Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 02 Ran by Rupert Legge (administrator) on RUPERT on 29-09-2014 19:13:31 Running from C:\Documents and Settings\Rupert Legge\My Documents\Downloads Loaded Profile: Rupert Legge (Available profiles: Rupert Legge) Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsi Software GmbH) C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH) C:\Program Files\Online Armor\oasrv.exe (Atheros) C:\WINDOWS\system32\acs.exe (Emsi Software GmbH) C:\Program Files\Online Armor\oaui.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe (Emsi Software GmbH) C:\Program Files\Online Armor\oahlp.exe () C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe () C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe (Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe (Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe () C:\Documents and Settings\Rupert Legge\My Documents\Downloads\firemin_2086\firemin_2086\Firemin.exe.exe (Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [2477032 2011-04-06] (Emsi Software GmbH) HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561263 2010-05-21] () HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] () HKLM\...\Run: [ROC_ROC_NT] => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT HKLM\...\Run: [VTTrayp] => C:\WINDOWS\system32\VTtrayp.exe [199168 2009-10-22] (S3 Graphics Co., Ltd.) HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [94208 2008-05-16] (S3 Graphics, Inc.) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.) HKU\S-1-5-19\...\Policies\Explorer: [CDRAutoRun] 0 HKU\S-1-5-21-1430662889-353329016-294800167-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKU\S-1-5-21-1430662889-353329016-294800167-1007\...\MountPoints2: Z - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HKU\S-1-5-21-1430662889-353329016-294800167-1007\...\MountPoints2: {a2044a21-6549-11da-a5a1-806d6172696f} - E:\Launch.exe Startup: C:\Documents and Settings\Rupert Legge\Start Menu\Programs\Startup\Firemin.lnk ShortcutTarget: Firemin.lnk -> C:\Documents and Settings\Rupert Legge\My Documents\Downloads\firemin_2086\firemin_2086\Firemin.exe.exe () Startup: C:\Documents and Settings\Rupert Legge\Start Menu\Programs\Startup\PandaUSBVaccine.lnk ShortcutTarget: PandaUSBVaccine.lnk -> C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=crm&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYIE&apn_uid=8c87baf8-9ef4-4f94-856e-bc35f3211ddf&apn_sauid=1F6E34C2-74E6-4A9A-BADA-7B67DD97DBF5 SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120307D2034573ACC78754527D620D&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [354720 2011-04-06] (Emsi Software GmbH) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: PrivDog - C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\Extensions\PrivDog@AdTrustMedia.com [2014-09-21] FF Extension: No Name - C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}(2) [2014-09-20] FF Extension: Tab Grenade - C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\Extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2014-09-21] FF Extension: RAMBack - C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\Extensions\ramback@pavlov.net.xpi [2014-09-21] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-19] Chrome: ======= CHR HKLM\...\Chrome\Extension: [kfejhbidgehdoaglokpfddkmiepmhcck] - C:\Documents and Settings\All Users\Application Data\Plugin\iseekdeal-chrome.crx [2012-12-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2010-05-21] (Atheros) [File not signed] R2 Belkin Wireless USB Network Adapter Service; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [49152 2004-03-29] () [File not signed] R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [381512 2011-04-06] (Emsi Software GmbH) R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4326472 2011-04-06] (Emsi Software GmbH) S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2006-10-19] (Meetinghouse Data Communications) [File not signed] R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.) [File not signed] R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [43392 2004-04-03] (Roxio) [File not signed] R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24576 2004-04-03] (Roxio) [File not signed] R1 CSN5PDTS82; C:\WINDOWS\System32\Drivers\CSN5PDTS82.sys [28184 2010-05-20] (Colasoft Co., Ltd.) R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2005-03-14] (DeviceGuys, Inc.) [File not signed] S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-09-29] (Phoenix Technologies) [File not signed] S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-15] (VIA Technologies, Inc. ) S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) R1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [205864 2011-04-06] () R1 oahlpXX; C:\WINDOWS\system32\drivers\oahlp32.sys [39048 2011-04-06] () R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [25192 2011-04-06] (Emsisoft) R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [29464 2011-04-06] (Emsisoft) S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [232192 2005-08-02] (Ralink Technology, Corp.) [File not signed] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] () S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [12984 2011-12-16] () S3 uac4pdt; C:\WINDOWS\System32\DRIVERS\uac4pdt.sys [15232 2005-12-12] (Micronas GmbH) R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [296960 2009-11-10] (Copyright (C) VIA/S3 Graphics Co, Ltd.) [File not signed] R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.) [File not signed] R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2010-05-21] (Atheros Communications, Inc.) [File not signed] S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X] S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X] S3 MSICPL; \??\D:\install4\MSICPL.sys [X] S3 NTACCESS; \??\D:\NTACCESS.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X] S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X] S3 wanatw; system32\DRIVERS\wanatw4.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 18:20 - 2014-09-29 19:13 - 00000000 ____D () C:\FRST 2014-09-29 17:24 - 2014-09-29 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DriverEasy 2014-09-29 17:16 - 2014-09-29 17:16 - 00000000 ____D () C:\Program Files\Realtek AC97 2014-09-29 17:03 - 2014-09-29 17:03 - 00039332 _____ () C:\WINDOWS\s3setapi.log 2014-09-29 17:03 - 2009-11-03 09:36 - 00473600 _____ (S3 Graphics Co., Ltd.) C:\WINDOWS\system32\s3iset32_2_00_107.dll 2014-09-29 17:02 - 2014-09-29 17:04 - 00006677 _____ () C:\WINDOWS\s3iscfg.log 2014-09-29 16:55 - 2014-09-29 17:24 - 00000815 _____ () C:\Documents and Settings\All Users\Desktop\DriverEasy.lnk 2014-09-29 16:55 - 2014-09-29 16:55 - 00000420 _____ () C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job 2014-09-29 16:55 - 2014-09-29 16:55 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\Easeware 2014-09-29 16:54 - 2014-09-29 16:54 - 00000000 ____D () C:\Program Files\Easeware 2014-09-29 16:48 - 2014-09-29 16:48 - 00023456 _____ (Phoenix Technologies) C:\WINDOWS\system32\Drivers\DrvAgent32.sys 2014-09-29 16:22 - 2014-09-29 16:22 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-09-29 16:22 - 2014-09-29 16:22 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-09-24 20:19 - 2014-09-24 20:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-21 17:24 - 2014-09-21 17:24 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\My Documents\Dokumenty Julka 2014-09-21 17:22 - 2014-09-21 17:22 - 00000650 _____ () C:\Documents and Settings\Rupert Legge\Start Menu\Programs\TextPad.lnk 2014-09-21 17:22 - 2014-09-21 17:22 - 00000000 ____D () C:\Program Files\TextPad 7 2014-09-21 17:22 - 2014-09-21 17:22 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\Helios 2014-09-21 17:22 - 2014-09-21 17:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TextPad 2014-09-21 17:13 - 2014-09-21 17:13 - 00008192 ___SH () C:\Documents and Settings\Rupert Legge\Desktop\Thumbs.db 2014-09-21 16:46 - 2014-09-21 16:46 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\Thinstall 2014-09-21 12:14 - 2014-09-28 12:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-21 12:14 - 2014-09-21 12:14 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-09-21 12:02 - 2014-09-21 12:02 - 04862664 _____ (AVAST Software) C:\Program Files\avast_free_antivirus_setup_online.exe 2014-09-21 11:37 - 2014-09-21 11:37 - 00029920 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-09-21 11:35 - 2014-09-21 11:40 - 00000000 ___SD () C:\Documents and Settings\Administrator 2014-09-21 11:35 - 2014-09-21 11:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp 2014-09-21 11:35 - 2014-09-21 11:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\CyberLink 2014-09-21 11:35 - 2006-07-13 12:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2014-09-21 11:35 - 2006-07-13 12:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-09-21 10:49 - 2014-09-21 11:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO(2) 2014-09-21 10:49 - 2014-09-21 11:33 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt 2014-09-21 10:46 - 2014-09-21 10:46 - 00000000 ____D () C:\Program Files\AdTrustMedia 2014-09-21 10:45 - 2014-09-21 11:40 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\COMODO 2014-09-21 10:30 - 2014-09-21 10:30 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\MFAData 2014-09-21 10:16 - 2014-09-29 17:17 - 00055988 _____ () C:\WINDOWS\setupapi.log 2014-09-21 00:47 - 2014-09-29 17:17 - 00002644 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-20 20:23 - 2014-09-20 20:23 - 00000694 _____ () C:\Documents and Settings\Rupert Legge\Desktop\BleachBit.lnk 2014-09-20 20:23 - 2014-09-20 20:23 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Start Menu\Programs\BleachBit 2014-09-20 20:21 - 2014-09-20 20:21 - 06353936 _____ () C:\Program Files\BleachBit-1.4-setup.exe 2014-09-20 19:33 - 2014-09-20 19:33 - 00004300 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP 2014-09-20 19:27 - 2014-09-20 19:38 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\STGU 2014-09-20 19:27 - 2014-09-20 19:27 - 00000000 ____D () C:\Program Files\MSXML 6.0 2014-09-20 19:27 - 2014-09-20 19:27 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-09-20 19:27 - 2014-09-20 19:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-09-20 19:26 - 2014-09-20 19:53 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\BitTorrent 2014-09-20 19:26 - 2014-09-20 19:26 - 00000000 ____D () C:\spywarebegone 2014-09-20 19:26 - 2014-09-20 19:26 - 00000000 ____D () C:\Program Files\Fox Programming Solutions 2014-09-20 19:26 - 2014-09-20 19:26 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\Colasoft Capsa 7.4 - Free Edition 2014-09-20 19:26 - 2014-09-20 19:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 19:14 - 2006-10-12 18:45 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Local Settings\Temp 2014-09-29 19:00 - 2011-12-25 13:35 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-29 18:55 - 2013-06-22 10:51 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-09-29 18:18 - 2013-06-23 12:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-29 17:19 - 2011-12-25 13:35 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-29 17:18 - 2013-06-23 10:39 - 00032472 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-29 17:18 - 2012-12-22 20:34 - 00000294 _____ () C:\WINDOWS\Tasks\SpottyFiles Update.job 2014-09-29 17:18 - 2012-11-18 21:25 - 00000290 _____ () C:\WINDOWS\Tasks\Express FilesUpdate.job 2014-09-29 17:18 - 2012-10-20 20:48 - 00000282 _____ () C:\WINDOWS\Tasks\Go for FilesUpdate.job 2014-09-29 17:18 - 2005-12-05 13:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-29 17:17 - 2011-12-15 23:08 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt 2014-09-29 17:17 - 2006-10-12 18:45 - 00000178 ___SH () C:\Documents and Settings\Rupert Legge\ntuser.ini 2014-09-29 17:16 - 2006-07-12 20:08 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2014-09-29 17:02 - 2005-12-05 15:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-09-29 17:02 - 2005-12-05 05:43 - 00000000 ____D () C:\WINDOWS\Help 2014-09-29 16:49 - 2012-02-14 16:09 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-09-29 16:14 - 2005-12-05 12:41 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-21 12:14 - 2011-12-16 12:03 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-21 11:53 - 2011-12-16 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-09-21 11:53 - 2006-07-13 02:37 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT 2014-09-21 11:50 - 2011-12-16 00:54 - 00000000 ____D () C:\Program Files\Online Armor 2014-09-21 11:43 - 2006-10-12 18:45 - 00000000 ____D () C:\Documents and Settings\Rupert Legge 2014-09-21 11:43 - 2005-12-05 13:58 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-09-21 11:43 - 2005-12-05 13:58 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-09-21 11:43 - 2005-12-05 13:53 - 00000000 ____D () C:\WINDOWS\Registration 2014-09-21 11:37 - 2011-12-15 20:04 - 00000000 ____D () C:\Program Files\COMODO 2014-09-21 11:33 - 2011-12-15 20:05 - 00743457 _____ () C:\WINDOWS\system32\Drivers\sfi.dat 2014-09-21 10:49 - 2011-12-15 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo 2014-09-21 10:44 - 2011-12-16 00:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo Downloader 2014-09-21 10:33 - 2011-12-15 20:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-09-21 09:38 - 2011-12-16 09:49 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\OnlineArmor 2014-09-21 00:39 - 2005-12-05 13:54 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-09-20 20:26 - 2012-10-21 12:06 - 00000000 ____D () C:\Program Files\SRWare Iron 2014-09-20 20:25 - 2005-12-05 13:59 - 00000000 ____D () C:\WINDOWS\system32\URTTemp 2014-09-20 20:23 - 2012-11-25 16:36 - 00000000 ____D () C:\Program Files\BleachBit 2014-09-20 20:09 - 2006-10-12 18:45 - 00000767 _____ () C:\Documents and Settings\Rupert Legge\Start Menu\Programs\Internet Explorer.lnk 2014-09-20 20:05 - 2011-12-16 13:37 - 00000000 ____D () C:\WINDOWS\pss 2014-09-20 20:05 - 2005-12-05 12:42 - 00000210 __RSH () C:\boot.ini 2014-09-20 20:05 - 2005-12-05 12:41 - 00000477 _____ () C:\WINDOWS\win.ini 2014-09-20 20:05 - 2005-12-05 12:41 - 00000227 _____ () C:\WINDOWS\system.ini 2014-09-20 19:52 - 2013-01-18 16:42 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\uTorrent 2014-09-20 19:32 - 2012-11-25 13:49 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\BleachBit 2014-09-20 19:27 - 2012-06-04 17:26 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\pdfforge 2014-09-20 19:23 - 2014-03-11 20:49 - 00000000 ____D () C:\WINDOWS\system32\wIShld 2014-09-20 19:23 - 2011-12-16 12:03 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Application Data\Mozilla 2014-09-20 19:22 - 2012-04-02 19:42 - 00000000 ____D () C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\Temp 2014-09-20 18:50 - 2011-12-16 17:47 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1411236888281 Files to move or delete: ==================== C:\Documents and Settings\Rupert Legge\UnityWebPlayer.exe Some content of TEMP: ==================== C:\Documents and Settings\Rupert Legge\Local Settings\Temp\Tsu-0388.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================