We are trying to get rid of the "Windows XP Recovery" malware/virus. I have run Malwarebytes to detect and delete it but the system still doen't seem to be running up to speed.
Any help would be appreciated.
Cheers!
OTL logfile created on: 30/05/2011 2:17:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = I:\Virus_Malware\Antimalware Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4987 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 260.13 Gb Free Space | 43.63% Space Free | Partition Type: NTFS
Drive I: | 967.22 Mb Total Space | 308.20 Mb Free Space | 31.86% Space Free | Partition Type: FAT
Computer Name: 55TW5H1 | User Name: Andrea | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - I:\Virus_Malware\Antimalware Programs\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - I:\Virus_Malware\Antimalware Programs\OTL.com (OldTimer Tools)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (LkWebLink) -- File not found
SRV - (HidServ) -- File not found
SRV - (SWAGENT) -- C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe (McAfee, Inc.)
SRV - (myAgtSvc) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
SRV - (EngineServer) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
========== Driver Services (SafeList) ==========
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MfeRKDK) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.)
DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-yie8
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/12/05 10:07:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/28 09:10:31 | 000,000,000 | ---D | M]
[2011/04/04 12:49:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\fcq1lki0.default\extensions
[2011/04/04 12:49:51 | 000,000,000 | -H-D | M] (Avery Toolbar) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\fcq1lki0.default\extensions\[email protected]
[2009/03/26 10:12:57 | 000,001,659 | -H-- | M] () -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\fcq1lki0.default\searchplugins\live-search.xml
[2010/06/17 08:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/04 12:29:50 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/02/04 12:29:50 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/03 10:01:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/11/28 15:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/11/28 15:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/11/28 15:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/11/28 15:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/11/28 15:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/02/20 17:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
O1 HOSTS File: ([2009/04/27 09:22:32 | 000,000,758 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20110114080528.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] File not found
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: itncc.org ([staff] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.epost.ca/printing/smsx.cab (MeadCo ScriptX)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201818704734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1201818907390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pwgsc-pm.web...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://map.hamilton....s/acgm/acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 208.67.220.220 4.2.2.2
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/31 16:06:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/30 12:57:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/30 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Application Data\SUPERAntiSpyware.com
[2011/05/30 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/30 12:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/30 12:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/30 12:25:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrea\Recent
[2011/05/03 08:33:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrea\My Documents\ArcGIS
[2009/08/12 09:48:32 | 000,481,912 | ---- | C] (W3i, LLC) -- C:\Program Files\BitZipper2009TrialSetup-en-pl-techpro.exe
[2009/01/06 10:05:49 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/30 13:14:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 13:14:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/30 13:01:14 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 12:31:55 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/30 12:21:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/30 12:16:47 | 000,000,833 | -H-- | M] () -- C:\Documents and Settings\Andrea\Desktop\Windows XP Recovery.lnk
[2011/05/30 12:16:40 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16572196
[2011/05/30 12:02:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/30 11:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 08:23:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/10 08:31:56 | 000,002,515 | -H-- | M] () -- C:\Documents and Settings\Andrea\Desktop\Excel 2003.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/30 13:01:14 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 12:31:55 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/30 12:16:47 | 000,000,833 | -H-- | C] () -- C:\Documents and Settings\Andrea\Desktop\Windows XP Recovery.lnk
[2011/05/30 12:16:40 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16572196
[2010/01/26 14:02:28 | 000,075,776 | ---- | C] () -- C:\WINDOWS\SSEUninstaller.exe
[2010/01/26 14:02:11 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010/01/21 14:10:58 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2009/10/09 14:09:03 | 000,000,087 | ---- | C] () -- C:\WINDOWS\fmeview.INI
[2009/05/28 14:05:03 | 000,005,120 | -H-- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/28 15:24:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/06 10:22:33 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2009/01/06 10:22:33 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2009/01/06 10:22:33 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2009/01/06 10:12:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/06 10:05:47 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/12/30 16:07:42 | 000,038,464 | -H-- | C] () -- C:\Documents and Settings\Andrea\Application Data\Tab Separated Values (Windows).ADR
[2008/12/16 14:07:17 | 000,000,060 | ---- | C] () -- C:\WINDOWS\DirectionsUI.INI
[2008/12/16 14:07:17 | 000,000,045 | ---- | C] () -- C:\WINDOWS\NetworkAnalystUI.INI
[2008/12/05 10:07:47 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/12/04 11:31:46 | 000,024,617 | -H-- | C] () -- C:\Documents and Settings\Andrea\Application Data\Comma Separated Values (Windows).ADR
[2008/12/02 11:59:17 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\unwise32.exe
[2008/09/15 13:36:00 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/09/05 15:15:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/02 11:02:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/02/05 20:35:43 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/05 20:35:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/05 20:23:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/02/04 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/04 11:20:27 | 000,000,250 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/02/04 11:20:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pe.ini
[2008/02/04 11:20:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ft99.ini
[2008/02/04 11:20:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cp.ini
[2008/02/04 11:20:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2008/02/04 11:20:12 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/31 19:05:51 | 000,093,680 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/01/31 16:08:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/31 16:04:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/31 09:52:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/31 09:51:17 | 004,920,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/01/04 17:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 17:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,435,760 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,068,404 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/03 14:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
========== LOP Check ==========
[2009/04/23 12:48:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/01/13 10:19:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator
[2008/02/04 12:14:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2009/05/12 10:29:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2010/11/15 10:09:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/19 15:46:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/17 13:25:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2011/04/04 12:56:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\Avery
[2009/09/21 09:47:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\BitZipper
[2010/10/18 10:24:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\ColorImpact3
[2010/09/14 09:37:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\ESRI
[2008/12/01 12:15:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\ICAClient
[2009/06/10 15:35:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\pdf995
[2009/10/09 13:44:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\Safe Software
[2010/01/21 14:14:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\SpatialEcology
[2010/02/18 09:53:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\webex
[2010/01/07 16:50:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\Windows Live Writer
[2008/12/01 17:23:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\Windows Search
[2008/12/01 10:56:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrea\Application Data\Xerox
[2011/05/30 12:02:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
< End of report >
Edited by Quatico, 30 May 2011 - 12:22 PM.