I was using the Microsoft firewall but during all my malware problems it got disabled. I knew I had to get a third party firewall but was waiting for a recommendation after this process is completed. Also, it seems like some of the software I've purchased and given five star reviews turns out not to work for me. For instance, I purchased Spyware Doctor 5.0 but it slows down my computer so much it's almost unusable. Right now I have a paid version of AVG anti-virus but looking for complementary spyware software and firewall that use a minimal amount of resources. In case I didn't mention it before, your assistance and expertise are greatly appreciated and this site is one of the most essential sites on the web. I will definitely try to support it as much as possible. thanks
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 23, 2007 11:34:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/04/2007
Kaspersky Anti-Virus database records: 301283
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Q:\
R:\
Scan Statistics:
Total number of scanned objects: 107832
Number of viruses found: 5
Number of infected objects: 14 / 0
Number of suspicious objects: 7
Duration of the scan process: 01:57:16
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_c7344128-7c04-4b41-ad54-f21b1dde90ff Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Desktop\Desktop.misc2\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\tmp55.tmp.dll Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat Object is locked skipped
C:\Documents and Settings\Scott\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{40FDD344-1F5B-4507-9D23-440D675CD109}\RP797\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\CSC\00000002 Object is locked skipped
C:\WINDOWS\CSC\00000003 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_504.dat Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_520.dat Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_5e0.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/26 May 2004 01:14 from Mail Delivery System:Mail delivery failed.eml/[From scott@appraisalsocal.com][Date Tue, 25 May 2004 18:13:14 -0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/26 May 2004 01:14 from Mail Delivery System:Mail delivery failed.eml/[From scott@appraisalsocal.com][Date Tue, 25 May 2004 18:13:14 -0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/26 May 2004 01:14 from Mail Delivery System:Mail delivery failed.eml/[From scott@appraisalsocal.com][Date Tue, 25 May 2004 18:13:14 -0700]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/26 May 2004 01:14 from Mail Delivery System:Mail delivery failed.eml/[From scott@appraisalsocal.com][Date Tue, 25 May 2004 18:13:14 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/26 May 2004 01:14 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/08 Jun 2004 12:54 from postmaster@fncinc.com:[JunkMail] Delivery/08 Jun 2004 12:53 from scott@appraisalsocal.com:Mail Delivery (f.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/13 Jun 2004 21:12 from MAILER-DAEMON@mx08.roc.ny.frontiernet.net.eml/[From scott@appraisalsocal.com][Date Sun, 13 Jun 2004 14:12:51 -0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/13 Jun 2004 21:12 from MAILER-DAEMON@mx08.roc.ny.frontiernet.net.eml/[From scott@appraisalsocal.com][Date Sun, 13 Jun 2004 14:12:51 -0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/13 Jun 2004 21:12 from MAILER-DAEMON@mx08.roc.ny.frontiernet.net.eml/[From scott@appraisalsocal.com][Date Sun, 13 Jun 2004 14:12:51 -0700]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/13 Jun 2004 21:12 from MAILER-DAEMON@mx08.roc.ny.frontiernet.net.eml/[From scott@appraisalsocal.com][Date Sun, 13 Jun 2004 14:12:51 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/13 Jun 2004 21:12 from MAILER-DAEMON@mx08.roc.ny.frontiernet.net.eml Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Deleted Items/02 Aug 2004 05:37 from Crafters Choice Customer Service:CC Follo.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Inbox/14 Jun 2004 03:43 from MAILER-DAEMON@mx01.roc.ny.frontiernet.net.eml/[From scott@appraisalsocal.com][Date Sun, 13 Jun 2004 20:36:26 -0700]/UNNAMED/document_with_notice.doc Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Inbox/14 Jun 2004 03:43 from MAILER-DAEMON@mx01.roc.ny.frontiernet.net.eml/[From scott@appraisalsocal.com][Date Sun, 13 Jun 2004 20:36:26 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Inbox/14 Jun 2004 03:43 from MAILER-DAEMON@mx01.roc.ny.frontiernet.net.eml Infected: Email-Worm.Win32.NetSky.q skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Inbox/05 Aug 2004 16:34 from do_not_reply@hostway.com:Re: Renew Domain/MGMT.EXE.exe Infected: Email-Worm.Win32.Tanatos.b.dam skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Inbox/24 Feb 2004 18:12 from Mail Delivery System:Undelivered Mail Ret/24 Feb 2004 18:12 from alex@appraisalsocal.com:bbddmzshgyoakh/details.zip/details.htm .scr Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/Inbox/24 Feb 2004 18:12 from Mail Delivery System:Undelivered Mail Ret/24 Feb 2004 18:12 from alex@appraisalsocal.com:bbddmzshgyoakh/details.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Documents\Biz-Doc's\outlook.pst/Personal Folders/AVG Virus Vault/25 May 2004 12:57 from postmaster@eforsythe.com:[JunkMail] Deliv/25 May 2004 12:57 to glen@eforsythe.com:Mail Delivery (failure g.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Documents\Biz-Doc's\outlook.pst Mail MS Mail: infected - 12, suspicious - 7 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 11:40:14 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Fanix\As-U-Type Trial\AsutypeTrial.exe
C:\Program Files\Google\Google Desktop Search\gcdtmp111\GoogleDesktopSetupHelper.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe "C:\Documents and Settings\Scott\Local Settings\Application Data\Intuit\QuickBooks\Log\DBStartup.log" -y
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: dialog tracker.lnk = C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: As-U-Type Trial.lnk = C:\Program Files\Fanix\As-U-Type Trial\AsutypeTrial.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: XWins - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IECloseWindows - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: IEHelp - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IEHelper - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://vault.alamode.com
O15 - Trusted Zone: http://www.socalappraisal.net
O15 - Trusted Zone: *.wwwalamode.com
O15 - Trusted Zone: http://www.xsitesnetwork.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {31BF1A1B-D895-4CF4-911B-E2C5E7BBECA0} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {626FE447-E830-4F76-A024-41A20EEECF1A} (RyzeAddrCtrl Class) - http://www.ryze.com/RyzeAddr.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3447951145
O16 - DPF: {999D162F-1319-48F0-A7DB-886C582EE2C6} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - https://vault.alamode.com/cab/vfd.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB
O16 - DPF: {B9D71543-E32B-4EAD-83C1-5B4001B0CE80} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C38F2056-BBEE-4FFA-BD07-588081487B32} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} (alaWeb5.cUtil) - file://C:\WIN2000\CONTENT\cabs\alaWeb5.CAB
O16 - DPF: {DDC55619-838F-4CA8-85E8-56EB8E0846FA} (CCRUMIEConnector Class) - http://boltpeters.com/ethnio/EthnioParticipant.CAB
O16 - DPF: {E536CDD9-E068-4DB7-95B0-C68DDE08ED3B} - http://vault.alamode.com/cab/vaultinstall.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\Software\..\Telephony: DomainName = pettifer
O17 - HKLM\System\CCS\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS1\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS2\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" -sALAMODE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE" -i ALAMODE (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe