Reply to thread

Message: <blockquote data-quote="shanks0510" data-source="post: 126301" data-attributes="member: 9429">need help getting rid of virus using farbar here is my recent scanScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02Ran by Administrator (administrator) on 27-06-2013 17:38:56Running from G:\Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Safe Mode (minimal)==================== Processes (Whitelisted) ===================(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation)HKLM\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation)HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.)HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)HKLM\...\Run: []  [x]HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exeHKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x]HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x]HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION!Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnkShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe ()Startup: C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnkShortcutTarget: Registry Defender Platinum.lnk -> C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (No File)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm133YYus&ptnrS=YKxdm133YYus&ptb=EFE1E13C-2FEB-4A29-ACD9-C2824D8FDE2D&psa=&ind=2012101415&st=sb&n=77ee3b27&searchfor={searchTerms}SearchScopes: HKCU - DefaultScope value is missing.BHO: Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM - Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)Toolbar: HKLM - Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)========================== Services (Whitelisted) =================S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation)S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]==================== Drivers (Whitelisted) ====================S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications)S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation)S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation                           )S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)S4 Abiosdsk; No ImagePathS4 Atdisk; No ImagePathS3 bvrp_pci; No ImagePathS3 CA561; System32\Drivers\SPCA561.SYS [x]S1 Changer; No ImagePathS1 lbrtfdc; No ImagePathS1 PCIDump; No ImagePathS3 PDCOMP; No ImagePathS3 PDFRAME; No ImagePathS3 PDRELI; No ImagePathS3 PDRFRAME; No ImagePathS4 Simbad; No ImagePathS3 wanatw; system32\DRIVERS\wanatw4.sys [x]S3 WDICA; No ImagePath==================== NetSvcs (Whitelisted) ===================NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)==================== One Month Created Files and Folders ========2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC2013-06-26 17:19 - 2013-06-27 17:38 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini2013-06-26 17:19 - 2013-06-27 12:52 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun2013-06-26 17:19 - 2005-08-16 19:52 - 00000136 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.52013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.52013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll==================== One Month Modified Files and Folders ========2013-06-27 17:38 - 2013-06-26 17:19 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini2013-06-27 17:38 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini2013-06-27 17:32 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt2013-06-27 17:32 - 2005-08-16 03:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-27 17:31 - 2012-12-09 15:13 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-06-27 17:31 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini2013-06-27 17:31 - 2009-11-11 15:25 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini2013-06-27 17:31 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini2013-06-27 17:31 - 2005-08-16 03:40 - 01641136 ____A C:\Windows\WindowsUpdate.log2013-06-27 17:31 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration2013-06-27 17:31 - 2005-08-16 03:35 - 00000216 ____A C:\Windows\wiadebug.log2013-06-27 17:31 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log2013-06-27 17:24 - 2012-01-11 10:24 - 00000234 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job2013-06-27 16:34 - 2012-12-09 15:13 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-06-27 16:30 - 2012-08-29 19:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-27 16:19 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl2013-06-27 12:52 - 2013-06-26 17:19 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.52013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.52013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect2013-06-08 11:28 - 2012-03-13 16:08 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Conduit2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== End Of Log ============================</blockquote>

Verification

Top