Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Department of Justice Virus - Help plz
Message
<blockquote data-quote="ionizer" data-source="post: 144328" data-attributes="member: 14933"><p>I have run the OTL log and will wait for next steps.</p><p></p><p>OTL logfile created on: 11/15/2013 8:45:21 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sjacobs\Downloads</p><p>64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>23.98 Gb Total Physical Memory | 22.07 Gb Available Physical Memory | 92.03% Memory free</p><p>47.97 Gb Paging File | 46.06 Gb Available in Paging File | 96.04% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 1862.91 Gb Total Space | 1411.78 Gb Free Space | 75.78% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: W7-SJACOBS1 | User Name: sjacobs | NOT logged in as Administrator.</p><p>Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\sjacobs\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)</p><p>PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)</p><p>PRC - C:\ProgramData\WebEx\WebEx\319\atnthost.exe (Cisco WebEx LLC)</p><p>PRC - C:\ProgramData\WebEx\WebEx\319\raagtapp.exe (Cisco WebEx LLC)</p><p>PRC - C:\ProgramData\WebEx\WebEx\319\agtmon.exe (Cisco WebEx LLC)</p><p>PRC - C:\ProgramData\WebEx\WebEx\319\rapanel.exe (Cisco WebEx LLC)</p><p>PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)</p><p>PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()</p><p>MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()</p><p>MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()</p><p>MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)</p><p>SRV:<strong>64bit:</strong> - (VI.VIMS.Services.QueryRetrieve.RetrieveServiceManager) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.QueryRetrieve.RetrieveServiceManager.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.VIMS.Services.AutoDelete) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.AutoDelete.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.VIMS.Services.DicomPrintSCU.ServiceManager) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.DicomPrintSCU.ServiceManager.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.VIMS.Services.Agent.MonitorAgentManager.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.Agent.MonitorAgentManager.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.VIMS.Services.QRSCP.Service.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.QRSCP.Service.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.VIMS.Services.StoreSCU.ServiceManager) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.StoreSCU.ServiceManager.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.StorageCommitment) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.StorageCommitment_Release_Win32.exe ()</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.Rcv3DProcessor_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.Rcv3DProcessor_Release_Win32.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.ThumbnailCreator_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.ThumbnailCreator_Release_Win32.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.DICOMFileCopier_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.DICOMFileCopier_Release_Win32.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.FileCleanup_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.FileCleanup_Release_Win32.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.RcvAssocPublisher_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.RcvAssocPublisher_Release_Win32.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.PostProcessing) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.PostProcessing_Release_Win32.exe ()</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.SnapshotExtractor_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.SnapshotExtractor_Release_Win32.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (VI.Enterprise.Servers.Acceptor_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.Acceptor_Release_Win32.exe (Vital Images Inc.)</p><p>SRV:<strong>64bit:</strong> - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (VitreaLicense) -- C:\Program Files\Vital Images\3rdParty\Tomcat7\bin\tomcat7.exe (Apache Software Foundation)</p><p>SRV:<strong>64bit:</strong> - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (WMSVC) -- C:\Windows\SysNative\inetsrv\WMSvc.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)</p><p>SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft Corporation)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)</p><p>SRV - (atnthost) -- C:\ProgramData\WebEx\WebEx\319\atnthost.exe (Cisco WebEx LLC)</p><p>SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)</p><p>SRV - (ciscod.exe) -- C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe (Cisco Systems, Inc.)</p><p>SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()</p><p>SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</p><p>SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)</p><p>SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)</p><p>SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)</p><p>SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)</p><p>SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)</p><p>SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)</p><p>SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)</p><p>SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)</p><p>SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)</p><p>SRV - (MySQL) -- C:\Program Files (x86)\ViTAL Images\3rdParty\Install\MySQL\bin\mysqld-nt.exe ()</p><p>SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (InputDirector) -- C:\Program Files (x86)\Input Director\IDWinService.exe ()</p><p>SRV - (CcmExec) -- C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)</p><p>SRV - (smstsmgr) -- C:\Windows\SysWOW64\CCM\TSManager.exe (Microsoft Corporation)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (IDVistaService) -- C:\Program Files (x86)\Input Director\IDVistaService.exe ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64-6.sys (Cisco Systems, Inc.)</p><p>DRV:<strong>64bit:</strong> - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)</p><p>DRV:<strong>64bit:</strong> - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)</p><p>DRV:<strong>64bit:</strong> - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)</p><p>DRV:<strong>64bit:</strong> - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (megasas2) -- C:\Windows\SysNative\drivers\megasas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation)</p><p>DRV:<strong>64bit:</strong> - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation)</p><p>DRV:<strong>64bit:</strong> - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)</p><p>DRV:<strong>64bit:</strong> - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)</p><p>DRV:<strong>64bit:</strong> - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)</p><p>DRV:<strong>64bit:</strong> - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)</p><p>DRV:<strong>64bit:</strong> - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (RsFx0153) -- C:\Windows\SysNative\drivers\RsFx0153.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)</p><p>DRV:<strong>64bit:</strong> - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)</p><p>DRV:<strong>64bit:</strong> - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)</p><p>DRV:<strong>64bit:</strong> - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()</p><p>DRV:<strong>64bit:</strong> - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)</p><p>DRV:<strong>64bit:</strong> - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:<strong>64bit:</strong> - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)</p><p>DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131114.025\ex64.sys (Symantec Corporation)</p><p>DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131114.025\eng64.sys (Symantec Corporation)</p><p>DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)</p><p>DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)</p><p>DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)</p><p>DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)</p><p>DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)</p><p>DRV - (prepdrvr) -- C:\Windows\SysWOW64\CCM\PrepDrv.sys (Microsoft Corporation)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {009D70C8-3303-43D2-94C3-63520221BBDD}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{009D70C8-3303-43D2-94C3-63520221BBDD}: "URL" = http://www.google.com/search?q={searchTerms}</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {F06E480A-A81E-4233-9EA9-F7DCA39D4913}</p><p>IE - HKLM\..\SearchScopes\{F06E480A-A81E-4233-9EA9-F7DCA39D4913}: "URL" = http://www.google.com/search?q={searchTerms}</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vitalimages.com</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vitalimages.com/</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {F06E480A-A81E-4233-9EA9-F7DCA39D4913}</p><p>IE - HKCU\..\SearchScopes\{F06E480A-A81E-4233-9EA9-F7DCA39D4913}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p> </p><p>[2012/09/28 21:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />mniboxStartMarginParameter}ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" />ageClassification}sugkey={google:suggestAPIKeyParameter},</p><p>CHR - homepage: http://www.google.com/</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll</p><p>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll</p><p>CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll</p><p>CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll</p><p>CHR - Extension: YouTube = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\</p><p>CHR - Extension: Google Search = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\</p><p>CHR - Extension: Wajam = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\</p><p>CHR - Extension: Google Wallet = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\</p><p>CHR - Extension: Google Wallet = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\</p><p>CHR - Extension: Gmail = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p> </p><p>O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O2:<strong>64bit:</strong> - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)</p><p>O2:<strong>64bit:</strong> - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)</p><p>O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)</p><p>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)</p><p>O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)</p><p>O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)</p><p>O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [InputDirector] C:\Program Files (x86)\Input Director\InputDirector.exe ()</p><p>O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found</p><p>O4 - HKLM..\Run: [Raagtx] C:\ProgramData\WebEx\webex\319\raagtx.exe File not found</p><p>O4 - HKCU..\Run: [] File not found</p><p>O4 - HKCU..\Run: [DirexcX] C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Templates\DircxtX.exe (Корпорация Майкрософт)</p><p>O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)</p><p>O13<strong>64bit:</strong> - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O15:<strong>64bit:</strong> - ..Trusted Domains: home ([]http in Local intranet)</p><p>O15:<strong>64bit:</strong> - ..Trusted Domains: vitalimages.com ([]file in Local intranet)</p><p>O15:<strong>64bit:</strong> - ..Trusted Domains: vitalimages.com ([adfs] https in Local intranet)</p><p>O15:<strong>64bit:</strong> - ..Trusted Domains: vitalimages.com ([home] * in Local intranet)</p><p>O15:<strong>64bit:</strong> - ..Trusted Domains: vitalimages.com ([home] http in Local intranet)</p><p>O15:<strong>64bit:</strong> - ..Trusted Domains: vitalimages.com ([vpn1] https in Trusted sites)</p><p>O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://vitalnet.vitalimages.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)</p><p>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/smt/ieatgpc1.cab (GpcContainer Class)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vitalimages.com</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCF2BA52-D702-4C9C-9BA1-089208C065B6}: DhcpNameServer = 192.168.0.1</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\ms-help - No CLSID value found</p><p>O20:<strong>64bit:</strong> - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found</p><p>O20:<strong>64bit:</strong> - AppInit_DLLs: (actuser.dll) - C:\Windows\SysNative\actuser.dll (Cisco Systems, Inc.)</p><p>O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found</p><p>O20 - AppInit_DLLs: (actuser.dll) - C:\Windows\SysWow64\actuser.dll (Cisco Systems, Inc.)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O31 - SafeBoot: AlternateShell - C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Templates\DircxtX.exe</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O33 - MountPoints2\{3060bd77-936c-11e2-ae72-78acc03e10b6}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{3060bd77-936c-11e2-ae72-78acc03e10b6}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe</p><p>O33 - MountPoints2\{c468d6ac-4f65-11e2-a357-78acc03e10b6}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{c468d6ac-4f65-11e2-a357-78acc03e10b6}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/11/15 19:58:11 | 000,000,000 | ---D | C] -- C:\FRST</p><p>[2013/11/15 18:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>[2013/11/15 18:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2013/11/15 18:06:18 | 010,264,904 | ---- | C] (SurfRight B.V.) -- C:\Users\sjacobs\Desktop\HitmanPro_x64.exe</p><p>[2013/11/15 18:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2013/11/15 18:05:19 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\.android</p><p>[2013/11/15 18:05:18 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\cache</p><p>[2013/11/15 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\Documents\Mobogenie</p><p>[2013/11/15 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\Mobogenie</p><p>[2013/11/15 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\SearchProtect</p><p>[2013/11/15 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam</p><p>[2013/11/15 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\Wajam</p><p>[2013/11/15 18:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie</p><p>[2013/11/15 17:40:24 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sjacobs\Desktop\mbam-setup-1.75.0.1300.exe</p><p>[2013/11/15 14:25:00 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Roaming\Malwarebytes</p><p>[2013/11/15 14:24:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2013/11/15 14:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/11/15 14:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>[2013/11/15 14:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2013/11/15 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\Programs</p><p>[2013/11/15 12:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger</p><p>[2013/11/14 18:11:49 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter</p><p>[2013/11/14 18:11:48 | 000,000,000 | ---D | C] -- C:\sh4ldr</p><p>[2013/11/14 18:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group</p><p>[2013/11/14 18:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard</p><p>[2013/11/14 18:07:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump</p><p>[2013/11/08 10:29:02 | 000,000,000 | ---D | C] -- C:\2013B</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/11/15 19:52:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/11/15 19:52:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/11/15 19:52:12 | 906,265,345 | ---- | M] () -- C:\Windows\MEMORY.DMP</p><p>[2013/11/15 19:52:09 | 2134,286,332 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/11/15 18:09:30 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/11/15 18:08:40 | 010,264,904 | ---- | M] (SurfRight B.V.) -- C:\Users\sjacobs\Desktop\HitmanPro_x64.exe</p><p>[2013/11/15 18:04:43 | 006,133,701 | ---- | M] () -- C:\Users\sjacobs\Desktop\HitmanPro.zip</p><p>[2013/11/15 17:41:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/11/15 17:40:24 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\sjacobs\Desktop\mbam-setup-1.75.0.1300.exe</p><p>[2013/11/15 14:06:54 | 000,973,808 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</p><p>[2013/11/15 14:06:54 | 000,798,820 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</p><p>[2013/11/15 14:06:54 | 000,171,786 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</p><p>[2013/11/15 14:03:11 | 000,000,509 | ---- | M] () -- C:\Windows\SMSCFG.INI</p><p>[2013/11/15 14:01:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/11/15 12:22:06 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/11/15 12:22:06 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/11/15 12:21:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/11/14 18:11:49 | 000,002,262 | ---- | M] () -- C:\Users\sjacobs\Desktop\SpyHunter.lnk</p><p>[2013/10/17 22:23:19 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/11/15 18:09:30 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/11/15 18:04:19 | 006,133,701 | ---- | C] () -- C:\Users\sjacobs\Desktop\HitmanPro.zip</p><p>[2013/11/15 14:24:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/11/14 18:11:50 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys</p><p>[2013/11/14 18:11:49 | 000,002,262 | ---- | C] () -- C:\Users\sjacobs\Desktop\SpyHunter.lnk</p><p>[2013/11/14 18:07:09 | 906,265,345 | ---- | C] () -- C:\Windows\MEMORY.DMP</p><p>[2013/06/21 10:14:55 | 000,000,189 | ---- | C] () -- C:\Windows\ODBCINST.INI</p><p>[2013/04/11 14:45:05 | 000,000,347 | ---- | C] () -- C:\Windows\my.ini</p><p>[2012/11/02 12:39:53 | 000,023,944 | RHS- | C] () -- C:\Users\sjacobs\ntuser.pol</p><p>[2012/10/31 17:08:41 | 000,001,614 | RHS- | C] () -- C:\ProgramData\ntuser.pol</p><p>[2012/10/31 15:38:25 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini</p><p>[2012/03/02 17:07:37 | 000,967,532 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</p><p>[2012/03/02 17:06:04 | 000,000,509 | ---- | C] () -- C:\Windows\SMSCFG.INI</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/07/02 15:05:29 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\DassaultSystemes</p><p>[2012/12/27 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\HTC</p><p>[2012/12/27 09:07:53 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\HTC Sync</p><p>[2012/11/07 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Notepad++</p><p>[2012/11/12 11:14:26 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Scooter Software</p><p>[2012/11/12 11:01:06 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Subversion</p><p>[2012/11/05 14:14:15 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Vital Images</p><p>[2013/11/08 12:29:54 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Webex</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="ionizer, post: 144328, member: 14933"] I have run the OTL log and will wait for next steps. OTL logfile created on: 11/15/2013 8:45:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sjacobs\Downloads 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 23.98 Gb Total Physical Memory | 22.07 Gb Available Physical Memory | 92.03% Memory free 47.97 Gb Paging File | 46.06 Gb Available in Paging File | 96.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862.91 Gb Total Space | 1411.78 Gb Free Space | 75.78% Space Free | Partition Type: NTFS Computer Name: W7-SJACOBS1 | User Name: sjacobs | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\sjacobs\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC) PRC - C:\ProgramData\WebEx\WebEx\319\atnthost.exe (Cisco WebEx LLC) PRC - C:\ProgramData\WebEx\WebEx\319\raagtapp.exe (Cisco WebEx LLC) PRC - C:\ProgramData\WebEx\WebEx\319\agtmon.exe (Cisco WebEx LLC) PRC - C:\ProgramData\WebEx\WebEx\319\rapanel.exe (Cisco WebEx LLC) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) SRV:[b]64bit:[/b] - (VI.VIMS.Services.QueryRetrieve.RetrieveServiceManager) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.QueryRetrieve.RetrieveServiceManager.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.VIMS.Services.AutoDelete) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.AutoDelete.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.VIMS.Services.DicomPrintSCU.ServiceManager) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.DicomPrintSCU.ServiceManager.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.VIMS.Services.Agent.MonitorAgentManager.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.Agent.MonitorAgentManager.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.VIMS.Services.QRSCP.Service.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.QRSCP.Service.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.VIMS.Services.StoreSCU.ServiceManager) -- C:\Program Files\Vital Images\Vims\Bin\VI.VIMS.Services.StoreSCU.ServiceManager.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.StorageCommitment) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.StorageCommitment_Release_Win32.exe () SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.Rcv3DProcessor_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.Rcv3DProcessor_Release_Win32.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.ThumbnailCreator_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.ThumbnailCreator_Release_Win32.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.DICOMFileCopier_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.DICOMFileCopier_Release_Win32.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.FileCleanup_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.FileCleanup_Release_Win32.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.RcvAssocPublisher_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.RcvAssocPublisher_Release_Win32.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.PostProcessing) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.PostProcessing_Release_Win32.exe () SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.SnapshotExtractor_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.SnapshotExtractor_Release_Win32.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (VI.Enterprise.Servers.Acceptor_Release_Win32.exe) -- C:\Program Files\Vital Images\Vims\Bin\VI.Enterprise.Servers.Acceptor_Release_Win32.exe (Vital Images Inc.) SRV:[b]64bit:[/b] - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (VitreaLicense) -- C:\Program Files\Vital Images\3rdParty\Tomcat7\bin\tomcat7.exe (Apache Software Foundation) SRV:[b]64bit:[/b] - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (WMSVC) -- C:\Windows\SysNative\inetsrv\WMSvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC) SRV - (atnthost) -- C:\ProgramData\WebEx\WebEx\319\atnthost.exe (Cisco WebEx LLC) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (ciscod.exe) -- C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe (Cisco Systems, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (MySQL) -- C:\Program Files (x86)\ViTAL Images\3rdParty\Install\MySQL\bin\mysqld-nt.exe () SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (InputDirector) -- C:\Program Files (x86)\Input Director\IDWinService.exe () SRV - (CcmExec) -- C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation) SRV - (smstsmgr) -- C:\Windows\SysWOW64\CCM\TSManager.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IDVistaService) -- C:\Program Files (x86)\Input Director\IDVistaService.exe () [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64-6.sys (Cisco Systems, Inc.) DRV:[b]64bit:[/b] - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:[b]64bit:[/b] - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (megasas2) -- C:\Windows\SysNative\drivers\megasas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:[b]64bit:[/b] - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:[b]64bit:[/b] - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RsFx0153) -- C:\Windows\SysNative\drivers\RsFx0153.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys () DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:[b]64bit:[/b] - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:[b]64bit:[/b] - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131114.025\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131114.025\eng64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) DRV - (prepdrvr) -- C:\Windows\SysWOW64\CCM\PrepDrv.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {009D70C8-3303-43D2-94C3-63520221BBDD} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{009D70C8-3303-43D2-94C3-63520221BBDD}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {F06E480A-A81E-4233-9EA9-F7DCA39D4913} IE - HKLM\..\SearchScopes\{F06E480A-A81E-4233-9EA9-F7DCA39D4913}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vitalimages.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vitalimages.com/ IE - HKCU\..\SearchScopes,DefaultScope = {F06E480A-A81E-4233-9EA9-F7DCA39D4913} IE - HKCU\..\SearchScopes\{F06E480A-A81E-4233-9EA9-F7DCA39D4913}: "URL" = http://www.google.com/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012/09/28 21:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: YouTube = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Wajam = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: Google Wallet = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Google Wallet = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Gmail = C:\Users\sjacobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [InputDirector] C:\Program Files (x86)\Input Director\InputDirector.exe () O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found O4 - HKLM..\Run: [Raagtx] C:\ProgramData\WebEx\webex\319\raagtx.exe File not found O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DirexcX] C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Templates\DircxtX.exe (Корпорация Майкрософт) O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15:[b]64bit:[/b] - ..Trusted Domains: home ([]http in Local intranet) O15:[b]64bit:[/b] - ..Trusted Domains: vitalimages.com ([]file in Local intranet) O15:[b]64bit:[/b] - ..Trusted Domains: vitalimages.com ([adfs] https in Local intranet) O15:[b]64bit:[/b] - ..Trusted Domains: vitalimages.com ([home] * in Local intranet) O15:[b]64bit:[/b] - ..Trusted Domains: vitalimages.com ([home] http in Local intranet) O15:[b]64bit:[/b] - ..Trusted Domains: vitalimages.com ([vpn1] https in Trusted sites) O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://vitalnet.vitalimages.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/smt/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vitalimages.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCF2BA52-D702-4C9C-9BA1-089208C065B6}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found O20:[b]64bit:[/b] - AppInit_DLLs: (actuser.dll) - C:\Windows\SysNative\actuser.dll (Cisco Systems, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found O20 - AppInit_DLLs: (actuser.dll) - C:\Windows\SysWow64\actuser.dll (Cisco Systems, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O31 - SafeBoot: AlternateShell - C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Templates\DircxtX.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3060bd77-936c-11e2-ae72-78acc03e10b6}\Shell - "" = AutoRun O33 - MountPoints2\{3060bd77-936c-11e2-ae72-78acc03e10b6}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{c468d6ac-4f65-11e2-a357-78acc03e10b6}\Shell - "" = AutoRun O33 - MountPoints2\{c468d6ac-4f65-11e2-a357-78acc03e10b6}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/11/15 19:58:11 | 000,000,000 | ---D | C] -- C:\FRST [2013/11/15 18:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013/11/15 18:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/11/15 18:06:18 | 010,264,904 | ---- | C] (SurfRight B.V.) -- C:\Users\sjacobs\Desktop\HitmanPro_x64.exe [2013/11/15 18:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/11/15 18:05:19 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\.android [2013/11/15 18:05:18 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\cache [2013/11/15 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\Documents\Mobogenie [2013/11/15 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\Mobogenie [2013/11/15 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\SearchProtect [2013/11/15 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2013/11/15 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\Wajam [2013/11/15 18:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie [2013/11/15 17:40:24 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sjacobs\Desktop\mbam-setup-1.75.0.1300.exe [2013/11/15 14:25:00 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Roaming\Malwarebytes [2013/11/15 14:24:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/11/15 14:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/11/15 14:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/11/15 14:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/11/15 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Local\Programs [2013/11/15 12:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2013/11/14 18:11:49 | 000,000,000 | ---D | C] -- C:\Users\sjacobs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013/11/14 18:11:48 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013/11/14 18:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/11/14 18:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013/11/14 18:07:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013/11/08 10:29:02 | 000,000,000 | ---D | C] -- C:\2013B [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/11/15 19:52:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/15 19:52:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/15 19:52:12 | 906,265,345 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/11/15 19:52:09 | 2134,286,332 | -HS- | M] () -- C:\hiberfil.sys [2013/11/15 18:09:30 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/11/15 18:08:40 | 010,264,904 | ---- | M] (SurfRight B.V.) -- C:\Users\sjacobs\Desktop\HitmanPro_x64.exe [2013/11/15 18:04:43 | 006,133,701 | ---- | M] () -- C:\Users\sjacobs\Desktop\HitmanPro.zip [2013/11/15 17:41:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/11/15 17:40:24 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\sjacobs\Desktop\mbam-setup-1.75.0.1300.exe [2013/11/15 14:06:54 | 000,973,808 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/11/15 14:06:54 | 000,798,820 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/11/15 14:06:54 | 000,171,786 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/11/15 14:03:11 | 000,000,509 | ---- | M] () -- C:\Windows\SMSCFG.INI [2013/11/15 14:01:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/15 12:22:06 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/15 12:22:06 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/15 12:21:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/14 18:11:49 | 000,002,262 | ---- | M] () -- C:\Users\sjacobs\Desktop\SpyHunter.lnk [2013/10/17 22:23:19 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/11/15 18:09:30 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/11/15 18:04:19 | 006,133,701 | ---- | C] () -- C:\Users\sjacobs\Desktop\HitmanPro.zip [2013/11/15 14:24:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/11/14 18:11:50 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013/11/14 18:11:49 | 000,002,262 | ---- | C] () -- C:\Users\sjacobs\Desktop\SpyHunter.lnk [2013/11/14 18:07:09 | 906,265,345 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/06/21 10:14:55 | 000,000,189 | ---- | C] () -- C:\Windows\ODBCINST.INI [2013/04/11 14:45:05 | 000,000,347 | ---- | C] () -- C:\Windows\my.ini [2012/11/02 12:39:53 | 000,023,944 | RHS- | C] () -- C:\Users\sjacobs\ntuser.pol [2012/10/31 17:08:41 | 000,001,614 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/10/31 15:38:25 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini [2012/03/02 17:07:37 | 000,967,532 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/02 17:06:04 | 000,000,509 | ---- | C] () -- C:\Windows\SMSCFG.INI [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/07/02 15:05:29 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\DassaultSystemes [2012/12/27 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\HTC [2012/12/27 09:07:53 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\HTC Sync [2012/11/07 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Notepad++ [2012/11/12 11:14:26 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Scooter Software [2012/11/12 11:01:06 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Subversion [2012/11/05 14:14:15 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Vital Images [2013/11/08 12:29:54 | 000,000,000 | ---D | M] -- C:\Users\sjacobs\AppData\Roaming\Webex [color=#E56717]========== Purity Check ==========[/color] < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top