When I remote into the infected computer I am receiving a lot of communication on port 1318. I'm also getting a ton of files being written to:
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\pel3t8hs.default-1408316845401\cache2\entries
Please help me figure out what is causing this.
I have run Malwarebytes (Up-to-Date)
I have installed Bitdefender (Up-to-Date)
Running Win XP Pro sp3 (MS updates updated)
Thank you,
Docfxit
OTL logfile created on: 12/27/2014 7:59:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jim\Desktop\SpywareRemovers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.38% Memory free
7.34 Gb Paging File | 6.14 Gb Available in Paging File | 83.68% Paging File free
Paging file location(s): C:\pagefile.sys 4605 6605 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 90.30 Gb Total Space | 55.30 Gb Free Space | 61.24% Space Free | Partition Type: NTFS
Drive F: | 113.40 Gb Total Space | 6.67 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
Drive G: | 29.16 Gb Total Space | 14.56 Gb Free Space | 49.93% Space Free | Partition Type: NTFS
Computer Name: JIMSDESKTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/12/27 07:56:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\SpywareRemovers\OTL.exe
PRC - [2014/12/15 03:29:59 | 005,476,112 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\TeamViewer_Desktop.exe
PRC - [2014/12/15 03:29:58 | 016,362,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\TeamViewer.exe
PRC - [2014/12/15 03:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\TeamViewer_Service.exe
PRC - [2014/12/15 03:07:21 | 000,229,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\tv_w32.exe
PRC - [2014/12/12 09:21:24 | 005,489,944 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/12/08 08:37:09 | 000,482,392 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
PRC - [2014/12/08 08:36:57 | 001,918,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
PRC - [2014/12/08 08:36:50 | 001,302,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
PRC - [2014/12/05 02:07:55 | 035,962,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V5.19.exe
PRC - [2014/11/27 16:36:10 | 000,089,792 | ---- | M] (Microsoft Corporation) -- c:\fe0b05943fc00b6973534b255ad54e\mrtstub.exe
PRC - [2014/11/13 14:24:31 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/08/13 00:43:18 | 000,054,424 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
PRC - [2014/08/13 00:43:00 | 000,615,256 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
PRC - [2014/08/10 17:16:22 | 001,794,840 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2014/07/23 01:18:36 | 003,596,240 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2014/07/23 01:12:50 | 000,134,624 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2014/07/21 11:22:02 | 002,462,160 | ---- | M] (Paramount Software UK Ltd) -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2014/07/03 16:37:32 | 000,283,664 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ThreatEmulation.exe
PRC - [2014/07/03 16:37:32 | 000,093,712 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2014/06/30 04:34:28 | 004,622,440 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2014/01/29 11:00:28 | 000,144,384 | ---- | M] (GoPro) -- C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
PRC - [2013/06/25 09:43:10 | 001,844,864 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 3\NLClientApp.exe
PRC - [2013/06/25 09:43:10 | 001,132,160 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 3\nlsvc.exe
PRC - [2012/07/20 19:29:24 | 008,186,368 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2010/07/04 11:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/09/20 12:47:08 | 000,091,648 | ---- | M] () -- C:\Program Files\stunnel\stunnel.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/29 15:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/02/21 00:15:02 | 000,112,208 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2007/02/08 18:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/01/01 15:41:28 | 000,151,552 | ---- | M] (Peas Inc.) -- C:\Program Files\DeeEnEs\DeeEnEs.exe
PRC - [2004/10/12 13:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/04/18 11:43:44 | 000,082,944 | ---- | M] (KeirNet) -- C:\Program Files\K9\K9.exe
========== Modules (No Company Name) ==========
MOD - [2014/12/08 08:35:46 | 000,476,712 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2014/10/13 07:28:49 | 001,514,976 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender\bdnc.dll
MOD - [2014/10/13 07:28:18 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
MOD - [2014/08/13 00:44:39 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\ui\accessl.ui
MOD - [2014/08/13 00:44:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\ui\imsecurityal.ui
MOD - [2014/07/23 23:21:26 | 002,138,096 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00040_008\ashttpph.mdl
MOD - [2014/07/23 23:21:24 | 001,128,744 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00040_008\ashttprbl.mdl
MOD - [2014/07/23 23:21:23 | 000,676,568 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00040_008\ashttpbr.mdl
MOD - [2014/07/23 23:21:20 | 000,490,144 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00040_008\ashttpdsp.mdl
MOD - [2014/02/27 03:39:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/27 03:39:23 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll
MOD - [2014/02/27 03:32:46 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/27 03:29:57 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/27 03:29:49 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/27 03:29:31 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/27 03:28:59 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/27 03:28:44 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\aed50a89ba1d32a5398e6469715594a7\PresentationFramework.Classic.ni.dll
MOD - [2014/02/27 03:28:43 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b2e47989a7e6276b1f9f64528760f0d\PresentationFramework.Aero.ni.dll
MOD - [2014/02/27 03:28:41 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/27 03:28:13 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/27 03:27:35 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/27 03:27:25 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/27 03:27:16 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/01 22:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/09/10 21:50:16 | 000,412,920 | ---- | M] () -- C:\Program Files\UltraVNC\SecureVNCPlugin.dsm
MOD - [2011/03/21 16:14:38 | 000,061,440 | ---- | M] () -- C:\Program Files\NetLimiter 3\nlsvcPS.dll
MOD - [2010/07/04 13:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 11:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/03/15 17:00:02 | 001,481,728 | ---- | M] () -- C:\WINDOWS\system32\LegitCheckControl.dll
MOD - [2010/03/15 17:00:02 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll
MOD - [2008/09/20 12:47:08 | 000,091,648 | ---- | M] () -- C:\Program Files\stunnel\stunnel.exe
MOD - [2008/09/20 12:20:26 | 000,074,240 | ---- | M] () -- C:\Program Files\stunnel\zlib1.dll
MOD - [2008/09/20 12:19:40 | 001,420,256 | ---- | M] () -- C:\Program Files\stunnel\libeay32.dll
MOD - [2008/09/20 12:19:40 | 000,306,052 | ---- | M] () -- C:\Program Files\stunnel\libssl32.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/08 18:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2004/02/27 12:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (ACDaemon)
SRV - [2014/12/24 08:59:00 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/15 03:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/12/08 08:36:50 | 001,302,784 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe -- (VSSERV)
SRV - [2014/08/13 00:43:18 | 000,054,424 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe -- (UPDATESRV)
SRV - [2014/08/10 17:16:22 | 001,794,840 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
SRV - [2014/07/23 01:18:36 | 003,596,240 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2014/07/21 11:22:02 | 002,462,160 | ---- | M] (Paramount Software UK Ltd) [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2014/07/03 16:37:32 | 000,093,712 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/06/25 09:43:10 | 001,132,160 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2012/07/20 19:29:24 | 008,186,368 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV - [2008/09/20 12:47:08 | 000,091,648 | ---- | M] () [Auto | Running] -- C:\Program Files\stunnel\stunnel.exe -- (stunnel)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/08 18:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ATICDSDr)
DRV - [2014/12/08 08:37:02 | 000,408,280 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2014/12/08 08:35:51 | 001,073,160 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2014/08/13 00:44:30 | 000,528,248 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2014/07/23 01:19:54 | 000,534,024 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2013/11/04 15:47:30 | 000,066,832 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2013/08/23 12:48:39 | 000,165,744 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2013/07/26 10:53:51 | 000,135,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys -- (bdselfpr)
DRV - [2013/06/28 15:02:08 | 000,016,504 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2013/06/12 11:10:20 | 005,280,944 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2013/06/12 11:10:20 | 005,229,360 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisPT)
DRV - [2013/06/12 11:10:20 | 005,229,360 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisMP)
DRV - [2012/11/02 13:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/09/10 21:50:22 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/06/18 12:34:48 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/06/18 12:34:46 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/14 19:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/30 13:33:12 | 000,073,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2011/07/30 13:33:12 | 000,026,104 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2010/09/23 22:04:50 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/06/17 08:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 08:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 08:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2008/01/31 10:35:54 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/10/19 10:29:22 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/19 20:33:17 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2007/09/13 03:17:56 | 002,372,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006/07/17 14:07:28 | 000,017,290 | R--- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2006/06/12 23:59:52 | 000,254,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/06/12 23:59:46 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/12 23:59:42 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender\ffpwdman\ [2014/04/22 14:12:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\FireFox\components [2014/12/24 08:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\FireFox\plugins [2014/12/24 08:58:52 | 000,000,000 | ---D | M]
[2014/05/01 09:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions
[2014/12/08 17:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\pel3t8hs.default-1408316845401\extensions
O1 HOSTS File: ([2012/08/23 13:11:44 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\hdashcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [SMSI Loader] C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O4 - HKCU..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
O4 - HKCU..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKCU..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [DeeEnEs] C:\Program Files\DeeEnEs\DeeEnEs.exe (Peas Inc.)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKCU..\Run: [WinSnap] C:\Program Files\WinSnap\WinSnap.exe (NTWind Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CineForm Status.lnk = C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\AS400SignOn.lnk = C:\Batch\AS400SignOn.exe ()
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Launch K9.lnk = C:\Program Files\K9\K9.exe (KeirNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1345357543687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345357525312 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0C754E3-253F-4332-9262-B3E9D5901E6B}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/23 12:16:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/27 07:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\SpywareRemovers
[2014/12/27 07:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Locktime
[2014/12/27 07:38:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2014/12/27 07:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetLimiter 3
[2014/12/27 07:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 3
[2014/12/27 07:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2014/12/26 23:41:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2014/12/26 21:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
[2014/12/24 08:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\FireFox
[2012/09/03 11:20:10 | 011,736,928 | ---- | C] (MiniTool Solution Ltd. ) -- C:\Documents and Settings\Jim\Application Data\PWPE75.EXE
[2012/09/03 10:16:45 | 001,178,624 | ---- | C] (CPUID) -- C:\Documents and Settings\Jim\Application Data\siw_sdk.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/12/27 07:52:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/12/27 07:41:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/12/27 07:40:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/27 07:40:47 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/12/27 07:39:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/27 07:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/27 07:07:57 | 000,214,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/12/26 21:48:26 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/12/26 21:18:58 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\UltraVNC Viewer.lnk
[2014/12/26 21:18:58 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\UltraVNC Server.lnk
[2014/12/26 21:12:01 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/12/26 21:07:41 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/21 07:04:48 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/12/20 13:05:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/12/11 18:47:54 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect X3.lnk
[2014/12/08 15:00:00 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/12/08 08:37:02 | 000,408,280 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2014/12/08 08:35:51 | 001,073,160 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2014/12/07 14:46:19 | 000,000,275 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2014/12/01 03:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Monthly.job
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/12/26 21:48:26 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/12/26 21:18:58 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\UltraVNC Viewer.lnk
[2014/12/26 21:18:58 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\UltraVNC Server.lnk
[2014/04/29 14:06:17 | 001,783,583 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1398805717.bdinstall.bin
[2014/04/29 10:36:13 | 000,184,957 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1398796367.bdinstall.bin
[2014/03/08 16:38:32 | 000,239,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/08/15 20:35:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\IsSSE2.exe
[2013/03/21 17:46:32 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2012/09/06 20:24:26 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Jim\jobq.dat
[2012/08/24 19:03:41 | 000,196,877 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1345857740.bdinstall.bin
[2012/08/24 17:18:35 | 000,060,624 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1345857441.bdinstall.bin
[2012/08/23 13:16:33 | 000,295,818 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-1788223648-725345543-1003-0.dat
[2012/08/23 13:16:32 | 000,147,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/22 11:18:03 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Jim\Application Dataprivacy.xml
[2012/03/21 11:06:34 | 000,390,055 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1332354874.bdinstall.bin
[2012/03/18 08:41:21 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\kodakpcd.ini
[2011/05/13 14:01:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\housecall.guid.cache
[2009/03/24 17:25:04 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/27 08:39:34 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/07 15:03:20 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/12/07 15:03:20 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B362E7A0DA.sys
[2008/12/01 18:44:14 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/01 11:09:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim\Ÿ9Ÿ9
[2008/11/25 10:59:18 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Jim\SciTE.recent
[2008/11/25 10:59:18 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Jim\SciTE.session
[2008/11/23 22:46:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jim\winscp.RND
========== ZeroAccess Check ==========
[2008/11/24 00:20:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 00:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 02:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/08/18 12:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/04/29 13:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2014/04/29 13:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2008/12/02 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/12/03 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/03/01 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2014/08/18 09:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/01/13 14:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2014/12/27 07:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2014/08/18 12:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/11/09 16:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/08/19 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/08/31 14:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/01/13 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2008/12/04 21:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2008/12/02 12:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2014/05/10 14:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/30 13:00:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/07/10 08:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2014/04/29 13:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Bitdefender
[2012/03/22 10:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ElevatedDiagnostics
[2012/03/05 13:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Foxit Software
[2014/02/15 18:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GoPro
[2012/08/22 09:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Helge Klein
[2008/12/01 09:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\K9
[2012/08/24 09:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2012/06/20 17:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Marvell
[2014/06/23 21:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mjusbsp
[2012/08/31 14:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MySQL
[2012/03/18 19:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Pegasus Mail
[2008/12/04 21:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\PKWARE
[2012/03/21 10:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\QuickScan
[2012/03/17 22:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Skinux
[2014/05/01 09:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\UpdateInfo
[2008/11/23 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Windows Desktop Search
[2008/11/24 00:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Windows Search
[2014/05/01 09:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Wise Plugin Manager
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054203E4
< End of report >