[Inactive] Victim of Phishing

**tbux** · August 9th, 2012, 01:12 PM

Hi guys,

Just did some research and believe I have been hit with a phishing email. Went to phishtank.com and found the link and it was verified as phishing.

Running Windows Vista Home Premium.

Each time I go on to my computer screen turns grey after a short period of time. I try to run system restore, but hat does not work. When I am in the process of doing anything with my computer it just turns grey, so I can barely do anything before the screen turns grey.

Any help will be appreciated.

**fink** · August 9th, 2012, 01:33 PM

Follow the instructions in this thread..

http://discussions.virtualdr.com/sho...ated-1-1-2012)

and copy/paste the scanners log files below.

**tbux** · August 9th, 2012, 02:11 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Trajah :: TRAJAH-PC [administrator]

8/9/2012 1:46:30 PM
mbam-log-2012-08-09 (13-58-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230825
Time elapsed: 10 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\avsoft (Trojan.Fraudpack) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Internet\AppData\Local\Temp\msimg32.dll (Rootkit.Zaccess) -> No action taken.
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> No action taken.

(end)

**tbux** · August 9th, 2012, 02:27 PM

I tried clicking on the gmer executable file but am getting a message stating the executable file is not a valid WIN32 application. Tried the zip file and states archive is unknown format or damaged.

**tbux** · August 9th, 2012, 02:33 PM

Actually went to website downloaded and was able to run the program. In the midst of computer running the scan, computer screen turns grey as if something is preventing me from fixing the computer

**jdc2000** · August 9th, 2012, 03:38 PM

Did you try an external monitor? Did you try Safe Mode with Networking?

**fink** · August 9th, 2012, 04:08 PM

Also the Malwarebytes logfile indicates no action taken. Allow it to try to fix the issue.

**tbux** · August 9th, 2012, 04:15 PM

I will try to get another monitor. I allowed the Malware to fix the issue, I think I saved the log before I ran the fix.

**Broni** · August 10th, 2012, 12:06 PM

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Post new MBAM log as well.

**tbux** · August 10th, 2012, 02:23 PM

Thanks Broni,

I have tried to connect another monitor, but the screen goes blank.

A black screen comes up on start-up with windows error recovery Launch start-up repair or start windows normally option. It tried to do a system recovery but screen tuns gray.

I have another screen hooked up to my laptop, but the monitor keeps showing a message "check video cable" even though I have the VGA cable connected. I cant get to a normal screen in order press fn + f7.

Not sure what to do.

**Broni** · August 10th, 2012, 02:28 PM

There is definitely some infection there but you may have some other issues as well (video chip).

Is this legit Vista installation?
I'm asking because I see KMSEmulator.exe file.

===============================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

**tbux** · August 10th, 2012, 02:34 PM

Yes, it is a legit version. Not sure how or where the emulator executable file is coming from. Came with the computer when it was purchased. I will follow the steps you suggested and post when I am finished. Thanks again.

**tbux** · August 10th, 2012, 03:52 PM

First Search

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 10-08-2012 15:45:57
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [170520 2008-07-03] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [145944 2008-07-03] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Internet\...\Run: [Google Update] "C:\Users\Internet\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-22] (Google Inc.)
HKU\Internet\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Internet\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG)
HKU\Internet\...\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s [192000 2008-01-20] (Microsoft Corporation)
HKU\Internet\...\Run: [Download] "C:\Users\Internet\AppData\Local\SupportSoft\ddoctorv2\Internet\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe" [x]
HKU\Internet\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Internet\...\Policies\system: [LogonHoursAction] 2
HKU\Internet\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Trajah\...\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-23] (SupportSoft, Inc.)
HKU\Trajah\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG)
HKU\Trajah\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Trajah\...\Run: [Google Update] "C:\Users\Trajah\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-05-12] (Google Inc.)
HKU\Trajah\...\Policies\system: [LogonHoursAction] 2
HKU\Trajah\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer [503808 2010-11-11] (DivX, Inc.)
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer [1966080 2010-11-11] (DivX, Inc.)
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [86016 2010-11-11] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [63488 2010-11-11] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [319488 2010-11-11] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1089536 2010-11-11] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AOLDDI.LNK
ShortcutTarget: AOLDDI.LNK -> C:\DDI\AOLICON.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
ShortcutTarget: Palo Alto Software Update Manager 9.0.lnk -> C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe (Palo Alto Software)
Startup: C:\Users\Internet\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 dkab_device; C:\Windows\system32\DKabcoms.exe -service [599280 2009-08-20] ( )
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
4 msfwsvc; "C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" [869952 2007-11-27] (Microsoft Corporation)
4 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)
4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 OcHealthMon; "C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe" [24936 2009-03-22] (Microsoft Corporation)
2 OneCareMP; "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" [18704 2008-07-09] (Microsoft Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2010-08-19] ()
2 SOHCImp; "C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe" [103712 2008-05-20] (Sony Corporation)
2 SOHDms; "C:\Program Files\Sony\VAIO Media plus\SOHDms.exe" [353568 2008-05-20] (Sony Corporation)
2 SOHDs; "C:\Program Files\Sony\VAIO Media plus\SOHDs.exe" [62752 2008-05-20] (Sony Corporation)
2 sprtsvc_ddoctorv2; "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2008-05-20] (Sony Corporation)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-05-22] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
2 VCFw; "C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [415744 2008-06-20] (Sony Corporation)
2 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [337184 2008-06-11] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-06-19] (Sony Corporation)
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2008-05-22] (Sony Corporation)
2 winss; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [1131896 2009-03-22] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

4 adpu160m; C:\Windows\system32\drivers\adpu160m.sys [101432 2008-01-20] (Adaptec, Inc.)
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [53168 2008-05-15] (Microsoft Corporation)
2 MSFWDrv; C:\Windows\System32\DRIVERS\msfwdrv.sys [91200 2007-11-27] (Microsoft Corporation)
1 MSFWHLPR; C:\Windows\System32\DRIVERS\msfwhlpr.sys [37440 2007-11-27] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
4 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-09 10:46 - 2012-08-09 10:46 - 00137904 ____A C:\Windows\Minidump\Mini080912-01.dmp
2012-08-09 10:28 - 2012-08-09 10:28 - 00302592 ____A C:\Users\Trajah\Downloads\xgk8n6x7.exe
2012-08-09 10:15 - 2012-08-09 10:15 - 00004123 ____A C:\Users\Trajah\Downloads\gmer.zip.part
2012-08-09 10:15 - 2012-08-09 10:15 - 00000000 ____A C:\Users\Trajah\Downloads\gmer.zip
2012-08-09 10:12 - 2012-08-09 10:12 - 00000000 ____A C:\Users\Trajah\Downloads\0jti88in.exe
2012-08-09 10:08 - 2012-08-09 10:12 - 00004151 ____A C:\Users\Trajah\Downloads\0jti88in.exe.part
2012-08-09 10:05 - 2012-08-09 12:16 - 00078848 ____A C:\Windows\KMSEmulator.exe
2012-08-09 09:45 - 2012-08-09 09:45 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-09 09:45 - 2012-08-09 09:45 - 00000000 ____D C:\Users\Trajah\AppData\Roaming\Malwarebytes
2012-08-09 09:45 - 2012-08-09 09:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-09 09:45 - 2012-08-09 09:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-09 09:45 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-09 09:43 - 2012-08-09 09:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Trajah\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-06 05:07 - 2012-08-06 05:07 - 00170306 ____A C:\Users\Internet\Desktop\Memo.m4a
2012-08-06 03:59 - 2012-08-06 03:59 - 00105822 ____A C:\Users\Internet\Downloads\1FA6.tmp
2012-08-05 09:35 - 2012-08-05 09:35 - 02004937 ____A C:\Users\Internet\Downloads\Real Estate Salespersons.csv
2012-08-04 15:56 - 2012-08-09 10:46 - 608355591 ____A C:\Windows\MEMORY.DMP
2012-08-04 15:56 - 2012-08-04 15:56 - 00137904 ____A C:\Windows\Minidump\Mini080412-01.dmp
2012-08-04 15:52 - 2012-08-04 15:52 - 00080286 ____A C:\Users\Internet\Downloads\podcasts-xml.php
2012-07-29 15:45 - 2012-07-29 15:55 - 00000000 ____D C:\Users\Trajah\Desktop\Red Tails (2012) [1080p]
2012-07-29 09:56 - 2012-07-29 09:56 - 00064512 ____A C:\Users\Internet\Downloads\Wedding Guest List.xls
2012-07-29 09:55 - 2012-07-29 09:55 - 00000971 ____A C:\Users\Internet\Downloads\Wedding Guest List.download
2012-07-28 16:21 - 2012-07-28 16:21 - 00000000 ____D C:\Users\Trajah\AppData\Roaming\Media Player Classic
2012-07-28 15:34 - 2012-07-28 15:35 - 00000000 ____D C:\Users\Trajah\Desktop\Batman Begins (2005) 720p BRrip scOrp {~dude7001~}
2012-07-28 07:39 - 2012-07-28 09:53 - 00276016 ____A C:\Users\Trajah\Desktop\exam.SF
2012-07-27 06:14 - 2012-07-27 06:17 - 00000000 ____D C:\Users\Trajah\Desktop\Rick Ross - God Forgives, I Don't (Deluxe Version) [Album - 2012]
2012-07-23 17:54 - 2012-07-24 07:00 - 00000000 ____D C:\Users\Internet\Desktop\Renatus Group
2012-07-23 17:52 - 2012-07-23 17:52 - 00000000 ____D C:\Users\Internet\Desktop\Past Work
2012-07-23 15:20 - 2012-07-27 16:34 - 00000000 ____D C:\Users\Trajah\Desktop\Argus Study
2012-07-23 15:19 - 2012-07-29 13:43 - 00000000 ____D C:\Users\Internet\Desktop\PLA COURSE
2012-07-23 06:08 - 2012-07-23 06:08 - 00102748 ____A C:\Users\Trajah\Desktop\aa.SF
2012-07-22 17:57 - 2012-07-26 16:52 - 00301556 ____A C:\Users\Trajah\Desktop\CCP.SF
2012-07-22 16:39 - 2012-07-22 17:20 - 00287980 ____A C:\Users\Trajah\Desktop\Cypress.SF
2012-07-22 10:51 - 2012-07-22 11:35 - 00319748 ____A C:\Users\Trajah\Desktop\New ET.SF
2012-07-22 10:11 - 2012-07-22 10:51 - 00180892 ____A C:\Users\Trajah\Desktop\NewTT.SF
2012-07-19 12:22 - 2012-07-19 12:25 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Avery
2012-07-19 12:18 - 2012-07-19 12:19 - 96643496 ____A (Avery Dennison Corporation) C:\Users\Internet\Downloads\Avery Wizard 4.01 - US 20111209.exe
2012-07-18 03:36 - 2012-07-18 03:36 - 00111616 ____A C:\Users\Internet\Downloads\Records.ppt
2012-07-16 13:44 - 2012-07-16 13:44 - 00018326 ____H C:\Users\Internet\Desktop\~WRL0005.tmp
2012-07-14 23:09 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-14 23:04 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-14 23:04 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-14 23:04 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-14 23:04 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-14 23:04 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-14 23:04 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-14 23:04 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-14 23:04 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-14 23:04 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-14 23:04 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-14 23:04 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-14 23:04 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-14 23:04 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-14 23:04 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-13 05:48 - 2012-07-13 05:49 - 00000000 ____D C:\Users\Trajah\Desktop\Great Writing,Grammar, Words, Phrases, Sentences, and Paragraphs (Books Pack)-Mantesh
2012-07-11 13:42 - 2012-07-11 14:34 - 00009640 ____A C:\Users\Trajah\Desktop\new.xlsx
2012-07-11 06:50 - 2012-07-11 06:50 - 00000258 ____H C:\Users\All Users\tmaster8.net
2012-07-11 02:01 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 01:59 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 01:59 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 01:59 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 01:59 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 01:59 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

============ 3 Months Modified Files ========================

2012-08-10 11:23 - 2011-08-26 05:25 - 00000202 ____A C:\Windows\Tasks\AutoKMSDaily.job
2012-08-10 11:23 - 2011-08-26 05:25 - 00000202 ____A C:\Windows\Tasks\AutoKMS.job
2012-08-10 11:23 - 2011-06-16 10:38 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-10 11:23 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-10 11:23 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-10 11:23 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 12:16 - 2012-08-09 10:05 - 00078848 ____A C:\Windows\KMSEmulator.exe
2012-08-09 12:16 - 2011-08-26 05:58 - 00148964 ____A C:\Windows\AutoKMS.log
2012-08-09 10:46 - 2012-08-09 10:46 - 00137904 ____A C:\Windows\Minidump\Mini080912-01.dmp
2012-08-09 10:46 - 2012-08-04 15:56 - 608355591 ____A C:\Windows\MEMORY.DMP
2012-08-09 10:40 - 2008-12-30 11:19 - 01239524 ____A C:\Windows\WindowsUpdate.log
2012-08-09 10:36 - 2012-04-03 04:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-09 10:28 - 2012-08-09 10:28 - 00302592 ____A C:\Users\Trajah\Downloads\xgk8n6x7.exe
2012-08-09 10:15 - 2012-08-09 10:15 - 00004123 ____A C:\Users\Trajah\Downloads\gmer.zip.part
2012-08-09 10:15 - 2012-08-09 10:15 - 00000000 ____A C:\Users\Trajah\Downloads\gmer.zip
2012-08-09 10:15 - 2006-11-02 02:22 - 71041024 ____A C:\Windows\System32\config\software_previous
2012-08-09 10:15 - 2006-11-02 02:22 - 23330816 ____A C:\Windows\System32\config\system_previous
2012-08-09 10:13 - 2011-06-16 10:38 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-09 10:12 - 2012-08-09 10:12 - 00000000 ____A C:\Users\Trajah\Downloads\0jti88in.exe
2012-08-09 10:12 - 2012-08-09 10:08 - 00004151 ____A C:\Users\Trajah\Downloads\0jti88in.exe.part
2012-08-09 10:12 - 2006-11-02 02:22 - 39845888 ____A C:\Windows\System32\config\components_previous
2012-08-09 10:12 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-09 10:04 - 2009-07-08 10:34 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-397854201-2408880714-3180994744-1000UA.job
2012-08-09 10:01 - 2008-01-20 18:47 - 00043202 ____A C:\Windows\PFRO.log
2012-08-09 10:00 - 2006-11-02 05:01 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-09 09:53 - 2010-04-22 06:27 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-397854201-2408880714-3180994744-1001UA.job
2012-08-09 09:46 - 2009-10-06 18:17 - 00002047 ____A C:\Users\Trajah\Desktop\Google Chrome.lnk
2012-08-09 09:45 - 2012-08-09 09:45 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-09 09:43 - 2012-08-09 09:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Trajah\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-08 07:35 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2012-08-08 07:30 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-06 18:54 - 2010-04-22 06:27 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-397854201-2408880714-3180994744-1001Core.job
2012-08-06 13:57 - 2011-06-22 06:26 - 00002057 ____A C:\Users\Internet\Desktop\Google Chrome.lnk
2012-08-06 05:07 - 2012-08-06 05:07 - 00170306 ____A C:\Users\Internet\Desktop\Memo.m4a
2012-08-06 04:04 - 2009-07-08 10:34 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-397854201-2408880714-3180994744-1000Core.job
2012-08-06 03:59 - 2012-08-06 03:59 - 00105822 ____A C:\Users\Internet\Downloads\1FA6.tmp
2012-08-05 09:35 - 2012-08-05 09:35 - 02004937 ____A C:\Users\Internet\Downloads\Real Estate Salespersons.csv
2012-08-04 15:56 - 2012-08-04 15:56 - 00137904 ____A C:\Windows\Minidump\Mini080412-01.dmp
2012-08-04 15:52 - 2012-08-04 15:52 - 00080286 ____A C:\Users\Internet\Downloads\podcasts-xml.php
2012-08-03 15:51 - 2010-04-24 19:11 - 00107520 ____A C:\Users\Internet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-29 09:56 - 2012-07-29 09:56 - 00064512 ____A C:\Users\Internet\Downloads\Wedding Guest List.xls
2012-07-29 09:55 - 2012-07-29 09:55 - 00000971 ____A C:\Users\Internet\Downloads\Wedding Guest List.download
2012-07-28 14:55 - 2009-01-03 00:20 - 00062976 ____A C:\Users\Trajah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-28 09:53 - 2012-07-28 07:39 - 00276016 ____A C:\Users\Trajah\Desktop\exam.SF
2012-07-26 16:52 - 2012-07-22 17:57 - 00301556 ____A C:\Users\Trajah\Desktop\CCP.SF
2012-07-23 06:08 - 2012-07-23 06:08 - 00102748 ____A C:\Users\Trajah\Desktop\aa.SF
2012-07-22 17:20 - 2012-07-22 16:39 - 00287980 ____A C:\Users\Trajah\Desktop\Cypress.SF
2012-07-22 11:35 - 2012-07-22 10:51 - 00319748 ____A C:\Users\Trajah\Desktop\New ET.SF
2012-07-22 10:51 - 2012-07-22 10:11 - 00180892 ____A C:\Users\Trajah\Desktop\NewTT.SF
2012-07-19 12:19 - 2012-07-19 12:18 - 96643496 ____A (Avery Dennison Corporation) C:\Users\Internet\Downloads\Avery Wizard 4.01 - US 20111209.exe
2012-07-18 03:36 - 2012-07-18 03:36 - 00111616 ____A C:\Users\Internet\Downloads\Records.ppt
2012-07-16 13:44 - 2012-07-16 13:44 - 00018326 ____H C:\Users\Internet\Desktop\~WRL0005.tmp
2012-07-14 23:31 - 2006-11-02 04:47 - 02414320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-14 23:05 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 14:34 - 2012-07-11 13:42 - 00009640 ____A C:\Users\Trajah\Desktop\new.xlsx
2012-07-11 06:50 - 2012-07-11 06:50 - 00000258 ____H C:\Users\All Users\tmaster8.net
2012-07-07 16:19 - 2012-07-07 16:19 - 01607680 ____A C:\Users\Internet\Downloads\14e_Excel.xls
2012-07-07 16:18 - 2012-07-07 16:18 - 01230348 ____A C:\Users\Internet\Downloads\Argus_Data_Files.zip
2012-07-07 14:59 - 2012-07-07 14:59 - 00233984 ____A C:\Users\Internet\Downloads\Partnerships.xls
2012-07-07 07:27 - 2006-11-02 02:33 - 00707392 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-03 11:51 - 2012-07-02 16:50 - 00941400 ____A C:\Users\Trajah\Desktop\ACV Approach #1.SF
2012-07-03 09:46 - 2012-08-09 09:45 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 09:04 - 2012-07-03 08:47 - 00679328 ____A C:\Users\Trajah\Desktop\Acorn Corner Approach #2.SF
2012-07-03 08:26 - 2012-07-03 07:14 - 00010824 ____A C:\Users\Trajah\Desktop\Argus Review.xlsx
2012-07-02 15:00 - 2012-07-02 12:35 - 00647580 ____A C:\Users\Trajah\Desktop\ACIV.SF
2012-07-02 11:58 - 2012-07-02 11:11 - 01104232 ____A C:\Users\Trajah\Desktop\ACIII.SF
2012-07-02 10:11 - 2012-07-02 10:11 - 00000885 ____A C:\Users\Public\Desktop\TypingMaster Pro.lnk
2012-07-02 09:36 - 2012-07-02 09:37 - 01497168 ____A C:\Users\Trajah\Desktop\AC2- correct.SF
2012-07-02 09:36 - 2012-07-02 09:36 - 01497168 ____A C:\Users\Trajah\Downloads\AC2.SF
2012-07-02 09:36 - 2012-07-02 09:36 - 01497168 ____A C:\Users\Trajah\Downloads\AC2 (2).SF
2012-07-02 09:36 - 2012-07-02 09:36 - 01497168 ____A C:\Users\Trajah\Downloads\AC2 (1).SF
2012-07-02 09:35 - 2012-07-02 09:35 - 00005197 ____A C:\Users\Trajah\Downloads\Kathryn Foley.vcf
2012-07-02 06:53 - 2012-07-02 06:53 - 00001616 ____A C:\Users\Trajah\Desktop\Common Workbook.aep
2012-06-30 10:15 - 2012-06-30 10:15 - 00024312 ____A C:\Users\Trajah\Downloads\Real- Estate Research.xlsx
2012-06-29 06:16 - 2012-06-29 06:16 - 01044376 ____A C:\Users\Trajah\Downloads\williams-trace.sf
2012-06-29 06:16 - 2012-06-29 06:16 - 00646756 ____A C:\Users\Trajah\Downloads\westgate-shopping-center-2008.sf
2012-06-29 06:15 - 2012-06-29 06:15 - 00640408 ____A C:\Users\Trajah\Downloads\cherry-creek-place.sf
2012-06-24 14:15 - 2012-06-24 14:15 - 00002844 ____A C:\Users\Internet\Downloads\Tony_Buzan_-_The_Photo-Reading_Whole_Mind_System_[Speed-Reading_.4854337.TPB.torrent
2012-06-24 14:13 - 2012-06-24 14:13 - 00001671 ____A C:\Users\Internet\Downloads\Tony_Buzan_-_Use_Your_Head.4562254.TPB.torrent
2012-06-24 14:13 - 2012-06-24 14:13 - 00001671 ____A C:\Users\Internet\Downloads\Tony_Buzan_-_Use_Your_Head.4562254.TPB (1).torrent
2012-06-24 14:06 - 2010-04-20 07:06 - 00135816 ____A C:\Users\Internet\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-24 12:17 - 2012-06-24 12:17 - 00277912 ____A C:\Users\Trajah\Downloads\MMP.SF
2012-06-24 11:16 - 2012-06-24 11:16 - 00102752 ____A C:\Users\Trajah\Desktop\temp2.SF
2012-06-22 17:29 - 2008-12-30 11:22 - 00135816 ____A C:\Users\Trajah\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-22 17:23 - 2012-03-07 06:47 - 00000111 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-06-22 17:00 - 2011-09-14 15:24 - 00000928 ____A C:\Users\Internet\Desktop\Dropbox.lnk
2012-06-22 07:30 - 2012-06-22 07:30 - 00001403 ____A C:\Users\Internet\Downloads\Memorial Park Plaza.download
2012-06-14 10:07 - 2012-06-14 10:07 - 00014251 ____A C:\Users\Internet\Documents\Book1.xlsx
2012-06-14 09:16 - 2012-06-14 09:16 - 01259520 ____A C:\Users\Internet\Downloads\chap11.ppt
2012-06-13 13:27 - 2012-06-13 13:27 - 00000881 ____A C:\Users\Public\Desktop\ClickFORMS.lnk
2012-06-13 13:27 - 2012-06-13 13:27 - 00000067 ____A C:\Windows\iltwain.ini
2012-06-13 13:22 - 2012-06-13 13:20 - 55750568 ____A C:\Users\Internet\Downloads\Install_ClickFORMS769.exe
2012-06-13 05:40 - 2012-07-14 23:09 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 13:07 - 2012-06-08 13:07 - 00000165 ___AH C:\Users\Internet\Desktop\~$refi.xlsx
2012-06-08 09:47 - 2012-07-11 02:01 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-11 01:59 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-11 01:59 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-11 01:59 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-22 17:05 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 17:05 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 17:05 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 17:04 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 17:04 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-22 17:05 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 17:04 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-22 17:03 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-22 17:03 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-14 23:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-14 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-14 23:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-14 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-14 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-14 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-14 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-14 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-14 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-14 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-14 23:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-14 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-14 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-14 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-11 01:59 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-11 01:59 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-23 18:23 - 2011-11-26 15:11 - 00000752 ____A C:\Users\Public\Desktop\µTorrent.lnk

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 2938.31 MB
Available physical RAM: 2455.14 MB
Total Pagefile: 2710.88 MB
Available Pagefile: 2545.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.31 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:140.16 GB) (Free:38.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:8.89 GB) (Free:0.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (USB20FD) (Removable) (Total:0.24 GB) (Free:0.08 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 245 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 9 GB 1024 KB
Partition 2 Primary 140 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 9 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 140 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 245 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F USB20FD FAT Removable 245 MB Healthy

==================================================================================

Last Boot: 2012-08-09 10:43

======================= End Of Log ==========================

**tbux** · August 10th, 2012, 03:55 PM

dupe

**Broni** · August 10th, 2012, 04:47 PM

I don't see much there but let's see what will happen....

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and let me know how things are.

Thread: [Inactive] Victim of Phishing

Thread Tools

Search Thread

Display

[Inactive] Victim of Phishing

Thread Information

Users Browsing this Thread

Posting Permissions