it seems I have a trojan(RESOLVED)
-
re: it seems I have a trojan(RESOLVED)
Hey Neal, I had already tried the showing hidden files/folders option before and even then it wouldn't show when I tried to upload it, instead I made a copy of it in my desktop, is that ok for me to do? is it the same? Anyways this is the result.
File smss.exe received on 2009.07.12 01:37:35 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.11 -
AhnLab-V3 5.0.0.2 2009.07.11 -
AntiVir 7.9.0.204 2009.07.11 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.11 -
Avast 4.8.1335.0 2009.07.11 -
AVG 8.5.0.387 2009.07.11 -
BitDefender 7.2 2009.07.12 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.11 -
Comodo 1620 2009.07.12 -
DrWeb 5.0.0.12182 2009.07.11 -
eSafe 7.0.17.0 2009.07.09 -
eTrust-Vet 31.6.6608 2009.07.10 -
F-Prot 4.4.4.56 2009.07.11 -
F-Secure 8.0.14470.0 2009.07.11 -
Fortinet 3.120.0.0 2009.07.11 -
GData 19 2009.07.12 -
Ikarus T3.1.1.64.0 2009.07.11 -
Jiangmin 11.0.706 2009.07.11 -
K7AntiVirus 7.10.790 2009.07.11 -
Kaspersky 7.0.0.125 2009.07.12 -
McAfee 5673 2009.07.11 -
McAfee+Artemis 5673 2009.07.11 -
McAfee-GW-Edition 6.8.5 2009.07.11 -
Microsoft 1.4803 2009.07.11 -
NOD32 4235 2009.07.11 -
Norman 6.01.09 2009.07.10 -
nProtect 2009.1.8.0 2009.07.12 -
Panda 10.0.0.14 2009.07.11 -
PCTools 4.4.2.0 2009.07.11 -
Prevx 3.0 2009.07.12 -
Rising 21.37.52.00 2009.07.11 -
Sophos 4.43.0 2009.07.11 -
Sunbelt 3.2.1858.2 2009.07.11 -
Symantec 1.4.4.12 2009.07.12 -
TheHacker 6.3.4.3.365 2009.07.11 -
TrendMicro 8.950.0.1094 2009.07.10 -
VBA32 3.12.10.8 2009.07.11 -
ViRobot 2009.7.11.1831 2009.07.11 -
VirusBuster 4.6.5.0 2009.07.11 -
Additional information
File size: 75264 bytes
MD5...: 9fc8e8c0f344eae043740b72794da3cc
SHA1..: f1c1f744bc0a386386ede7629349daff15e6103a
SHA256: 8b4302a0298553486fa675b758c22497dda3524df11e5cffdc 4de410b517161f
ssdeep: 1536:vcGfC/n+FP9SUQY5iHNV07fHTcVjbNLNWeHwt0abz/2xo:vcGfC/n+FP9SU<br>QvNqfTubNLUhn/V<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (95.5%)<br>Generic Win/DOS Executable (2.2%)<br>DOS Executable Generic (2.2%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xfd54<br>timedatestamp.....: 0x479191b0 (Sat Jan 19 05:59:12 2008)<br>machinetype.......: 0x8664 (AMD64)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x10b54 0x10c00 6.14 c64d6aefe6aade3a30ab71454a234f90<br>.data 0x12000 0x15d0 0xa00 2.01 6236e26dd809efc3dbebf864645e21ae<br>.pdata 0x14000 0x5ac 0x600 4.56 b3fddbaf003fc1c945394e96ce13eddb<br>.rsrc 0x15000 0x3f8 0x400 3.33 91da0008b40bf5c2f2abaf231154004c<br>.reloc 0x16000 0x1d2 0x200 3.37 5d59cab315a565761bbcf0a2a2a25f50<br><br>( 1 imports ) <br>> ntdll.dll: DbgPrintEx, RtlUnicodeStringToInteger, RtlFreeUnicodeString, RtlAllocateHeap, RtlUpcaseUnicodeChar, RtlFreeHeap, NtQueryInformationProcess, RtlInitUnicodeStringEx, NtOpenFile, NtClose, NtQueryVolumeInformationFile, RtlInitUnicodeString, NtCreatePagingFile, NtQuerySystemInformation, NtSetInformationFile, NtQueryInformationFile, RtlCompareUnicodeString, RtlAppendUnicodeStringToString, NtCreateKey, NtSetValueKey, RtlAllocateAndInitializeSid, RtlCreateSecurityDescriptor, RtlCreateAcl, RtlAddAccessAllowedAce, RtlSetDaclSecurityDescriptor, RtlSetOwnerSecurityDescriptor, NtSetSecurityObject, NtQueryValueKey, RtlExpandEnvironmentStrings_U, RtlDosPathNameToNtPathName_U, _vsnwprintf, NtReadFile, NtOpenKey, RtlCreateUnicodeString, RtlNumberOfSetBitsUlongPtr, RtlCreateTagHeap, NtSetInformationProcess, NtAlpcCreatePort, NtOpenEvent, RtlAppendUnicodeToString, RtlCreateEnvironment, NtDeleteValueKey, RtlSetCurrentEnvironment, RtlQueryRegistryValues, NtCreateDirectoryObject, NtSetEvent, NtSetSystemInformation, NtInitializeRegistry, _wcsupr, NtOpenDirectoryObject, NtCreateSymbolicLinkObject, NtMakeTemporaryObject, _stricmp, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlRandomEx, qsort, LdrVerifyImageMatchesChecksumEx, RtlAdjustPrivilege, RtlEqualUnicodeString, _wcsicmp, RtlSetEnvironmentVariable, NtCreateSection, NtMapViewOfSection, iswspace, RtlQueryEnvironmentVariable_U, RtlDosSearchPath_U, RtlCreateProcessParametersEx, RtlCreateUserProcess, RtlDestroyProcessParameters, EtwEventWrite, EtwEventEnabled, NtTerminateProcess, NtWaitForSingleObject, NtResumeThread, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtDisplayString, RtlLengthSid, RtlGetAce, RtlAddMandatoryAce, RtlSetSaclSecurityDescriptor, NtQueryDirectoryObject, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlPrefixUnicodeString, RtlTimeToTimeFields, NtCreateFile, NtWriteFile, RtlCreateUserThread, RtlAcquireSRWLockExclusive, NtAlpcDisconnectPort, RtlReleaseSRWLockExclusive, RtlAcquireSRWLockShared, RtlReleaseSRWLockShared, NtAlpcImpersonateClientOfPort, NtOpenThreadToken, NtQueryInformationToken, NtSetInformationThread, RtlSetThreadIsCritical, AlpcInitializeMessageAttribute, NtAlpcSendWaitReceivePort, RtlExitUserThread, AlpcGetMessageAttribute, NtAlpcCancelMessage, NtAlpcOpenSenderProcess, RtlInitializeSRWLock, NtAlpcAcceptConnectPort, NtConnectPort, NtRequestWaitReplyPort, NtDuplicateObject, RtlInitializeBitMap, RtlClearAllBits, RtlFindClearBits, RtlTestBit, RtlSleepConditionVariableSRW, RtlSetBits, NtCreateEvent, NtClearEvent, RtlDeleteNoSplay, RtlClearBits, RtlWakeConditionVariable, RtlWakeAllConditionVariable, RtlFreeSid, RtlSetHeapInformation, EtwEventRegister, RtlSetProcessIsCritical, NtWaitForMultipleObjects, NtRaiseHardError, RtlInitializeConditionVariable, NtDelayExecution, RtlUnicodeStringToAnsiString, NtQueryEvent, wcstoul, LdrQueryImageFileExecutionOptions, RtlAcquirePrivilege, RtlReleasePrivilege, RtlUnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, DbgBreakPoint, RtlNormalizeProcessParams, RtlConnectToSm, RtlSendMsgToSm, memcpy, memset, __chkstk, __C_specific_handler<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
-
How is your computer behaving now?
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
* Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
* In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
* Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
* Do not TOUCH your keyboard until the scan completes!
* It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
* Post both logs please(copy/paste)
* Exit OTL by clicking the X at top right.
-
Hi Neal, my comp hasn't done anything unusual since the time I made the first post, except becoming a bit slower. These are the two logs:
OTL log:
OTL logfile created on: 7/13/2009 7:26:19 PM - Run 4
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\sandra\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.45 Gb Total Space | 511.19 Gb Free Space | 74.36% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 1.50 Gb Free Space | 13.42% Space Free | Partition Type: NTFS
Drive E: | 696.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SANDRA-PC
Current User Name: sandra
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2007/05/29 18:19:06 | 00,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe
PRC - [2008/11/03 18:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2008/11/03 18:21:16 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/01/12 12:27:06 | 00,972,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2009/06/23 11:01:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/04/07 05:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/03/25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/07/13 19:22:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe
PRC - [2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/02/09 06:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/03/31 20:16:19 | 01,038,088 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64 [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 22:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2007/10/18 11:37:22 | 00,412,672 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService [Auto | Running])
SRV - [2008/02/09 06:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/08/21 15:22:00 | 00,267,096 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Running])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/03/06 13:38:38 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2007/12/04 20:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/03/14 21:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Disabled | Stopped])
SRV - [2007/05/29 18:19:06 | 00,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv [Auto | Running])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/11/03 18:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/11/02 05:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2008/09/05 12:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2006/11/02 09:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2008/01/20 22:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/08/11 19:32:22 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2006/11/02 02:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/11/02 02:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV:64bit: - [2008/06/27 08:51:10 | 00,088,632 | ---- | M] () -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto | Running])
DRV:64bit: - [2008/05/08 06:27:00 | 00,411,136 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2 [On_Demand | Running])
DRV:64bit: - [2008/07/30 18:55:06 | 00,025,424 | ---- | M] () -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV:64bit: - [2008/04/17 14:12:54 | 00,019,304 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2008/10/21 16:00:12 | 01,655,296 | ---- | M] () -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA [On_Demand | Running])
DRV:64bit: - [2008/05/08 06:24:08 | 01,487,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP [On_Demand | Running])
DRV:64bit: - [2008/11/03 18:10:08 | 00,406,040 | ---- | M] () -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV:64bit: - [2006/06/19 10:27:24 | 00,017,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV:64bit: - [2008/03/26 11:24:04 | 00,405,504 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x [On_Demand | Running])
DRV:64bit: - [2008/02/14 10:56:14 | 00,160,768 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2008/01/31 07:51:00 | 00,440,880 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP [On_Demand | Running])
DRV:64bit: - [2008/01/31 07:51:00 | 00,476,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL [On_Demand | Stopped])
DRV:64bit: - [2008/01/31 07:51:00 | 00,032,304 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX [System | Running])
DRV:64bit: - [2008/01/20 22:47:25 | 00,012,288 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV:64bit: - [2009/02/19 12:30:58 | 00,016,432 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV:64bit: - [2009/03/05 17:58:34 | 00,172,080 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV:64bit: - [2009/02/19 12:30:58 | 00,145,456 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV:64bit: - [2009/02/19 12:31:42 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV:64bit: - [2009/02/19 12:31:18 | 00,047,664 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Running])
DRV:64bit: - [2009/02/19 12:30:58 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV:64bit: - [2009/02/19 12:31:00 | 00,266,800 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV:64bit: - [2008/05/08 06:25:12 | 00,740,864 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV:64bit: - [2007/10/18 11:37:10 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio [Auto | Running])
DRV - [2008/08/14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008/07/30 18:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\SysWow64\drivers\COH_Mon.inf -- (COH_Mon [On_Demand | Stopped])
DRV - [2009/03/05 05:00:00 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl [System | Running])
DRV - [2009/03/05 05:00:00 | 00,131,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/02/09 18:59:12 | 00,370,224 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsde fs\20090427.002\IDSviA64.sys -- (IDSvia64 [System | Running])
DRV - [2006/06/19 10:26:50 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\SysWow64\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
DRV - [2006/09/18 17:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2009/03/05 05:00:00 | 00,136,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\2009 0501.035\ENG64.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/05 05:00:00 | 01,461,808 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\2009 0501.035\EX64.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2006/09/18 17:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.0.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - HKLM\software\mozilla\Firefox\Extensions\\smartweb printing@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/14 13:54:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/07 11:32:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/06/12 17:55:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/06/15 17:37:19 | 00,000,000 | ---D | M]
[2009/03/05 17:53:43 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\mozilla\Extensions
[2009/03/05 17:53:43 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\mozilla\Extensions \{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/12 23:53:03 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Pr ofiles\ml18aho3.default\extensions
[2009/07/07 11:52:22 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Pr ofiles\ml18aho3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/05 18:47:29 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Pr ofiles\ml18aho3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/03/05 17:53:35 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/06/12 17:55:09 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/12 17:55:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 17:55:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2008/06/30 14:44:08 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2009/06/12 17:55:04 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/03/07 01:50:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/03/07 01:50:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/07 01:50:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/07 01:50:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/07 01:50:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/07 01:50:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/07 01:50:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/04/23 23:24:21 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 23:24:21 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/23 23:24:21 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 23:24:21 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 23:24:21 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/23 23:24:21 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 23:24:21 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Windows] C:\Windows\smss.exe File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/07/13 19:22:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe
[2009/07/10 17:38:01 | 03,561,089 | -H-- | C] () -- C:\Users\sandra\AppData\Local\IconCache.db
[2009/07/09 22:43:55 | 00,000,000 | ---D | C] -- C:\Users\sandra\Desktop\New Folder (4)
[2009/07/09 15:03:10 | 00,000,000 | ---D | C] -- C:\MSNCleaner
[2009/07/08 15:36:31 | 00,033,268 | ---- | C] () -- C:\Users\sandra\Desktop\1246553150020.jpg
[2009/07/08 14:45:35 | 00,159,410 | ---- | C] () -- C:\Users\sandra\Desktop\MsnCleaner.zip
[2009/07/07 15:56:32 | 00,000,000 | ---D | C] -- C:\Users\sandra\Desktop\New Folder
[2009/07/07 11:36:37 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/07/07 11:36:37 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/07/07 11:36:37 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/07/07 11:36:37 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/07/07 11:36:36 | 02,332,672 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/07/07 11:36:36 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/07/07 11:36:36 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/07/07 11:36:36 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/07/07 11:36:36 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/07/07 11:36:36 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/07/07 11:36:36 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/07/07 11:36:36 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/07/07 11:36:36 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/07/07 11:36:35 | 01,146,368 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/07/07 11:36:35 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/07/07 11:36:35 | 00,457,728 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/07/07 11:36:35 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/07/07 11:36:35 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/07/07 11:36:34 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/07/07 11:36:34 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/07/07 11:36:34 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/07/07 11:36:34 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/07/07 11:36:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/07/07 11:36:33 | 12,454,912 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/07/07 11:36:32 | 09,234,432 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/07/07 11:36:32 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/07/07 11:34:43 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2009/07/07 11:34:43 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2009/07/07 11:34:43 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2009/07/07 11:34:43 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2009/07/07 11:34:43 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2009/07/07 11:34:43 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2009/07/07 11:34:42 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2009/07/07 11:34:42 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2009/07/07 11:34:42 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2009/07/07 11:34:42 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2009/07/07 11:34:42 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2009/07/07 11:34:42 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2009/07/07 11:34:42 | 00,012,800 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/07/07 11:34:41 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2009/07/07 11:34:41 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2009/07/07 11:34:41 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2009/07/07 11:34:41 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/07/07 11:34:41 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2009/07/07 11:34:41 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2009/07/07 11:34:41 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2009/07/07 11:34:41 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/07/07 11:34:41 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2009/07/07 11:34:41 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2009/07/07 11:34:41 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/07/07 11:34:41 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2009/07/07 11:34:41 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2009/07/07 11:34:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/07/07 11:34:40 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/07/07 11:34:40 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009/07/07 11:34:40 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/07/07 11:34:40 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2009/07/07 11:34:40 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009/07/07 11:34:40 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/07/07 11:34:40 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2009/07/07 11:34:40 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2009/07/07 11:34:40 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2009/07/07 11:34:40 | 00,146,432 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/07/07 11:34:40 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2009/07/07 11:34:39 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009/07/07 11:34:39 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2009/07/07 11:34:39 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009/07/07 11:34:39 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/07/07 11:34:39 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2009/07/07 11:34:39 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webcheck.dll
[2009/07/07 11:34:39 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009/07/07 11:34:39 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2009/07/07 11:34:39 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/07/07 11:34:39 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2009/07/07 11:34:39 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2009/07/07 11:34:39 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/07/07 11:34:39 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/07/07 11:34:39 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2009/07/07 11:34:39 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2009/07/07 11:34:39 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2009/07/07 11:34:39 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2009/07/07 11:34:39 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2009/07/07 11:34:38 | 00,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2009/07/07 11:34:38 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009/07/07 11:34:38 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2009/07/07 11:34:38 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2009/07/07 11:34:38 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2009/07/07 11:34:38 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2009/07/07 11:34:38 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/07/07 11:34:38 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2009/07/07 11:34:38 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2009/07/07 11:34:38 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2009/07/07 11:34:38 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2009/07/07 11:34:38 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2009/07/07 11:34:38 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2009/07/07 11:34:38 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2009/07/07 11:34:38 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2009/07/07 11:34:37 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2009/07/07 11:34:37 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2009/07/07 11:34:37 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009/07/07 11:34:37 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009/07/07 11:34:37 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2009/07/07 11:34:37 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2009/07/07 11:34:37 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/07/07 11:34:37 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2009/07/07 11:34:37 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/07/07 11:34:37 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2009/07/07 11:34:37 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2009/07/07 11:34:37 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2009/07/07 11:34:37 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshta.exe
[2009/07/06 19:38:06 | 00,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Malwarebytes
[2009/07/06 19:38:05 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/06 19:38:03 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/07/06 19:38:02 | 00,022,040 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/06 19:38:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/06 19:38:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/07/06 19:11:00 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sandra\Documents\mbam-setup.exe
[2009/07/06 00:34:57 | 00,001,930 | ---- | C] () -- C:\Users\sandra\Desktop\HijackThis.lnk
[2009/07/06 00:34:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/07/06 00:33:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\sandra\Documents\HJTInstall.exe
[2009/07/06 00:29:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/06 00:29:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/07/06 00:27:03 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\sandra\Desktop\spybotsd162.exe
[2009/07/05 23:39:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/07/05 23:39:50 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/05 23:39:48 | 00,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\SUPERAntiSpyware.c om
[2009/07/05 23:39:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/07/05 23:38:33 | 06,568,480 | ---- | C] () -- C:\Users\sandra\Documents\SUPERAntiSpyware.exe
[2009/07/05 14:46:43 | 01,376,869 | ---- | C] () -- C:\Users\sandra\Desktop\pudin.ai
[2009/07/02 21:51:44 | 00,111,426 | ---- | C] () -- C:\Users\sandra\Desktop\day.kmz
[2009/07/01 00:46:47 | 09,505,939 | ---- | C] () -- C:\Users\sandra\Desktop\video(3).mp4
[2009/06/29 03:20:00 | 00,000,000 | ---D | C] -- C:\Users\sandra\Desktop\New Folder (3)
[2009/06/25 22:00:14 | 08,654,976 | ---- | C] () -- C:\Users\sandra\Desktop\04 - Heart Goes Boom!! (Instrumental).mp3
[2009/06/24 01:01:22 | 02,324,772 | ---- | C] () -- C:\Users\sandra\Desktop\23 mx_boldmen_city_loop.mp3
[2009/06/23 12:18:55 | 00,000,000 | ---D | C] -- C:\Users\sandra\Desktop\New Folder (2)
[2009/06/22 15:01:28 | 00,069,826 | ---- | C] () -- C:\Users\sandra\Desktop\selection_181_122.jpg
[2009/06/20 16:23:04 | 00,034,111 | ---- | C] () -- C:\Users\sandra\Desktop\image003.png
[2009/06/18 21:43:25 | 00,270,074 | ---- | C] () -- C:\Users\sandra\Documents\TrollstigenPanorama2smal l-1.jpg
[2009/06/18 21:43:13 | 00,192,398 | ---- | C] () -- C:\Users\sandra\Documents\MdD_Passo_Sella_descent. jpg
[2009/06/15 17:39:57 | 00,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\QQ Games Plugin
[2009/06/15 17:39:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2009/06/15 17:39:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2009/06/15 17:37:38 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/06/14 10:34:30 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2009/06/14 10:08:28 | 00,414,231 | ---- | C] () -- C:\Users\sandra\Desktop\gifko_03.gif
[2009/06/14 09:46:41 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/06/14 09:46:39 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/06/14 09:46:38 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/06/14 09:46:38 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/06/14 09:46:38 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/06/14 09:46:38 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/06/14 09:46:38 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/06/14 09:46:38 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/06/14 09:46:38 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/06/14 09:46:38 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/04/27 12:38:54 | 00,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/03/22 17:02:25 | 00,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2008/08/11 19:06:18 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/11 19:06:18 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
========== Files - Modified Within 30 Days ==========
[2009/07/13 19:22:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe
[2009/07/13 19:21:12 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/13 19:21:12 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/13 19:21:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/13 19:21:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/13 19:19:58 | 03,561,089 | -H-- | M] () -- C:\Users\sandra\AppData\Local\IconCache.db
[2009/07/13 14:42:03 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/07/13 14:42:03 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/07/13 14:42:03 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/07/13 04:04:02 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A7FA638A-B30C-4539-A597-A6C8D8FA6707}.job
[2009/07/08 14:36:07 | 00,159,410 | ---- | M] () -- C:\Users\sandra\Desktop\MsnCleaner.zip
[2009/07/07 12:38:28 | 02,900,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/07/07 12:28:46 | 00,027,136 | ---- | M] () -- C:\Users\sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 12:21:08 | 00,070,064 | ---- | M] () -- C:\Users\sandra\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/06 19:38:05 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/06 19:11:18 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\sandra\Documents\mbam-setup.exe
[2009/07/06 00:44:01 | 00,001,930 | ---- | M] () -- C:\Users\sandra\Desktop\HijackThis.lnk
[2009/07/06 00:33:37 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\sandra\Documents\HJTInstall.exe
[2009/07/06 00:28:32 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\sandra\Desktop\spybotsd162.exe
[2009/07/05 23:39:50 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/05 23:39:15 | 06,568,480 | ---- | M] () -- C:\Users\sandra\Documents\SUPERAntiSpyware.exe
[2009/07/05 16:30:59 | 01,376,869 | ---- | M] () -- C:\Users\sandra\Desktop\pudin.ai
[2009/07/02 21:04:45 | 00,111,426 | ---- | M] () -- C:\Users\sandra\Desktop\day.kmz
[2009/07/02 12:58:57 | 00,033,268 | ---- | M] () -- C:\Users\sandra\Desktop\1246553150020.jpg
[2009/07/01 01:56:07 | 09,505,939 | ---- | M] () -- C:\Users\sandra\Desktop\video(3).mp4
[2009/06/29 20:53:45 | 00,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - sandra.job
[2009/06/25 22:06:52 | 08,654,976 | ---- | M] () -- C:\Users\sandra\Desktop\04 - Heart Goes Boom!! (Instrumental).mp3
[2009/06/22 15:01:29 | 00,069,826 | ---- | M] () -- C:\Users\sandra\Desktop\selection_181_122.jpg
[2009/06/20 16:23:04 | 00,034,111 | ---- | M] () -- C:\Users\sandra\Desktop\image003.png
[2009/06/18 21:39:31 | 00,270,074 | ---- | M] () -- C:\Users\sandra\Documents\TrollstigenPanorama2smal l-1.jpg
[2009/06/18 21:39:26 | 00,192,398 | ---- | M] () -- C:\Users\sandra\Documents\MdD_Passo_Sella_descent. jpg
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/06/17 11:27:46 | 00,022,040 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/06/15 17:39:54 | 00,001,543 | -H-- | M] () -- C:\IPH.PH
[2009/06/15 17:37:38 | 00,000,021 | ---- | M] () -- C:\Windows\atid.ini
[2009/06/14 10:08:29 | 00,414,231 | ---- | M] () -- C:\Users\sandra\Desktop\gifko_03.gif
========== LOP Check ==========
[2009/07/06 19:38:06 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming
[2009/03/05 18:55:28 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\acccore
[2009/05/01 18:31:46 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\AVS4YOU
[2009/03/22 16:26:44 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\CyberLink
[2009/03/31 19:43:15 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Download Manager
[2009/03/22 16:54:07 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\dvdcss
[2009/05/16 13:04:58 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\iWin
[2006/11/02 11:07:25 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Media Center Programs
[2009/05/16 13:32:05 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\muvee Technologies
[2009/06/15 17:39:59 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\QQ Games Plugin
[2009/03/30 19:09:07 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\SecretIslandEng
[2009/05/09 00:18:29 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\uniblue
[2009/07/06 21:28:14 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\uTorrent
[2009/03/11 11:58:49 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ventrilo
[2009/06/06 22:12:05 | 00,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\WinBatch
[2008/08/12 11:29:43 | 00,000,366 | ---- | M] () -- C:\Windows\Tasks\HPCeeScheduleForAdministrator.job
[2009/06/29 20:53:45 | 00,000,560 | ---- | M] () -- C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - sandra.job
[2009/07/13 19:21:09 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 19:20:07 | 00,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/13 04:04:02 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A7FA638A-B30C-4539-A597-A6C8D8FA6707}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\sandra\Desktop\video.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\sandra\Desktop\video(3).mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\sandra\Desktop\video(2).mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\sandra\Desktop\04 - Heart Goes Boom!! (Instrumental).mp3:TOC.WMV
< End of report >
-
Extras log:
OTL Extras logfile created on: 7/13/2009 7:26:19 PM - Run 4
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\sandra\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.45 Gb Total Space | 511.19 Gb Free Space | 74.36% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 1.50 Gb Free Space | 13.42% Space Free | Partition Type: NTFS
Drive E: | 696.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SANDRA-PC
Current User Name: sandra
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
{225bd6af-53ab-4069-99e3-61b289770b0d} = lport=2869 | protocol=6 | dir=in | app=system |
{54b9a9b6-4368-4256-9a3c-f830658bae7d} = lport=138 | protocol=17 | dir=in | app=system |
{57f4985c-4605-4e04-88ec-dfd0f7e5d67c} = rport=138 | protocol=17 | dir=out | app=system |
{5c38e68f-d7ad-404f-9076-40fb5feba598} = lport=445 | protocol=6 | dir=in | app=system |
{603e783b-9e81-46d0-92eb-d08ad93d0837} = rport=445 | protocol=6 | dir=out | app=system |
{8d9cb494-f129-4a86-9e2c-84cf4d1f9930} = lport=137 | protocol=17 | dir=in | app=system |
{b3d16334-e0a1-4024-b63e-664cbead7c33} = lport=139 | protocol=6 | dir=in | app=system |
{bce77041-7a8e-4459-9898-063cdd229a6e} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
{bdaa9cbb-1536-4f4a-a697-0a5ef8dba1f9} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{da1d3f1a-8916-4eb8-a8f2-5e477ff38265} = rport=139 | protocol=6 | dir=out | app=system |
{e368c1f7-4936-4073-b3ca-e1d35f81bd65} = rport=137 | protocol=17 | dir=out | app=system |
{fc578433-71a9-449d-92e1-7eec80e8cff6} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
{118151e7-81c8-484a-8200-d384ade291f4} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
{19b086eb-7000-4ba7-8f98-f543cdc00800} = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
{25985e33-0b1b-48c0-aca9-065c813a5097} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
{2c8bca4f-ee3e-4cbf-a332-c5cd7ae1ef9e} = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
{2e9a86fa-8ecb-4604-af70-ed857746998b} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
{4a6c6eff-d393-4d9e-a125-6241dea31bf2} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
{5c3ef87f-c454-423c-8436-d3d2b0727403} = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
{5cb1dc81-8bf9-4f8f-99ab-0dfeab33a171} = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{61d9dfaf-dced-4733-92c6-94a2a6098e5d} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
{6e2a0db7-8965-44b6-9410-142792a4afa6} = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{7486439d-4426-495d-9696-5ad7a88d31fe} = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{9081cf11-6b60-4be0-a685-1e3f4d42fb08} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
{911b7690-0de5-4fd6-8bc6-ccc824594e37} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
{9b148504-c947-4a21-a133-ecea2e961d69} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
{9e2b8777-6faa-43e1-bfb8-19ae82fc279f} = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
{9e5d93ec-5ef7-4eac-8653-d10b8faf6ef8} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
{9e99ead5-9d91-44b5-b8f8-b62c7a5a8d25} = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{b1edf5f2-e762-4153-a568-b0f320a42b23} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
{b4f184c1-da96-44f6-8722-78c3e0c93e18} = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
{babe7164-03ae-41bf-91ac-0a4353287b02} = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
{c4f36d52-955d-4d09-ae7a-25286d1280a4} = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{d336e278-a86a-49f9-8387-13f37558c787} = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{dfcc056e-51c4-48ad-a824-562a2f1b25b3} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
{e5ab33db-870d-44b3-9079-7ad7ffa863bb} = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
{f75cdd3b-df22-42c5-9253-5a66c4fb6e10} = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
{ffea8a31-4b5c-4834-b949-d966661caecf} = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2EF5C74A-1137-46B1-A7BA-5A39ED27A22A}" = Bonjour
"{4575935D-9457-4517-8750-2341F4286F5F}" = iTunes
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AB21AFDA-E39D-4F46-9AF3-D8E996817528}" = SymNet x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
"{DF3A490A-0B0C-480E-A6DE-D091A0EA7301}" = Sun xVM VirtualBox
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F303C668-7674-484A-8C04-579881C382F8}" = Norton Protection Center
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C1 4F1" = Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_6" = AIM 6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Hawaiian Explorer Lost Island_is1" = Hawaiian Explorer Lost Island 1.0.0.9
"Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
"HijackThis" = HijackThis 2.0.2
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"sp41119" = sp41119
"sp41121" = sp41121
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"The Treasures Of Mystery Island_is1" = The Treasures Of Mystery Island
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Mystery Case Files - Ravenhearst" = Mystery Case Files - Ravenhearst (remove only)
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/7/2009 12:39:27 PM | Computer Name = sandra-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/7/2009 12:57:33 PM | Computer Name = sandra-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b54 Start Time: 01c9ff2162218413 Termination Time: 13
Error - 7/8/2009 11:01:48 AM | Computer Name = sandra-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/8/2009 11:46:32 AM | Computer Name = sandra-PC | Source = EventSystem | ID = 4609
Description =
Error - 7/8/2009 11:47:09 AM | Computer Name = sandra-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/8/2009 2:06:50 PM | Computer Name = sandra-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/8/2009 2:13:44 PM | Computer Name = sandra-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/8/2009 4:34:46 PM | Computer Name = sandra-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/9/2009 3:08:08 PM | Computer Name = sandra-PC | Source = EventSystem | ID = 4609
Description =
Error - 7/9/2009 3:09:11 PM | Computer Name = sandra-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 4/19/2009 9:31:22 PM | Computer Name = sandra-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 6/19/2009 4:33:57 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:03 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:09 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:15 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:21 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:27 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:33 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:39 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:45 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 6/19/2009 4:34:51 AM | Computer Name = sandra-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
< End of report >
-
I'm not seeing anything major:
Sun Java out of date:
Update Java: Security Issue
* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: 
Select it and click Remove.
* The current version can be downloaded from Sun here: Java SE Downloads - Sun Developer Network (SDN) Scroll down the page to 'Java Runtime Environment (JRE) 6u14(or higher) and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
How long has it been since ccleaner has been run?
Uninstall if you did not put there yourself:
ViewpointMediaPlayer
viewpoint etc.
Reboot afterwards.
To speed up your computer you might consider uninstalling anything you don't use as you have quite a bit of stuff on your PC.
Symantec will bog you down, there are free anti-virus programs out there a lot smaller footprint.
That file we were looking for is not there any more according to OTL scan you just did. Hijackthis doesn't do very well with 64bit machines like yours but OTL does.
I think you are good to go, unless you tell me different.
-
Neal, I can not even tell you how thankful I am, I thought I was gonna have to do a complete system restore to my computer, but then that way, I wouldn't learn how to take better care of my comp. I have learned so much.
As you suggested I uninstalled Symantec since it was slowing my comp a little and got Avira instead. Also, I run ccleaner everyday. Again, thank you so much, you have been of great help to me.
-
You are very welcome,
If you are no longer having any more trouble here is some preventative measures for you.
Be sure to re-hide hidden files/folders if you were asked to unhide them
Here are some preventive measures you can take to keep your computer from getting infected again. Also keep SpybotS&D updated.
Read This First - IMPORTANT Instructions - D-A-L Computer Help
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained Here:
Windows XP: McAfee Threat Center
Explained Here
Microsoft ME:
Disabling or enabling Windows Me System Restore
Please download ATF Cleaner by Atribune to desktop.
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Double-click ATF-Cleaner.exe to run the program, to clean junk files off your PC.
If you would like to keep your cookies don't check that item
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
Internet Explorer 8: Home page
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including Avira and Avast and PCTools.
AVIRA: http://www.free-av.com/]Avira
AVAST: FREE antivirus software with spyware protection: avast! Home Edition
PCTOOLS: PC Tools AntiVirus - Free Anti Virus Download and Removal
3. In addtion to using SpyBot S&D consider using another free malware scanning/removal program:
Windows Defender: Windows Defender: Home Page
4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio: Personal Firewall by Sunbelt Software - Full Version & FREE Firewall - Kerio
Comodo:Firewall and AntiVirus Free Software Download from Comodo
5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/
6. Consider increasing your browser security by using Spyware Blaster:
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:
SpywareBlaster | Prevent spyware and malware. Free download.
If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: SpywareBlaster Custom Blocking List
IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm
Block access to Untrustworthy Sites
You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.
*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
