Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Extremely slow Firefox


  • Please log in to reply

#31
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Yes, and Google is still redirecting me to the wrong websites every now and again. If I go 'back' and click it again it's fine though.
  • 0

Advertisements


#32
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#33
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Earlier today my Internet Explorer was acting up and going very slow as well. I did have a Firefox window up in the background, so that might have been it. I think Firefox (or something related) may just be slowing my whole computer down it seems.

Anyways, here is the log.

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/03/19 02:32
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2911000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B85000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0E1D000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\HPSLPS007.log
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\01-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\02-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\03-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\04-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\05-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\06-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\07-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\debi\My Documents\My Music\iTunes\iTunes Music\0th\Ultimate Mitch Hedberg (Both Albums, Live, Howard Stern, and More) (-icp-)\Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004\08-Live and Unreleased at the Congress Theatre in Chicago on 11-13-2004.mp3
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86e5b058

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x86e47058

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x86ace638

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86df5300

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2bb0020

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x86acc828

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86ace750

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x86208788

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2bb02a0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2bb0800

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x86ace498

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x86a4f1f0

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x86dd4058

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x86accfb0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x86dce9a8

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x86e3d0d8

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x86e5b340

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x86accdc8

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86e169b0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x86f910d8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86acce98

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x86accc70

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2bb0a50

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x86ad01f8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86eea0d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86fcf0d8

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86dfb0d8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x86e640d8

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x86ace568

Whole thing fit, yay!

Edited by lildebi, 19 March 2009 - 12:47 AM.

  • 0

#34
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's ActiveScan 2.0
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the yellow bar to install the active x control.
  • Then click Install.
  • It will begin to download and scan.
  • When the scan completes, click on the Export now button then save the file to your desktop.
  • Close Active scan 2.0

  • 0

#35
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
If you wanted the log, here it is!

;***************************************************************************************************
********************************************************************************
ANALYSIS: 2009-03-21 12:26:06
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***************************************************************************************************
********************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================
================================================================================
Norton 360 2007 Yes Yes
;===================================================================================================
================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================
================================================================================
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\debi\Cookies\debi@atwola[3].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\debi\Cookies\debi@atwola[1].txt
;===================================================================================================
================================================================================
SUSPECTS
Sent Location o5
;===================================================================================================
================================================================================
;===================================================================================================
================================================================================
VULNERABILITIES
Id Severity Description o5
;===================================================================================================
================================================================================
;===================================================================================================
================================================================================
  • 0

#36
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#37
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hmm, I ran it twice and only got one notepad both times. Here is OTListIt.Txt:

OTListIt logfile created on: 3/22/2009 4:03:06 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\debi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 552.69 Mb Available Physical Memory | 54.01% Memory free
2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 2.69 Gb Free Space | 4.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRETTY
Current User Name: debi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\Quickset.exe (Dell Inc)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
PRC - C:\Program Files\3M\PSNLite\PsnLite.exe (3M)
PRC - C:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe ()
PRC - C:\Program Files\Apoint\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\3M\PSNLite\PSNGive.exe (3M)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\debi\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LMIMaint [Auto | Stopped]) -- File not found
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (CO_Mon [Auto | Running]) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (EAPPkt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\EAPPkt.sys (Windows ® 2000 DDK provider)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GTIPCI21 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gtipci21.sys (Texas Instruments)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LSWPCv4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rtl8180.sys (Realtek Semiconductor Corporation )
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090321.019\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090321.019\NAVEX15.SYS (Symantec Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8180 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8180.SYS (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090310.004\SymIDSco.sys (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (pgfilter [On_Demand | Running]) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.people.com/people/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {89AF297F-6C18-425E-A0DF-5BB7E76A7DAF}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\extensions\\{89AF297F-6C18-425E-A0DF-5BB7E76A7DAF}: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\APPLICATION DATA\{89AF297F-6C18-425E-A0DF-5BB7E76A7DAF}\ [2009/01/09 16:49:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/17 01:18:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/15 16:09:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/15 16:09:58 | 00,000,000 | ---D | M]

[2009/02/02 20:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\mozilla\Extensions
[2009/02/02 20:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/20 21:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\mozilla\Firefox\Profiles\o9uwe6il.default\extensions
[2009/02/03 19:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\mozilla\Firefox\Profiles\o9uwe6il.default\extensions\[email protected]
[2009/03/04 15:11:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/15 16:09:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/15 16:09:48 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/15 16:09:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/30 14:44:08 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (909 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY (Dell Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe (3M)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk = C:\Program Files\REALTEK Semiconductor Corp.\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} http://rms2.invokeso...iveCompTest.ocx (Invoke Solutions Compatibility Test Control)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://rms2.invokeso...1445/MILive.cab (Invoke Solutions Participant Control(MR))
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{25b03446-9f88-11dd-8f30-0014a589717a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b03446-9f88-11dd-8f30-0014a589717a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25b03446-9f88-11dd-8f30-0014a589717a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{295bc91e-bce4-11dc-8e99-0014a589717a}\Shell - "" = AutoRun
O33 - MountPoints2\{295bc91e-bce4-11dc-8e99-0014a589717a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{295bc91e-bce4-11dc-8e99-0014a589717a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7b06fab4-277a-11dd-8ed7-0014a589717a}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/03/22 04:01:11 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\debi\Desktop\OTListIt2.exe
[2009/03/21 15:33:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\debi\Desktop\I Am Sam (2001 OST)
[2009/03/21 02:48:06 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/21 02:47:04 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/21 02:46:40 | 00,175,504 | ---- | C] () -- C:\Documents and Settings\debi\Desktop\activescan2_en.exe
[2009/03/19 02:31:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\debi\Desktop\RootRepeal
[2009/03/16 23:43:29 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$munologytest2.doc
[2009/03/16 23:43:28 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\immunologytest2.doc
[2009/03/16 19:00:58 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/16 12:36:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/16 12:36:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/16 12:36:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/16 12:36:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/16 12:36:35 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/16 12:36:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/16 12:36:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/16 12:36:35 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/16 12:36:35 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/16 12:36:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/16 10:51:59 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\m&b 3.16.doc
[2009/03/04 23:19:31 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\insects_buginacup.doc
[2009/03/04 20:30:34 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/03/04 19:09:09 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$g in a Cup.doc
[2009/03/04 15:21:32 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$lkweed report.doc
[2009/03/04 15:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\debi\Local Settings\Application Data\Mozilla
[2009/03/04 15:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/03/04 14:33:04 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\Bug in a Cup.doc
[2009/03/04 14:32:44 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\milkweed report.doc
[2009/03/04 14:32:35 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\milkweedbug journal.doc
[2009/03/04 11:58:57 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\m&b 3.04.doc
[2009/03/03 04:55:00 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\interview_tellmeabout.doc
[2009/02/28 12:51:27 | 00,385,586 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\fafsa2009.pdf
[2009/02/27 11:53:03 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\m&b 2.27.doc
[2009/02/23 20:04:33 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\interview_whoareyou.doc
[2009/02/23 09:33:45 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/02/23 09:33:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/02/23 09:33:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/23 04:05:59 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\m&b 2.06.doc
[2009/02/23 02:51:02 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$b 2.13.doc
[2009/02/23 02:50:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$b 2.09.doc
[2009/02/23 02:50:31 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$b 2.04.doc
[2009/02/23 02:49:23 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$B 2.02.doc
[2009/02/23 02:48:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$B 1.30.doc
[2009/02/23 02:47:45 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\debi\My Documents\~$B 1.28.doc
[2009/02/21 00:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/20 19:34:37 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\insects_5orders.doc
[2009/02/20 16:16:51 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\insects_4lifecycles.doc
[2009/02/20 15:02:37 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\insects_3diversity.doc
[2009/02/20 14:37:30 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\debi\My Documents\insects_2arthropods.doc

========== Files - Modified Within 30 Days ==========

[1 C:\Documents and Settings\debi\My Documents\*.tmp files]
[2009/03/22 04:01:11 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debi\Desktop\OTListIt2.exe
[2009/03/22 03:40:35 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/22 03:40:35 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/22 03:40:35 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/22 03:37:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/22 03:36:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/22 03:35:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/22 03:35:47 | 10,731,43808 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/21 23:19:08 | 00,196,096 | ---- | M] () -- C:\Documents and Settings\debi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 02:46:41 | 00,175,504 | ---- | M] () -- C:\Documents and Settings\debi\Desktop\activescan2_en.exe
[2009/03/18 16:56:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/17 01:18:23 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\immunologytest2.doc
[2009/03/17 01:13:48 | 00,000,739 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/16 23:43:29 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$munologytest2.doc
[2009/03/16 20:04:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/16 12:41:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/16 10:52:00 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\m&b 3.16.doc
[2009/03/16 03:15:20 | 00,403,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 03:02:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/06 08:13:01 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\insects_buginacup.doc
[2009/03/04 19:09:09 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$g in a Cup.doc
[2009/03/04 15:21:32 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$lkweed report.doc
[2009/03/04 14:33:05 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\Bug in a Cup.doc
[2009/03/04 14:32:44 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\milkweed report.doc
[2009/03/04 14:32:38 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\milkweedbug journal.doc
[2009/03/04 11:58:57 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\m&b 3.04.doc
[2009/03/03 04:55:01 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\interview_tellmeabout.doc
[2009/02/28 12:51:27 | 00,385,586 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\fafsa2009.pdf
[2009/02/27 11:53:03 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\m&b 2.27.doc
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/25 07:41:15 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\m&b 2.09.doc
[2009/02/25 07:20:59 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\m&b 2.04.doc
[2009/02/25 07:20:55 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\m&b 2.06.doc
[2009/02/25 01:39:15 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\M&B 1.30.doc
[2009/02/24 22:04:07 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\M&B 1.28.doc
[2009/02/24 14:04:32 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\interview_whoareyou.doc
[2009/02/23 09:33:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/23 02:51:02 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$b 2.13.doc
[2009/02/23 02:50:44 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$b 2.09.doc
[2009/02/23 02:50:31 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$b 2.04.doc
[2009/02/23 02:49:23 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$B 2.02.doc
[2009/02/23 02:48:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$B 1.30.doc
[2009/02/23 02:47:45 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\debi\My Documents\~$B 1.28.doc
[2009/02/22 16:37:00 | 00,010,240 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db
[2009/02/20 19:34:37 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\insects_5orders.doc
[2009/02/20 16:16:52 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\insects_4lifecycles.doc
[2009/02/20 15:30:51 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\insects_3diversity.doc
[2009/02/20 14:37:30 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\insects_2arthropods.doc
[2009/02/20 12:30:42 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\debi\My Documents\bugjournal.doc
[2009/02/20 10:03:25 | 00,000,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

========== LOP Check ==========

[2009/02/17 01:48:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/26 20:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/16 20:37:59 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/07/09 00:57:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/12/17 02:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2006/12/17 02:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2006/12/17 02:13:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/08 17:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/04/28 02:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/09/17 15:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/01/10 05:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/01/10 05:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/01/10 05:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/02/16 20:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/17 01:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/18 17:32:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/01/13 18:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2007/08/02 03:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2007/06/18 11:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/02/16 02:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/09/17 22:08:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/12 03:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/01/25 02:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/10 05:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2006/08/25 09:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/02/17 01:48:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\debi\Application Data
[2006/08/24 20:00:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\3M
[2008/02/04 00:28:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\A.D.A.M., Inc
[2008/05/19 16:11:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Adobe
[2007/01/13 19:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\AdobeUM
[2006/08/23 18:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Aim
[2009/01/06 20:18:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Apple Computer
[2009/03/21 03:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Azureus
[2007/07/31 23:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\CyberLink
[2006/10/18 23:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Help
[2009/01/10 05:54:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\HP
[2009/03/18 19:47:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\HPAppData
[2006/08/22 21:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Identities
[2007/07/31 23:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\InstallShield
[2006/10/12 02:56:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Jasc
[2006/10/12 02:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Jasc Software Inc
[2008/11/18 17:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Lavasoft
[2006/09/27 15:15:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Leadertech
[2007/05/31 23:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Macromedia
[2009/02/17 01:48:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Malwarebytes
[2007/08/02 03:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Media Player Classic
[2008/05/25 20:46:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\debi\Application Data\Microsoft
[2009/03/18 19:56:40 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\debi\Application Data\Move Networks
[2009/02/02 20:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Mozilla
[2006/09/23 01:51:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\ourTunes
[2007/08/02 11:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Real
[2008/11/13 23:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Research In Motion
[2009/02/16 16:28:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Skype
[2006/09/27 10:29:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Sonic
[2009/02/15 20:23:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Spybot - Search & Destroy
[2007/09/05 08:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Stata10
[2006/08/25 17:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Sun
[2007/09/17 22:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\SUPERAntiSpyware.com
[2008/08/18 00:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Symantec
[2009/01/08 02:04:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\U3
[2007/01/11 18:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\debi\Application Data\Viewpoint
[2009/03/16 20:04:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/03/18 16:56:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/22 03:36:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >
  • 0

#38
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
======================================================
Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

  • 0

#39
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I wasn't sure which would work better:

BitDefender Online Scanner

Scan report generated at: Sun, Mar 22, 2009 - 14:27:56

Scan path: C:\;D:\;


Statistics

Time


01:39:53

Files


234941

Folders


7741

Boot Sectors


0

Archives


3525

Packed Files


10947







Results

Identified Viruses


1

Infected Files


1

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


1







Engines Info

Virus Definitions


2814736

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\System Volume Information\_restore{DBFCFD8D-1970-4C7A-A9EB-3E4B33DAC3C1}\RP903\A0119231.ini


Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{DBFCFD8D-1970-4C7A-A9EB-3E4B33DAC3C1}\RP903\A0119231.ini


Disinfection failed

C:\System Volume Information\_restore{DBFCFD8D-1970-4C7A-A9EB-3E4B33DAC3C1}\RP903\A0119231.ini


Deleted

Attached Files


  • 0

#40
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Download SREng from here: http://www.kztechs.c...g/download.html
  • Extract all content to your Desktop
  • From the sreng2 folder on your Desktop, double-click SREng.exe to run itSelect: Smart Scan
  • Then, click the [Scan] button When finished, click on the [Save Reports] button Save the log to your
  • Desktop Please attach the contents of the SREnglLOG.log file in your next reply.

  • 0

Advertisements


#41
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thanks for the quick replies, you are astounding!

Attached Files


  • 0

#42
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

Nothing shows in your logs at all as to what is redirecting you.


Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
========
Reboot and see then if you are still getting redirected.
  • 0

#43
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Been spending the last couple of days to be sure, and I am definitely still getting redirected! It was awful, in class today I got redirected to an X-rated site! How embarrassing hahaha.

But to be honest, I can live with the redirecting. What's really bothering me is the slowness of how my browsers load.
  • 0

#44
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Do you have more than one user account? or are you behind a router?
  • 0

#45
lildebi

lildebi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
On my computer? There's just one user account. And yes I'm behind a router. Living in a townhouse with 3 other girls.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP