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 06:01 - 2012-05-02 06:01 - 00696543 ____A C:\Users\Jeff\Desktop\Obama-golf-3.psd
2012-05-02 05:56 - 2012-05-02 05:56 - 01015779 ____A C:\Users\Jeff\Downloads\Gotham_Font_Family.zip
2012-04-30 21:40 - 2012-06-16 12:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-16 12:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-16 12:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-16 12:59 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-16 12:59 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 10:45 - 2012-04-24 10:45 - 07526070 ____A C:\Users\Jeff\Downloads\FSUIPC4.zip
2012-04-24 10:38 - 2012-04-24 10:38 - 00001125 ____A C:\Users\Zenna\Desktop\FS Instant Approach.lnk
2012-04-24 10:38 - 2012-04-24 10:38 - 00001125 ____A C:\Users\Jeff\Desktop\FS Instant Approach.lnk
2012-04-24 10:38 - 2012-04-24 10:38 - 00001125 ____A C:\Users\Buzz\Desktop\FS Instant Approach.lnk
2012-04-24 10:38 - 2006-11-02 04:34 - 00000305 ____A C:\Windows\win.ini
2012-04-24 10:36 - 2012-04-24 10:36 - 05532058 ____A C:\Users\Jeff\Downloads\FS_Instant_Approach_Setup.zip
2012-04-23 21:37 - 2012-06-16 12:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-16 12:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-16 12:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-16 12:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-16 12:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-16 12:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
ZeroAccess:
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\@
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\L
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\n
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U\00000001.@
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U\80000000.@
C:\Windows\Installer\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U\800000cb.@
ZeroAccess:
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\@
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\L
C:\Users\Jeff\AppData\Local\{b10e3ac9-d402-d2b3-0e10-0bc1dc012102}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 12278.12 MB
Available physical RAM: 11234.43 MB
Total Pagefile: 12276.27 MB
Available Pagefile: 11225.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:931.51 GB) (Free:432.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.92 GB) (Free:1.9 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1968 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 931 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FAT Removable 1967 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-08 14:07
======================= End Of Log ==========================
Search.txt
Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-17 18:31:37
Running from D:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======