susan528,
I really appreciate the help you are giving me. I managed to get the Kaspersky Online Scanner, which was your first choice, to run. It found 4 viruses and more than 40 infected sites:
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 27, 2007 3:49:23 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/02/2007
Kaspersky Anti-Virus database records: 258709
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 110888
Number of viruses found 4
Number of infected objects 49 / 0
Number of suspicious objects 0
Duration of the scan process 03:48:34
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10262006-003140.log Object is locked skipped
C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox Mail Berkeley mbox: infected - 7 skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/t ... /[From Kim Komando Show Daily News ][Date Fri, 11 Feb 2005 09:45:00 -0700]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From ][Date Fri, 11 Feb 2005 05:35:06 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From "Kelly Jacob" ][Date Fri, 3 Jun 2005 00:31:51 ... /pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From "Kelly Jacob" ][Date Fri, 3 Jun 2005 00:31:51 +0300]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Thu, 02 Jun 2005 00:30:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim ... /[From "Whos Who Headquarters" ][Date Thu, 02 Jun 2005 03:48:35 -0400]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Sh ... /[From Slate Magazine ][Date Wed, 01 Jun 2005 14:56:17 EDT]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From ... /[From "Susan Parks" ][Date Wed, 1 Jun 2005 14:56:37 -0400]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From ][Date Wed, 1 Jun 2005 08:50:04 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Wed, 01 Jun 2005 00:30:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From Kim Komando Show Daily Tip ][Date Tue, 31 May 2005 03:00:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From MA ... /[From "Compass Rule Manager" ][Date Mon, 30 May 2005 19:10:40 -0700]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From MAILER-DAEMON@mx1.webhelp.com (Mail Delivery System)][Date Mon, 30 May 2005 10:10:59 -0400 (EDT)]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Sun, 29 May 2005 08:26:42 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From sales@gri ... /[From Slate Magazine ][Date Thu, 24 Mar 2005 10:13:11 EST]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From sales@griotsgarage.com][Date Wed, 16 Feb 2005 02:57:41 -0600 (CST)]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From ... /document.htm .exe Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate ... /[From register@earthlink.net][Date Mon, 17 Oct 2005 07:11:36 -1000]/document.zip Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... ... /account-report.htm .pif Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ... /[From mail@earthlink.net][Date Mon, 17 Oct 2005 ... /account-report.zip Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ... /[From mail@earthlink.net][Date Mon, 17 Oct 2005 08:00:43 -1000]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ][Date Mon, 17 Oct 2005 12:55:31 EDT]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[From "Akaka, senator (Akaka)" ][Date Mon, 17 Oct 2005 08:32:45 -0400]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-Status Mail - Ord-Status Email." ][Date Mon, 17 Oct 2005 06:22:52 -0400 (EDT)]/text Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From Kim Komando Show Daily Cool Site ][Date Sun, 16 Oct 2005 00:30:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From Kim Komando Show Daily Cool Site ][Date Sat, 15 Oct 2005 00:30:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 -1000]/text Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox Mail Berkeley mbox: infected - 35 skipped
C:\Documents and Settings\default\cookies\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temp\~DF371C.tmp Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\ntuser.dat Object is locked skipped
C:\Documents and Settings\default\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped
C:\System Volume Information\_restore{F046EE99-C0E7-4C12-A706-7CD79FA9390E}\RP1252\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOME.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{15759241-4CA4-4F7B-8BA8-28A4B70C2020}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\TMP0000003579B9763D5CC8559D Object is locked skipped
C:\WINDOWS\TEMP\ZLT055f4.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT055fa.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I then ran another HiJackThis scan:
Logfile of HijackThis v1.99.1
Scan saved at 10:21:21 PM, on 02/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\unzipped\hijackthis(3)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Windowsupdate.microsoft.com;*Windowsupdate.com;Windowsupdate.microsoft.com;V4.Windowsupdate.microsoft.com;Download.Windowsupdate.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files\IE New Window Maximizer\iemaximizer.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) -
http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1119692924067
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...rl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Thanks again for your guidance.
louisc