OTL logfile created on: 29/09/2014 18:21:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rupert Legge\My Documents\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 1.97 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 72.25% Memory free 2.48 Gb Paging File | 1.92 Gb Available in Paging File | 77.40% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.22 Gb Total Space | 59.19 Gb Free Space | 84.28% Space Free | Partition Type: NTFS Drive E: | 180.29 Gb Total Space | 180.00 Gb Free Space | 99.84% Space Free | Partition Type: NTFS Drive G: | 30.46 Gb Total Space | 4.57 Gb Free Space | 15.00% Space Free | Partition Type: FAT32 Computer Name: RUPERT | User Name: Rupert Legge | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/09/29 18:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rupert Legge\My Documents\Downloads\OTL.exe PRC - [2014/09/24 20:19:46 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014/09/16 09:06:20 | 002,835,728 | ---- | M] (Easeware) -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe PRC - [2014/08/31 10:55:00 | 001,274,880 | ---- | M] () -- C:\Documents and Settings\Rupert Legge\My Documents\Downloads\firemin_2086\firemin_2086\Firemin.exe.exe PRC - [2011/04/06 14:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe PRC - [2011/04/06 14:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe PRC - [2011/04/06 14:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe PRC - [2011/04/06 14:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe PRC - [2010/05/21 14:56:04 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe PRC - [2010/05/21 14:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe PRC - [2009/09/23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe PRC - [2008/05/16 13:58:16 | 000,094,208 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe PRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/08/04 13:00:00 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipbrd.exe PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/09/24 20:19:44 | 003,715,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2014/08/31 10:55:00 | 001,274,880 | ---- | M] () -- C:\Documents and Settings\Rupert Legge\My Documents\Downloads\firemin_2086\firemin_2086\Firemin.exe.exe MOD - [2011/12/19 17:42:17 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll MOD - [2011/12/19 17:41:10 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll MOD - [2011/12/19 17:36:56 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2011/12/19 17:36:32 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll MOD - [2011/12/19 15:56:42 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MOD - [2011/12/19 15:56:24 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll MOD - [2011/12/19 15:55:30 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll MOD - [2011/12/19 15:51:50 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2011/12/19 15:51:34 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2011/04/11 06:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll MOD - [2010/05/21 14:55:58 | 000,278,528 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll MOD - [2010/05/21 14:55:58 | 000,163,840 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll MOD - [2010/05/21 14:55:54 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll MOD - [2010/05/21 14:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe MOD - [2010/05/21 14:55:40 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2014/09/24 20:19:44 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/04/06 14:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2011/04/06 14:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat) SRV - [2010/05/21 14:56:04 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2014/09/29 16:48:08 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2011/12/16 18:00:02 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon) DRV - [2011/04/06 14:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2011/04/06 14:01:32 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2011/04/06 14:01:30 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2011/04/06 14:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2010/05/21 14:56:04 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2010/05/20 16:14:52 | 000,028,184 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSN5PDTS82.sys -- (CSN5PDTS82) DRV - [2010/02/11 12:59:18 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2010/01/05 04:31:32 | 001,714,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271) DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2005/12/12 11:56:00 | 000,015,232 | R--- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uac4pdt.sys -- (uac4pdt) DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2005/03/14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2004/04/03 07:35:08 | 000,043,392 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2004/04/03 07:32:20 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=crm&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYIE&apn_uid=8c87baf8-9ef4-4f94-856e-bc35f3211ddf&apn_sauid=1F6E34C2-74E6-4A9A-BADA-7B67DD97DBF5 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120307D2034573ACC78754527D620D&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: ramback%40pavlov.net:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/24 20:19:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/20 19:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Extensions [2014/09/21 14:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\extensions [2014/09/20 19:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}(2) [2014/09/21 12:45:19 | 000,000,000 | ---D | M] ("PrivDog") -- C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\extensions\PrivDog@AdTrustMedia.com [2014/09/21 13:57:57 | 000,056,667 | ---- | M] () (No name found) -- C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2014/09/21 14:53:01 | 000,008,232 | ---- | M] () (No name found) -- C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Profiles\ptluom4j.default\extensions\ramback@pavlov.net.xpi [2014/09/24 20:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2) [2014/09/24 20:19:27 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) [2014/09/24 20:19:27 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions(2)\talkback@mozilla(2).org [2014/09/24 20:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014/09/24 20:19:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/11/21 05:21:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2012/12/18 20:58:53 | 000,000,058 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 microsoft.com O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe () O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found O4 - Startup: C:\Documents and Settings\Rupert Legge\Start Menu\Programs\Startup\Firemin.lnk = C:\Documents and Settings\Rupert Legge\My Documents\Downloads\firemin_2086\firemin_2086\Firemin.exe.exe () O4 - Startup: C:\Documents and Settings\Rupert Legge\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{801F5AAB-5307-4AD1-92FF-031981878D25}: DhcpNameServer = 89.101.160.4 89.101.160.5 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rupert Legge\Application Data\Mozilla\Firefox\Desktop Background.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/12/05 13:56:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/08/30 15:14:06 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ] O32 - AutoRun File - [2010/08/30 15:14:06 | 000,000,016 | -H-- | M] () - G:\AUTORUN_.INF -- [ FAT32 ] O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell\AutoRun\command - "" = E:\Launch.exe O33 - MountPoints2\Z\Shell - "" = AutoRun O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/09/29 18:20:34 | 000,000,000 | ---D | C] -- C:\FRST [2014/09/29 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverEasy [2014/09/29 17:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97 [2014/09/29 17:03:41 | 000,473,600 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\s3iset32_2_00_107.dll [2014/09/29 16:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Application Data\Easeware [2014/09/29 16:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware [2014/09/29 16:48:08 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2014/09/24 20:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014/09/21 17:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\My Documents\Dokumenty Julka [2014/09/21 17:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Application Data\Helios [2014/09/21 17:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TextPad [2014/09/21 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\TextPad 7 [2014/09/21 16:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Application Data\Thinstall [2014/09/21 12:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2014/09/21 12:02:36 | 004,862,664 | ---- | C] (AVAST Software) -- C:\Program Files\avast_free_antivirus_setup_online.exe [2014/09/21 10:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO(2) [2014/09/21 10:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia [2014/09/21 10:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\COMODO [2014/09/21 10:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\MFAData [2014/09/20 20:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Start Menu\Programs\BleachBit [2014/09/20 19:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Application Data\STGU [2014/09/20 19:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2014/09/20 19:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2014/09/20 19:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2014/09/20 19:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2014/09/20 19:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Application Data\Colasoft Capsa 7.4 - Free Edition [2014/09/20 19:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rupert Legge\Application Data\BitTorrent [2014/09/20 19:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2014/09/20 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fox Programming Solutions [2014/09/20 19:26:28 | 000,000,000 | ---D | C] -- C:\spywarebegone [2012/12/04 11:16:28 | 000,494,510 | ---- | C] (UltraDefrag Development Team) -- C:\Program Files\ultradefrag-5.1.1.bin.i386.exe [2012/12/03 22:02:41 | 000,483,809 | ---- | C] (Lars Hederer ) -- C:\Program Files\ntregopt-setup.exe [2012/11/25 23:17:43 | 000,968,592 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe [2012/02/14 19:50:24 | 000,594,752 | ---- | C] (Unity Technologies ApS) -- C:\Documents and Settings\Rupert Legge\UnityWebPlayer.exe [2012/02/05 21:13:27 | 000,429,125 | ---- | C] (www.1HourSoftware.com) -- C:\Program Files\StartClock.exe [2011/12/16 12:02:10 | 014,580,096 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 8.0.1.exe [2006/11/13 22:47:13 | 014,879,120 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/09/29 18:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014/09/29 18:00:42 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/09/29 17:24:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverEasy.lnk [2014/09/29 17:19:11 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/09/29 17:18:54 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2014/09/29 17:18:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\SpottyFiles Update.job [2014/09/29 17:18:53 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job [2014/09/29 17:18:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Go for FilesUpdate.job [2014/09/29 17:18:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/09/29 17:18:41 | 2112,409,600 | -HS- | M] () -- C:\hiberfil.sys [2014/09/29 16:55:23 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job [2014/09/29 16:49:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2014/09/29 16:48:08 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2014/09/29 16:14:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/09/21 14:46:47 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Rupert Legge\Start Menu\Programs\Startup\Firemin.lnk [2014/09/21 12:14:23 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Rupert Legge\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2014/09/21 12:14:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2014/09/21 12:02:38 | 004,862,664 | ---- | M] (AVAST Software) -- C:\Program Files\avast_free_antivirus_setup_online.exe [2014/09/21 11:53:28 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2014/09/21 11:33:18 | 000,743,457 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2014/09/20 20:23:03 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Rupert Legge\Desktop\BleachBit.lnk [2014/09/20 20:21:33 | 006,353,936 | ---- | M] () -- C:\Program Files\BleachBit-1.4-setup.exe [2014/09/20 20:09:25 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Rupert Legge\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/09/20 20:05:37 | 000,000,210 | RHS- | M] () -- C:\boot.ini [2014/09/20 19:33:12 | 000,433,720 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014/09/20 19:33:12 | 000,067,718 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/09/20 18:50:55 | 000,414,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys.1411236888281 [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/09/29 17:18:41 | 2112,409,600 | -HS- | C] () -- C:\hiberfil.sys [2014/09/29 16:55:22 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job [2014/09/29 16:55:01 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverEasy.lnk [2014/09/21 17:22:22 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Rupert Legge\Start Menu\Programs\TextPad.lnk [2014/09/21 14:46:47 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Rupert Legge\Start Menu\Programs\Startup\Firemin.lnk [2014/09/21 12:14:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2014/09/20 20:23:03 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Rupert Legge\Desktop\BleachBit.lnk [2014/09/20 20:21:24 | 006,353,936 | ---- | C] () -- C:\Program Files\BleachBit-1.4-setup.exe [2014/03/11 21:13:25 | 001,445,947 | ---- | C] () -- C:\Program Files\(tapeciarnia.pl)193276_biala_ceramika_bukiet_kwiatow_maliny.jpg [2013/01/03 12:05:08 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini [2012/12/18 22:39:03 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ShareAlarm.INI [2012/11/25 23:22:08 | 000,117,297 | ---- | C] () -- C:\Program Files\debian-privacy-remix.iso.torrent [2012/11/25 13:47:41 | 006,287,231 | ---- | C] () -- C:\Program Files\BleachBit-0.9.3-setup.exe [2012/02/09 20:15:09 | 000,000,163 | ---- | C] () -- C:\Program Files\StartClock.ini [2011/12/31 22:13:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rupert Legge\Application Data\$_hpcst$.hpc [2011/12/28 19:59:23 | 000,460,624 | ---- | C] () -- C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\promo.exe [2011/12/18 23:39:49 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\fusioncache.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2005/12/05 14:00:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2006/05/29 16:32:09 | 001,496,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >