Not sure what it is but i have a new problem

I don't understand what you mean by "what part of the computer is going slowly". If it is slow, the whole thing is slow, if its fast, the whole thing is fast. I apologize for being dense. I just got up. Please be patient.

Sorry I wasn't specific, what events do you do that cause the computer to slow down?

I use FF and have as many as 9 tabs open most of the time I use it, though I cut back to four when i have to leave the computer for a time. Sometimes the computer takes several minutes to open FF, and as long to open iTunes. Sometimes starting MS Word takes as long as well.

I see, lets run this scan to see if it can pick up something I missed:


I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
  

the Dr. Web scan is still running. I had it wait until you could tell me what to do about that Trojan it found so its still going now. It is a little less than a third done. I'm guessing I should wait on any other scans until it is done right?

Yes wait until it has finished, this scan shouldn't take as long as Dr Web

Ok now Dr. web is half done. Is it supposed to take this long?

Dr. Web has found an old OTmoveit folder full of infected objects and wants to know if it should move it. What should i tell it to do?

Another problem i've been noticing for the past few weeks now that i think of it is when I'm writing out a long string of text sometimes the cursor jumps a few lines above where i'm typing and starts inserting my new text in the middle of a word, or jumps to a totally different part of the page and opens a dormant window that i have in the bar at the bottom of the screen, or something else of that sort. I'm using a laptop so I thought it had to do with my left hand accidentally touching the touchpad when I'm typing but the thing is the mouse pointer is frequently nowhere near where the cursor ends up. Sometimes what happens is the result of where the mouse pointer is but it isn't consistent. What do you suppose is going on?

As the doctor's say, when you hear hoofbeats think horses, not zebras. Well I'm trying and all I can think of is zebras at this point. What do you think?

Origin wrote:

Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.
  

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

OH GOD I F-eD UP! instead of clicking "cure" i clicked "delete"! THis is not my week. Am I screwed? What do I do now? Have you lost patience with me yet? I'm sorry! Oh god...

Ok here's the SDfix scan in two parts - the Hijackthis scan to follow. Part1 of SDfix:

SDFix: Version 1.240
Run by Jon on Mon 07/20/2009 at 10:54 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 23:47:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 1 Nov 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Jun 2009 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Sat 19 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 29 Oct 2007 822 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Fri 19 Mar 2004 67,944 ...H. --- "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Express.exe"
Mon 16 Apr 2007 286,720 ...H. --- "C:\Documents and Settings\Jon\Application Data\Microsoft\Word\~WRL0812.tmp"
Thu 22 Mar 2007 127,488 ...H. --- "C:\Documents and Settings\Jon\Application Data\Microsoft\Word\~WRL1880.tmp"
Mon 16 Apr 2007 180,224 ...H. --- "C:\Documents and Settings\Jon\Application Data\Microsoft\Word\~WRL2838.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Jon\Application Data\U3\temp\Launchpad Removal.exe"
Tue 1 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Music\License Backup\drmv1key.bak"
Tue 1 Nov 2005 20 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 25 Oct 2005 312 A.SH. --- "C:\Documents and Settings\Jon\My Documents\My Music\License Backup\drmv2key.bak"
Wed 27 Jun 2007 31,744 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\~WRL1906.tmp"
Thu 11 Mar 2004 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0065.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0172.tmp"
Thu 11 Mar 2004 26,624 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0465.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0511.tmp"
Tue 9 Mar 2004 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0543.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0551.tmp"
Fri 27 Feb 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0558.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0653.tmp"
Sun 15 Feb 2004 31,744 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0687.tmp"
Sat 3 Jul 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL0885.tmp"
Fri 27 Feb 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL1123.tmp"
Fri 27 Feb 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL1300.tmp"
Tue 15 Jun 2004 29,696 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL1311.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL1443.tmp"
Sun 14 Mar 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL1453.tmp"
Sun 15 Feb 2004 23,552 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL1588.tmp"
Fri 27 Feb 2004 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2060.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2078.tmp"
Wed 7 Jul 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2134.tmp"
Thu 11 Mar 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2194.tmp"
Tue 15 Jun 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2329.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2413.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2429.tmp"

part two of SDfix:
Thu 11 Mar 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2456.tmp"
Fri 27 Feb 2004 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2466.tmp"
Fri 27 Feb 2004 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2476.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2736.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2824.tmp"
Fri 27 Feb 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2876.tmp"
Sun 14 Mar 2004 26,624 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL2891.tmp"
Sun 15 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3086.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3118.tmp"
Fri 27 Feb 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3172.tmp"
Wed 7 Jul 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3195.tmp"
Fri 27 Feb 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3221.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3331.tmp"
Thu 11 Mar 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3360.tmp"
Fri 27 Feb 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3378.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3462.tmp"
Fri 27 Feb 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3553.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3570.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3636.tmp"
Fri 27 Feb 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3677.tmp"
Thu 11 Mar 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3847.tmp"
Thu 11 Mar 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3877.tmp"
Fri 27 Feb 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3910.tmp"
Thu 11 Mar 2004 26,624 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3936.tmp"
Fri 27 Feb 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3977.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL3983.tmp"
Thu 11 Mar 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents_old\World Civ 2004\~WRL4076.tmp"
Sat 20 Sep 2008 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Artist Statements\~WRL0865.tmp"
Sat 27 Sep 2008 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Artist Statements\~WRL1155.tmp"
Wed 11 May 2005 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL0238.tmp"
Wed 11 May 2005 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL0482.tmp"
Wed 11 May 2005 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL0613.tmp"
Wed 11 May 2005 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL0875.tmp"
Wed 11 May 2005 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL1429.tmp"
Thu 12 May 2005 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL1634.tmp"
Thu 12 May 2005 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL1659.tmp"
Thu 12 May 2005 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL2571.tmp"
Wed 11 May 2005 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL2702.tmp"
Wed 11 May 2005 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL3178.tmp"
Thu 12 May 2005 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL3309.tmp"
Wed 11 May 2005 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL3534.tmp"
Wed 11 May 2005 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art of Africa stuff\~WRL4090.tmp"
Mon 13 Oct 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL0227.tmp"
Thu 9 Oct 2008 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL0406.tmp"
Mon 13 Oct 2008 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL0493.tmp"
Mon 13 Oct 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL0721.tmp"
Mon 13 Oct 2008 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL0940.tmp"
Mon 13 Oct 2008 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL1276.tmp"
Mon 13 Oct 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL1428.tmp"
Mon 13 Oct 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL1715.tmp"
Wed 17 Dec 2008 48,640 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL1798.tmp"
Mon 13 Oct 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL1964.tmp"
Mon 13 Oct 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL2085.tmp"
Mon 13 Oct 2008 31,744 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL3146.tmp"
Mon 13 Oct 2008 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL3239.tmp"
Mon 13 Oct 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL3619.tmp"
Mon 13 Oct 2008 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL3905.tmp"
Mon 13 Oct 2008 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL3987.tmp"
Mon 13 Oct 2008 31,744 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Art Since 1945\~WRL4049.tmp"
Mon 8 Dec 2008 32,768 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\ceramics\~WRL0462.tmp"
Mon 8 Dec 2008 32,768 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\ceramics\~WRL0630.tmp"
Sun 7 Dec 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\ceramics\~WRL2441.tmp"
Mon 8 Dec 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\ceramics\~WRL2869.tmp"
Mon 8 Dec 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\ceramics\~WRL3290.tmp"
Sun 7 Dec 2008 32,256 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\ceramics\~WRL3372.tmp"
Mon 8 Dec 2008 32,768 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\ceramics\~WRL3720.tmp"
Thu 17 Jul 2008 51,712 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL0243.tmp"
Thu 17 Jul 2008 73,728 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL0255.tmp"
Wed 16 Jul 2008 30,208 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL1030.tmp"
Wed 16 Jul 2008 30,208 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL1616.tmp"
Wed 16 May 2007 34,816 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL1762.tmp"
Mon 8 Jan 2007 24,576 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL1779.tmp"
Wed 16 May 2007 34,304 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL2243.tmp"
Mon 8 Jan 2007 25,088 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL2531.tmp"
Thu 17 Jul 2008 74,240 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL2799.tmp"
Thu 17 Jul 2008 75,776 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Complaints\~WRL3683.tmp"
Sat 19 May 2007 25,088 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Dating advice\~WRL2122.tmp"
Sat 19 May 2007 29,696 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Dating advice\~WRL3395.tmp"
Sat 11 Jul 2009 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Doctor's notes\~WRL0608.tmp"
Wed 1 Sep 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Humor\~WRL0003.tmp"
Wed 1 Sep 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Humor\~WRL0005.tmp"
Wed 26 Dec 2007 20,992 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Humor\~WRL1474.tmp"
Wed 23 Jan 2008 25,600 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Humor\~WRL1888.tmp"
Mon 31 Dec 2007 25,600 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Humor\~WRL2160.tmp"
Wed 1 Sep 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Humor\~WRL2415.tmp"
Wed 1 Sep 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Humor\~WRL3167.tmp"
Sun 8 Jul 2007 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Logins\~WRL1265.tmp"
Sun 26 Sep 2004 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Logins\~WRL1778.tmp"
Sat 9 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Logins\~WRL3050.tmp"
Sat 9 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Logins\~WRL3710.tmp"
Thu 18 Jun 2009 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\music downloads\~WRL0829.tmp"
Tue 23 Jun 2009 24,064 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\music downloads\~WRL2771.tmp"
Sun 27 Apr 2003 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL0225.tmp"
Wed 9 Oct 2002 30,720 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL1038.tmp"
Wed 9 Oct 2002 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL1132.tmp"
Mon 29 Jul 2002 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL1202.tmp"
Wed 9 Oct 2002 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL1268.tmp"
Thu 10 Oct 2002 29,184 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL1374.tmp"
Wed 9 Oct 2002 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL2052.tmp"
Wed 9 Oct 2002 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL2719.tmp"
Wed 9 Oct 2002 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL2768.tmp"
Wed 9 Oct 2002 29,184 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL2807.tmp"
Sun 27 Apr 2003 35,328 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL3065.tmp"
Sun 27 Apr 2003 33,280 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL3190.tmp"
Fri 25 Apr 2003 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\New Folder\~WRL3302.tmp"

part three of SDfix:

Thu 17 May 2007 25,088 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0001.tmp"
Sat 18 Aug 2007 30,208 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0002.tmp"
Sat 8 Sep 2007 57,856 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0003.tmp"
Fri 24 Aug 2007 30,720 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0004.tmp"
Mon 8 Oct 2007 58,368 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0005.tmp"
Sun 2 Sep 2007 56,832 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0213.tmp"
Thu 5 Jul 2007 27,136 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0216.tmp"
Thu 7 Feb 2008 59,904 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0399.tmp"
Mon 19 May 2008 60,416 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0604.tmp"
Thu 21 Aug 2008 57,856 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0821.tmp"
Sun 2 Nov 2008 59,392 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0847.tmp"
Sun 28 Oct 2007 59,392 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0895.tmp"
Wed 31 Oct 2007 60,416 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL0918.tmp"
Wed 19 Sep 2007 57,856 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL1595.tmp"
Mon 31 Dec 2007 58,880 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL1793.tmp"
Fri 28 Dec 2007 59,392 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL1952.tmp"
Sun 30 Dec 2007 58,880 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL2200.tmp"
Sat 16 Jun 2007 26,624 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL2470.tmp"
Tue 13 May 2008 60,928 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL2626.tmp"
Mon 7 Jan 2008 58,880 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL2961.tmp"
Thu 10 Apr 2008 60,928 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL2976.tmp"
Wed 5 Sep 2007 56,832 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL2987.tmp"
Thu 5 Mar 2009 63,488 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL3027.tmp"
Fri 28 Dec 2007 60,928 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL3096.tmp"
Fri 12 Jun 2009 81,408 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL3268.tmp"
Tue 13 May 2008 60,416 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL3312.tmp"
Tue 8 Jan 2008 59,392 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL3502.tmp"
Sat 22 Dec 2007 60,416 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL3817.tmp"
Sun 13 May 2007 25,088 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL3866.tmp"
Tue 7 Apr 2009 80,384 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL4069.tmp"
Mon 19 May 2008 60,416 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Numbers\~WRL4096.tmp"
Sun 19 Oct 2008 30,208 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Political\~WRL2641.tmp"
Mon 5 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Political Science\~WRL0002.tmp"
Mon 5 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Political Science\~WRL0004.tmp"
Sat 8 Dec 2007 71,168 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Political Science\~WRL0005.tmp"
Mon 5 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Political Science\~WRL0651.tmp"
Mon 5 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Political Science\~WRL1915.tmp"
Thu 26 Feb 2009 31,232 ...H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\Senior show 2009\~WRL0070.tmp"
Thu 11 Mar 2004 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0065.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0172.tmp"
Thu 11 Mar 2004 26,624 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0465.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0511.tmp"
Tue 9 Mar 2004 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0543.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0551.tmp"
Fri 27 Feb 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0558.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0653.tmp"
Sun 15 Feb 2004 31,744 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0687.tmp"
Sat 3 Jul 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL0885.tmp"
Fri 27 Feb 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL1123.tmp"
Fri 27 Feb 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL1300.tmp"
Tue 15 Jun 2004 29,696 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL1311.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL1443.tmp"
Sun 14 Mar 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL1453.tmp"
Sun 15 Feb 2004 23,552 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL1588.tmp"
Fri 27 Feb 2004 25,600 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2060.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2078.tmp"
Wed 7 Jul 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2134.tmp"
Thu 11 Mar 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2194.tmp"
Tue 15 Jun 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2329.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2413.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2429.tmp"
Thu 11 Mar 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2456.tmp"
Fri 27 Feb 2004 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2466.tmp"
Fri 27 Feb 2004 28,160 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2476.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2736.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2824.tmp"
Fri 27 Feb 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2876.tmp"
Sun 14 Mar 2004 26,624 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL2891.tmp"
Sun 15 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3086.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3118.tmp"
Fri 27 Feb 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3172.tmp"
Wed 7 Jul 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3195.tmp"
Fri 27 Feb 2004 24,064 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3221.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3331.tmp"
Thu 11 Mar 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3360.tmp"
Fri 27 Feb 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3378.tmp"
Fri 27 Feb 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3462.tmp"
Fri 27 Feb 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3553.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3570.tmp"
Thu 11 Mar 2004 24,576 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3636.tmp"
Fri 27 Feb 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3677.tmp"
Thu 11 Mar 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3847.tmp"
Thu 11 Mar 2004 27,136 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3877.tmp"
Fri 27 Feb 2004 28,672 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3910.tmp"
Thu 11 Mar 2004 26,624 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3936.tmp"
Fri 27 Feb 2004 25,088 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3977.tmp"
Fri 27 Feb 2004 27,648 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL3983.tmp"
Thu 11 Mar 2004 26,112 A..H. --- "C:\Documents and Settings\Jon\My Documents\My Documents\Word Documents\World Civ 2004\~WRL4076.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 18 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

part 1 of hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:22 AM, on 7/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HiJack(GP)This.exe

part 2 of hijack this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124759300106
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9788 bytes

lastly, right before SDfix produced the logfile for me, I got an avira popup saying there thing that wanted to run using Internet Explorer called "CGtme.exe'. What is that and is it a problem? Being optimistic I told avira it was ok to keep it. Should i have done that?

since I messed up and deleted that stuff in the Dr. web scan things are runnign strangely. Every so often thigns get very slow and some programs go into "not responding" mode for a few seconds to a minute and then recover as per normal. What the hell did I do to my machine?! Have i destroyed it?

Lets try this:

Please download this file: Avira Rescue Disc

1. Insert a black CD into your CD draw.
   
2. Double click the rescuecd.exe file on your Desktop.
   
3. Hit the "Burn CD" button and allow it to burn, it shouldn't take too long.
   
4. Next, reboot your computer, keep the CD inside the draw.
   
5. Your computer should boot from the CD and boot to the Avira rescue disc.
   
6. Next, see this guide here: How to use the boot disc
   

Problem: i can't get the thing to load from the CD. I restarted with the CD in the drive and the system ignored it. The instructions you link to don't talk about this. Do i have to hit F8 when the system is starting or something to get into that menu such that i could choose to load from the CD?

Also post restart, FF starts even more slowly though once started it seems just fine.

Edit: FF is running slowly now. I updated it to the latest version and it still does it.

Last edited by spacephrawgg on 23rd July 2009, 3:59 pm; edited 1 time in total (Reason for editing : thought of somethng else to say.)

Please download SysProt AntiRootkit v1.0.1.0 by Swatkat

• Next run the file; *Note: If running vista right click and select run as administrator
  
• Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  
• A scan will start and then a window will pop up with two options, select scan all drives
  
• Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.
  

Here's the log part1:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: D38Y6181.HOME:4833
Remote Address: CYCLOPS.DCA.UNTD.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4807
Remote Address: WWW-10-03-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4779
Remote Address: 69.60.7.210:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:4770
Remote Address: QW-IN-F118.GOOGLE.COM:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:4759
Remote Address: HE-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:4756
Remote Address: QW-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:4735
Remote Address: 69.25.226.141:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4733
Remote Address: CYCLOPS.VGS.UNTD.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4683
Remote Address: WWW-10-03-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4679
Remote Address: QW-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:4658
Remote Address: CPE-24-29-138-32.NYC.RES.RR.COM:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:4653
Remote Address: 74.217.50.10:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4650
Remote Address: 74.217.50.10:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4638
Remote Address: NETBLK-207-171-14-112.ADCONION.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4632
Remote Address: CPE-24-29-138-16.NYC.RES.RR.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4401
Remote Address: 69.60.7.199:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181.HOME:4322
Remote Address: 69.60.7.199:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:4024
Remote Address: OD-IN-F147.GOOGLE.COM:HTTP
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:2310
Remote Address: OAM-D03B.BLUE.AOL.COM:5190
Type: TCP
Process: 928 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:2309
Remote Address: OAM-D11C.BLUE.AOL.COM:5190
Type: TCP
Process: 928 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:2308
Remote Address: OAM-M10C.BLUE.AOL.COM:5190
Type: TCP
Process: 928 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:2307
Remote Address: 205.188.8.29:5190
Type: TCP
Process: 928 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:2306
Remote Address: BOS-M056C-SDR3.BLUE.AOL.COM:5190
Type: TCP
Process: 928 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:2303
Remote Address: 64.12.29.13:5190
Type: TCP
Process: 928 (PID)
State: ESTABLISHED

Local Address: D38Y6181.HOME:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4837
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4820
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4818
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4815
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4813
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4808
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4802
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4800
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4797
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4796
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4793
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4792
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4790
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4788
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4786
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4784
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4778
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4769
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4765
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4758
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4754
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4752
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4748
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4746
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4744
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4742
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4740
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4730
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4726
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4678
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4669
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4668
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4657
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4321
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4033
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:44080
Remote Address: LOCALHOST:4023
Type: TCP
Process: 3120 (PID)
State: ESTABLISHED

part 2:

Local Address: D38Y6181:27015
Remote Address: LOCALHOST:3063
Type: TCP
Process: 352 (PID)
State: ESTABLISHED

Local Address: D38Y6181:27015
Remote Address: LOCALHOST:1028
Type: TCP
Process: 352 (PID)
State: ESTABLISHED

Local Address: D38Y6181:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: 352 (PID)
State: LISTENING

Local Address: D38Y6181:5354
Remote Address: LOCALHOST:3069
Type: TCP
Process: 472 (PID)
State: ESTABLISHED

Local Address: D38Y6181:5354
Remote Address: LOCALHOST:3068
Type: TCP
Process: 472 (PID)
State: ESTABLISHED

Local Address: D38Y6181:5354
Remote Address: LOCALHOST:3067
Type: TCP
Process: 472 (PID)
State: ESTABLISHED

Local Address: D38Y6181:5354
Remote Address: LOCALHOST:3066
Type: TCP
Process: 472 (PID)
State: ESTABLISHED

Local Address: D38Y6181:5354
Remote Address: LOCALHOST:3065
Type: TCP
Process: 472 (PID)
State: ESTABLISHED

Local Address: D38Y6181:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: 472 (PID)
State: LISTENING

Local Address: D38Y6181:5152
Remote Address: LOCALHOST:1031
Type: TCP
Process: 580 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: 580 (PID)
State: LISTENING

Local Address: D38Y6181:4834
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4832
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4828
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4825
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4822
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4810
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4806
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4804
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4782
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4780
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4778
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:4775
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4772
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4769
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:4767
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4762
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4758
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:4755
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4754
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:4736
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4734
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4732
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4728
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4682
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4678
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:4657
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:4652
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4649
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4637
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4631
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4400
Remote Address: LOCALHOST:44080
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: D38Y6181:4321
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:4023
Remote Address: LOCALHOST:44080
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:3069
Remote Address: LOCALHOST:5354
Type: TCP
Process: 2688 (PID)
State: ESTABLISHED

Local Address: D38Y6181:3068
Remote Address: LOCALHOST:5354
Type: TCP
Process: 2688 (PID)
State: ESTABLISHED

Local Address: D38Y6181:3067
Remote Address: LOCALHOST:5354
Type: TCP
Process: 2688 (PID)
State: ESTABLISHED

Local Address: D38Y6181:3066
Remote Address: LOCALHOST:5354
Type: TCP
Process: 2688 (PID)
State: ESTABLISHED

Local Address: D38Y6181:3065
Remote Address: LOCALHOST:5354
Type: TCP
Process: 2688 (PID)
State: ESTABLISHED

Local Address: D38Y6181:3063
Remote Address: LOCALHOST:27015
Type: TCP
Process: 2688 (PID)
State: ESTABLISHED

Local Address: D38Y6181:2989
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:2987
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:2985
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:2960
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:2959
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:2953
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:2945
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:2943
Remote Address: LOCALHOST:44080
Type: TCP
Process: 2688 (PID)
State: CLOSE_WAIT

Local Address: D38Y6181:1073
Remote Address: LOCALHOST:1072
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:1072
Remote Address: LOCALHOST:1073
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:1049
Remote Address: LOCALHOST:1048
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:1048
Remote Address: LOCALHOST:1049
Type: TCP
Process: 3772 (PID)
State: ESTABLISHED

Local Address: D38Y6181:1032
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2608 (PID)
State: LISTENING

Local Address: D38Y6181:1028
Remote Address: LOCALHOST:27015
Type: TCP
Process: 1176 (PID)
State: ESTABLISHED

Local Address: D38Y6181:44110
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3108 (PID)
State: LISTENING

Local Address: D38Y6181:44080
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3120 (PID)
State: LISTENING

Local Address: D38Y6181:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: D38Y6181:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1632 (PID)
State: LISTENING

Local Address: D38Y6181.HOME:5353
Remote Address: NA
Type: UDP
Process: 472 (PID)
State: NA

Local Address: D38Y6181.HOME:1900
Remote Address: NA
Type: UDP
Process: 1820 (PID)
State: NA

Local Address: D38Y6181.HOME:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: D38Y6181.HOME:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: D38Y6181.HOME:123
Remote Address: NA
Type: UDP
Process: 1676 (PID)
State: NA

Local Address: D38Y6181:1900
Remote Address: NA
Type: UDP
Process: 1820 (PID)
State: NA

Local Address: D38Y6181:1039
Remote Address: NA
Type: UDP
Process: 296 (PID)
State: NA

Local Address: D38Y6181:123
Remote Address: NA
Type: UDP
Process: 1676 (PID)
State: NA

Local Address: D38Y6181:56078
Remote Address: NA
Type: UDP
Process: 472 (PID)
State: NA

Local Address: D38Y6181:4500
Remote Address: NA
Type: UDP
Process: 1364 (PID)
State: NA

Local Address: D38Y6181:1025
Remote Address: NA
Type: UDP
Process: 472 (PID)
State: NA

Local Address: D38Y6181:500
Remote Address: NA
Type: UDP
Process: 1364 (PID)
State: NA

Local Address: D38Y6181:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

How should I proceed? FF takes a bit longer to load now. I have to click it a bunch of times, then wait two minutes which is like a week, and then like three windows of it open more or less in series.

In keeping with the general "DON'T FIX ANYTHING [until we advise you on what to do]" instructions, I have not done any anti-malware scans or any other kind.

How should I proceed?

Hello.
Not sure what we can do here, every time we fixed something like startup, it got slower.

8>/

Well it isn't that bad i suppose. The Firefox thing and the itunes thing are the only really pressing issues at the moment.

So its safe to do conventional scans like malwarebytes and spybot SD now I guess right?

Yep.

Well thank you awfully much for your extensive help. What about my mom's computer? As soon as I can afford it I will contribute a monetary donations. Thanks again!