Have carried out your instructions and only 1 report has been produced which is copied to you.Please advise on follow up action
thanks Jacksy
OTL logfile created on: 16/01/2012 18:28:24 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User1\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.54% Memory free
1.85 Gb Paging File | 1.24 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.71 Gb Free Space | 84.16% Space Free | Partition Type: NTFS
Computer Name: HPCOMPAQ | User Name: User1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\User1\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ========== MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ========== DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieIE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.condui...&ctid=CT3106574IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://search.bearshare.com/"FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..keyword.URL: "
http://search.bearsh...&systemid=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 00:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 00:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/04 14:43:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/12/23 09:49:33 | 000,000,000 | ---D | M]
[2011/07/04 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions
[2011/07/04 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/15 16:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions
[2012/01/10 00:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/15 16:52:41 | 000,000,000 | ---D | M] (PC-Helpsoft Community Toolbar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{256db8bc-7da7-4248-97cd-44e07216b7f1}
[2010/12/21 19:44:49 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2012/01/08 18:23:21 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\searchplugins\askcom.xml
[2010/09/14 12:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\searchplugins\BearShareWebSearch.xml
[2012/01/12 00:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 09:49:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/18 17:20:31 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/09/14 12:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ========== CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url =
http://search.condui...&ctid=CT3106574CHR - default_search_provider: suggest_url =
http://search.conduit.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\User1\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus D68 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9788FE85-567A-40BA-ACD0-BAC05BACD203}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/14 21:22:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b1e54a8b-780d-11df-ab14-001617e08264}\Shell\AutoRun\command - "" = J:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{e1189098-1da6-11e0-9b92-00e04d892a85}\Shell - "" = AutoRun
O33 - MountPoints2\{e1189098-1da6-11e0-9b92-00e04d892a85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1189098-1da6-11e0-9b92-00e04d892a85}\Shell\AutoRun\command - "" = I:\TVRadio.EXE
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2012/01/14 10:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2012/01/14 10:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2012/01/14 10:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012/01/14 10:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/01/12 17:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\Revo Uninstaller
[2012/01/12 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/09 20:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Google
[2012/01/09 20:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/01/09 20:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/08 19:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/08 18:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/03 23:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Curiolab
[2011/12/19 17:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\PC-Helpsoft
[2011/12/19 17:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\Conduit
[2011/12/19 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Helpsoft
[2011/12/18 17:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/01/16 18:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 18:02:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
[2012/01/16 17:45:00 | 086,821,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/16 17:41:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 17:41:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 17:40:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 17:01:04 | 000,073,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/14 21:44:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/14 21:44:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/01/13 14:05:10 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/12 20:46:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 20:42:00 | 000,453,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 20:42:00 | 000,074,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/12 17:18:56 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Revo Uninstaller.lnk
[2012/01/12 00:11:17 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/12 00:11:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/08 18:36:13 | 000,656,658 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/08 18:33:13 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\sdasetup_revwire207[2].exe
[2012/01/08 17:58:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/08 17:52:57 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/23 09:49:39 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/01/14 21:44:36 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/01/14 21:44:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/01/12 17:18:56 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Revo Uninstaller.lnk
[2012/01/12 00:11:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/09 21:54:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/09 20:00:53 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/09 20:00:52 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 18:36:07 | 000,656,658 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/08 18:33:14 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\sdasetup_revwire207[2].exe
[2012/01/08 18:02:45 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
[2012/01/08 17:58:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/09/07 17:13:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/09/07 17:06:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/06/04 09:50:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2011/06/04 09:11:24 | 000,112,831 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/06/04 09:11:24 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/01/27 19:03:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/28 12:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/15 15:58:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/11/24 17:22:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/11 17:52:25 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe
[2010/10/27 02:35:40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/27 02:35:40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/09 18:40:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/07 22:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tsccStatus.dat
[2010/07/06 13:33:14 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/07/06 13:33:14 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/07/06 13:33:14 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/06/15 08:01:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/14 22:43:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/06/14 22:43:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/14 22:36:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/14 22:36:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/14 22:08:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/14 22:07:21 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 21:24:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/14 21:19:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/09 07:28:22 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/08/16 23:52:54 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,453,814 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,074,654 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 16:44:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\fileops.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/11/11 14:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ========== [2011/08/04 09:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/12/21 19:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\111E4
[2011/12/18 17:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/13 13:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/13 13:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/12/09 18:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/15 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/15 09:57:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/16 17:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/15 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroNEXT Driver
[2011/09/15 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/01/08 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/10/16 20:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG
[2011/10/13 13:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG Secure Search
[2011/10/13 13:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG2012
[2010/12/21 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\bearsharemediabartb
[2012/01/03 23:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Curiolab
[2011/12/13 21:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Image Zone Express
[2010/06/14 23:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ImgBurn
[2010/07/06 19:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\OpenOffice.org
[2010/07/16 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Orphée Développement
[2011/12/09 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\searchquband
[2011/03/14 06:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Template
[2011/07/04 14:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Thunderbird
[2010/06/14 23:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Desktop Search
[2011/02/24 19:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Search
[2012/01/16 18:02:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
< End of report >