seeknpeace
Posts: 17 +0
Hi,
I had answered your requests, and then posted that I was still waiting to hear from you. Here are the cut and pasted remarks. I really need your help to read this info from the combofix that you asked me to do, that I did. As you can see, I did the ESET as well, but had some issues with being able to complete it as you said it would do, and noted that for you. I have contacted you, but perhaps all the edited posts got too scrambled. You will find this exact information in the locked orig post as an edit. My dialog ends here, all below are the cut and paste from out orig posts
*********************************************************
I am still waiting to hear fr you...
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
I am sorry, I have run the ESET three times. It creates a file in my program files that has a log.txt after I run it but it has nothing there. However, the scan comes back good with no virus' found, it comes back clean. I do not know what else to do. I cannot imagine what I am going wrong. I turn the virus protection, all aspects of it, off, go to your link, click on it, check and uncheck the boxes you specify. After the undated files run, the scan runs. But at the end there is never a copy to clip board anything. Just a finish button and an offer to either buy the sw or sign up for the trial. Then nothing. I have no idea what else to do. However, it shows clean. I humbly await your next steps and I am going to run traces on the ip addys and turn some of these aholes into their providers as well. They have not sent anything from my address in a couple of days. Maybe they have moved on. As I understand it, their whole intention is to make money, and if no one is biting, they do move on.
*************************************************************************** ****
Still working on the ESET. But, here is the combofix
ComboFix 11-03-16.06 - JansWiFi 03/17/2011 16:55:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.829 [GMT -4:00]
Running from: c:\users\JansWiFi\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\birdchannel-ss7\BirdChannel-SS7.exe
c:\programdata\pswi_preloaded.exe
c:\users\JansWiFi\AppData\Local\Temp\c3a0df6204f043d2b503e7f4082b58f6\files ys.dll
c:\users\JansWiFi\AppData\Local\Temp\c3a0df6204f043d2b503e7f4082b58f6\http. dll
c:\users\JansWiFi\videos\AdbeRdr930_en_US.exe
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 21:10 . 2011-03-17 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 14:59 . 2011-02-23 14:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4A52A0C-9616-4FA1-9D52-C8DBD9AF3EC4}\mpengine.dll
2011-03-14 15:05 . 2011-03-14 15:05 -------- d-----w- c:\program files\iPod
2011-03-14 15:05 . 2011-03-14 15:07 -------- d-----w- c:\program files\iTunes
2011-03-14 04:05 . 2011-03-14 04:05 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5 C18C5C42884996720F649F6ED37.1
2011-03-13 04:30 . 2011-03-13 04:30 -------- d-----w- c:\program files\ESET
2011-03-10 13:18 . 2011-03-10 13:18 -------- d-----w- c:\windows\system32\Adobe
2011-03-10 13:15 . 2011-03-10 13:15 -------- d-----w- c:\program files\Fanbase
2011-03-10 12:51 . 2011-03-10 13:04 -------- d-----w- c:\programdata\NOS
2011-03-09 01:11 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 01:11 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 01:11 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 01:11 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 01:11 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 01:11 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 00:40 . 2011-03-08 00:40 -------- d-----w- c:\program files\Bonjour
2011-03-05 18:20 . 2011-03-05 18:20 -------- d-----w- c:\program files\Pure Networks
2011-03-05 18:18 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-03-05 18:17 . 2009-07-07 19:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-03-05 18:17 . 2011-03-05 18:17 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2011-03-05 18:16 . 2011-03-05 18:37 -------- d-----w- c:\programdata\Pure Networks
2011-03-04 23:37 . 2011-03-05 03:25 -------- d-----w- c:\users\JansWiFi\AppData\Local\Smilebox
2011-03-04 23:37 . 2011-03-04 23:46 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\Smilebox
2011-03-04 19:08 . 2011-03-04 19:08 -------- d-----w- c:\program files\VAIO Startup
2011-03-04 14:38 . 2009-06-10 09:43 88576 ----a-w- c:\windows\system32\tlntsess.exe
2011-03-04 14:38 . 2009-06-10 09:43 71168 ----a-w- c:\windows\system32\telnet.exe
2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- c:\windows\system32\0409
2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- C:\inetpub
2011-03-04 01:38 . 2011-02-01 20:02 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\AOL
2011-03-04 01:35 . 2011-03-04 01:39 -------- d-----w- c:\program files\AOL Desktop 9.6
2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\aolshare
2011-03-01 17:34 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-25 14:42 . 2011-02-25 14:43 -------- d-----w- C:\unused AOLs to get off desktop
2011-02-24 21:58 . 2007-05-18 06:31 128104 ----a-r- c:\windows\system32\drivers\WimFltr.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 13:10 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-05 18:20 . 2011-01-31 21:53 8892928 ----a-w- c:\programdata\atscie.msi
2011-03-04 23:19 . 2010-09-10 15:28 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-20 16:37 . 2011-02-09 04:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 04:34 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 04:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 04:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 04:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 04:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 04:34 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 04:34 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 04:34 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 04:34 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 04:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 04:34 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 04:34 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 04:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 04:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 04:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 04:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 04:34 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 04:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 04:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 04:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 04:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 04:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 04:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 04:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 04:34 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 04:34 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 04:34 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 11:19 . 2011-01-13 11:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-13 11:19 . 2011-01-13 11:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-08 08:47 . 2011-02-09 02:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 02:25 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 02:25 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 02:11 . 2010-12-30 02:11 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2010-12-28 15:55 . 2011-01-12 13:53 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 23:09 . 2010-12-14 17:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-14 17:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2010-7-11 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-04-24 00:19 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
backup=c:\windows\pss\Click to DVD Automatic Mode Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:\documents and settings\JansWiFi\Desktop\Registry Repair Pro.lnk
backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^Scheduler.lnk]
path=c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2011-01-13 11:19 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-08 21:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-08 21:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
2006-10-17 07:01 143360 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBNA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1299202552\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-07-03 14:05 154136 ------w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-07-03 14:10 141848 ------w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2010-07-07 11:20 1008128 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-04-17 02:06 321656 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 07:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-26 15:28 137752 ------w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
2007-01-31 04:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-06 18:18 4423680 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-06 18:18 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-01-22 07:13 312640 ----a-w- c:\users\JansWiFi\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SONY VGP-UPR1 (Display Adapter)]
2008-08-28 23:10 233472 ----a-w- c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-08 02:38 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-03-06 22:22 36864 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2007-04-02 23:49 411768 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORecommender]
2010-11-19 13:57 204152 ----a-w- c:\program files\Sony\VAIO Recommender\VAIORecommender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2007-03-14 00:13 2322432 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2006-12-07 00:08 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eFilmProcessManagerNT;eFilmProcessManagerNT;c:\program files\Merge Healthcare\eFilm\efPMNT.exe [2009-02-11 20480]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
R3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 75952]
R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [2007-01-26 67760]
R3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 slsService;slsService;c:\program files\Merge Healthcare\eFilm\slsService.exe [2008-10-28 70656]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [2010-03-18 753504]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2008-08-18 13424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110316.001\IDSvix86.sys [2010-11-09 353912]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2008-08-18 443752]
S2 efAuditorService.exe;eFilm Audit Service;c:\program files\Merge Healthcare\eFilm\Auditor\efAuditorService.exe [2009-02-11 24576]
S2 mrtRate;mrtRate; [x]
S2 MSSQL$SQLEXPRESSEFILM;SQL Server (SQLEXPRESSEFILM);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-12-15 120248]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-01-03 11032]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S2 VisualizationServicesRemotingService;Visualization Services Remoting Service;c:\program files\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [2009-02-11 20480]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2008-08-18 287856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-11 102448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\Sony\Image Converter 3\menu.htm
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2739981327-1961966216-2112046628-1005\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6028)
c:\program files\Pure Networks\Network Magic\nmspce2.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Common Files\Pure Networks Shared\Platform\11.2.09195.1.nmcorePS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Merge Healthcare\eFilm\efServer.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Merge Healthcare\eFilm\efDM.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Merge Healthcare\eFilm\efDBM.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AOL Desktop 9.6\waol.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files\AOL Desktop 9.6\shellmon.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
.
**************************************************************************
.
Completion time: 2011-03-17 17:38:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-17 21:37
.
Pre-Run: 127,398,892,544 bytes free
Post-Run: 127,624,909,824 bytes free
.
- - End Of File - - 928239E5247A07E1974D465852EE50E4
****************************************************************
Ok, I ran the ESET program and it did not give me the option at the end to copy to any clip board. It did create a file in my programs, and a log and it says there were no viruses found. When I tried ot run it again, to see why, it will not run it again, throws an error up saying it has run a scan within the past 24 and will not again. So, did I do something wrong? I will cut and paste that log if you like. I am stumped. Please do not think I am an ***** but please be aware that I do have MS and it affects me a lot cognitively. I have gone from a great career in financial planning to being cognitively disabled and as frustrating and troubling as this may be to you, it is more so to me. It is embarassing to even post this and know it is probably something that I did wrong. I will go to the next one.
would it help you to see the details header of one of the emails? They are all different but they are all seemingly from Yahoo accts.
*************************************************
oh and I did delete all the av programs except for norton360. I am running the sw you requested now, emailing you fr my iBad, since the 2nd out.
******************************************
Gotcha....edit
Yes, I am running them...when it rains, it pours. I received notice that the state is auditing us for 2008 and 2009...Why? Just to be Aholes? umm hmm. I do think so. So, I have been in a tizzy finding that crap as they said we have only x number of days to get it to them, and I cannot get turbo tax to download 08 and for some reason the return is not in my paper work. I am having that GD problem where no matter what I do, when I am on IE, I get the request to dl flash player over and over. I have jninstalled it, reinstalled it, purged, cleaned, used the uninstaller that you are pointed to at the Vista page, nothing works and I think that is why I cannot open the turbo tax forms as they are in pdf form and it is messing up as well. I have uninstalled that one and reinsttaled it but I do not know if it will work again or not. I am telling you, I want to open a vein. Todays priorities: fax geek squad papers to Allstate to try to get my desk top replaced and get off of this lap top. do your thing and then work on the audit. do you have any extra hemlock?
--------------------------------------------------------------------------------
Last edited by seeknpeace; 5 Days Ago at 06:29 PM.. Reason: add info
I had answered your requests, and then posted that I was still waiting to hear from you. Here are the cut and pasted remarks. I really need your help to read this info from the combofix that you asked me to do, that I did. As you can see, I did the ESET as well, but had some issues with being able to complete it as you said it would do, and noted that for you. I have contacted you, but perhaps all the edited posts got too scrambled. You will find this exact information in the locked orig post as an edit. My dialog ends here, all below are the cut and paste from out orig posts
*********************************************************
I am still waiting to hear fr you...
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
I am sorry, I have run the ESET three times. It creates a file in my program files that has a log.txt after I run it but it has nothing there. However, the scan comes back good with no virus' found, it comes back clean. I do not know what else to do. I cannot imagine what I am going wrong. I turn the virus protection, all aspects of it, off, go to your link, click on it, check and uncheck the boxes you specify. After the undated files run, the scan runs. But at the end there is never a copy to clip board anything. Just a finish button and an offer to either buy the sw or sign up for the trial. Then nothing. I have no idea what else to do. However, it shows clean. I humbly await your next steps and I am going to run traces on the ip addys and turn some of these aholes into their providers as well. They have not sent anything from my address in a couple of days. Maybe they have moved on. As I understand it, their whole intention is to make money, and if no one is biting, they do move on.
*************************************************************************** ****
Still working on the ESET. But, here is the combofix
ComboFix 11-03-16.06 - JansWiFi 03/17/2011 16:55:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.829 [GMT -4:00]
Running from: c:\users\JansWiFi\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\birdchannel-ss7\BirdChannel-SS7.exe
c:\programdata\pswi_preloaded.exe
c:\users\JansWiFi\AppData\Local\Temp\c3a0df6204f043d2b503e7f4082b58f6\files ys.dll
c:\users\JansWiFi\AppData\Local\Temp\c3a0df6204f043d2b503e7f4082b58f6\http. dll
c:\users\JansWiFi\videos\AdbeRdr930_en_US.exe
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 21:10 . 2011-03-17 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 14:59 . 2011-02-23 14:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4A52A0C-9616-4FA1-9D52-C8DBD9AF3EC4}\mpengine.dll
2011-03-14 15:05 . 2011-03-14 15:05 -------- d-----w- c:\program files\iPod
2011-03-14 15:05 . 2011-03-14 15:07 -------- d-----w- c:\program files\iTunes
2011-03-14 04:05 . 2011-03-14 04:05 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5 C18C5C42884996720F649F6ED37.1
2011-03-13 04:30 . 2011-03-13 04:30 -------- d-----w- c:\program files\ESET
2011-03-10 13:18 . 2011-03-10 13:18 -------- d-----w- c:\windows\system32\Adobe
2011-03-10 13:15 . 2011-03-10 13:15 -------- d-----w- c:\program files\Fanbase
2011-03-10 12:51 . 2011-03-10 13:04 -------- d-----w- c:\programdata\NOS
2011-03-09 01:11 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 01:11 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 01:11 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 01:11 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 01:11 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 01:11 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 00:40 . 2011-03-08 00:40 -------- d-----w- c:\program files\Bonjour
2011-03-05 18:20 . 2011-03-05 18:20 -------- d-----w- c:\program files\Pure Networks
2011-03-05 18:18 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-03-05 18:17 . 2009-07-07 19:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-03-05 18:17 . 2011-03-05 18:17 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2011-03-05 18:16 . 2011-03-05 18:37 -------- d-----w- c:\programdata\Pure Networks
2011-03-04 23:37 . 2011-03-05 03:25 -------- d-----w- c:\users\JansWiFi\AppData\Local\Smilebox
2011-03-04 23:37 . 2011-03-04 23:46 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\Smilebox
2011-03-04 19:08 . 2011-03-04 19:08 -------- d-----w- c:\program files\VAIO Startup
2011-03-04 14:38 . 2009-06-10 09:43 88576 ----a-w- c:\windows\system32\tlntsess.exe
2011-03-04 14:38 . 2009-06-10 09:43 71168 ----a-w- c:\windows\system32\telnet.exe
2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- c:\windows\system32\0409
2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- C:\inetpub
2011-03-04 01:38 . 2011-02-01 20:02 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\AOL
2011-03-04 01:35 . 2011-03-04 01:39 -------- d-----w- c:\program files\AOL Desktop 9.6
2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\aolshare
2011-03-01 17:34 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-25 14:42 . 2011-02-25 14:43 -------- d-----w- C:\unused AOLs to get off desktop
2011-02-24 21:58 . 2007-05-18 06:31 128104 ----a-r- c:\windows\system32\drivers\WimFltr.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 13:10 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-05 18:20 . 2011-01-31 21:53 8892928 ----a-w- c:\programdata\atscie.msi
2011-03-04 23:19 . 2010-09-10 15:28 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-20 16:37 . 2011-02-09 04:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 04:34 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 04:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 04:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 04:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 04:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 04:34 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 04:34 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 04:34 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 04:34 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 04:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 04:34 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 04:34 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 04:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 04:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 04:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 04:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 04:34 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 04:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 04:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 04:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 04:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 04:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 04:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 04:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 04:34 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 04:34 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 04:34 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 11:19 . 2011-01-13 11:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-13 11:19 . 2011-01-13 11:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-08 08:47 . 2011-02-09 02:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 02:25 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 02:25 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 02:11 . 2010-12-30 02:11 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2010-12-28 15:55 . 2011-01-12 13:53 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 23:09 . 2010-12-14 17:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-14 17:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2010-7-11 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-04-24 00:19 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
backup=c:\windows\pss\Click to DVD Automatic Mode Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:\documents and settings\JansWiFi\Desktop\Registry Repair Pro.lnk
backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^Scheduler.lnk]
path=c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2011-01-13 11:19 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-08 21:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-08 21:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
2006-10-17 07:01 143360 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBNA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1299202552\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-07-03 14:05 154136 ------w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-07-03 14:10 141848 ------w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2010-07-07 11:20 1008128 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-04-17 02:06 321656 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 07:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-26 15:28 137752 ------w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
2007-01-31 04:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-06 18:18 4423680 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-06 18:18 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-01-22 07:13 312640 ----a-w- c:\users\JansWiFi\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SONY VGP-UPR1 (Display Adapter)]
2008-08-28 23:10 233472 ----a-w- c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-08 02:38 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-03-06 22:22 36864 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2007-04-02 23:49 411768 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORecommender]
2010-11-19 13:57 204152 ----a-w- c:\program files\Sony\VAIO Recommender\VAIORecommender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2007-03-14 00:13 2322432 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2006-12-07 00:08 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eFilmProcessManagerNT;eFilmProcessManagerNT;c:\program files\Merge Healthcare\eFilm\efPMNT.exe [2009-02-11 20480]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
R3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 75952]
R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [2007-01-26 67760]
R3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 slsService;slsService;c:\program files\Merge Healthcare\eFilm\slsService.exe [2008-10-28 70656]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [2010-03-18 753504]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2008-08-18 13424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110316.001\IDSvix86.sys [2010-11-09 353912]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2008-08-18 443752]
S2 efAuditorService.exe;eFilm Audit Service;c:\program files\Merge Healthcare\eFilm\Auditor\efAuditorService.exe [2009-02-11 24576]
S2 mrtRate;mrtRate; [x]
S2 MSSQL$SQLEXPRESSEFILM;SQL Server (SQLEXPRESSEFILM);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-12-15 120248]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-01-03 11032]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S2 VisualizationServicesRemotingService;Visualization Services Remoting Service;c:\program files\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [2009-02-11 20480]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2008-08-18 287856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-11 102448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\Sony\Image Converter 3\menu.htm
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2739981327-1961966216-2112046628-1005\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6028)
c:\program files\Pure Networks\Network Magic\nmspce2.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Common Files\Pure Networks Shared\Platform\11.2.09195.1.nmcorePS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Merge Healthcare\eFilm\efServer.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Merge Healthcare\eFilm\efDM.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Merge Healthcare\eFilm\efDBM.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AOL Desktop 9.6\waol.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files\AOL Desktop 9.6\shellmon.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
.
**************************************************************************
.
Completion time: 2011-03-17 17:38:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-17 21:37
.
Pre-Run: 127,398,892,544 bytes free
Post-Run: 127,624,909,824 bytes free
.
- - End Of File - - 928239E5247A07E1974D465852EE50E4
****************************************************************
Ok, I ran the ESET program and it did not give me the option at the end to copy to any clip board. It did create a file in my programs, and a log and it says there were no viruses found. When I tried ot run it again, to see why, it will not run it again, throws an error up saying it has run a scan within the past 24 and will not again. So, did I do something wrong? I will cut and paste that log if you like. I am stumped. Please do not think I am an ***** but please be aware that I do have MS and it affects me a lot cognitively. I have gone from a great career in financial planning to being cognitively disabled and as frustrating and troubling as this may be to you, it is more so to me. It is embarassing to even post this and know it is probably something that I did wrong. I will go to the next one.
would it help you to see the details header of one of the emails? They are all different but they are all seemingly from Yahoo accts.
*************************************************
oh and I did delete all the av programs except for norton360. I am running the sw you requested now, emailing you fr my iBad, since the 2nd out.
******************************************
Gotcha....edit
Yes, I am running them...when it rains, it pours. I received notice that the state is auditing us for 2008 and 2009...Why? Just to be Aholes? umm hmm. I do think so. So, I have been in a tizzy finding that crap as they said we have only x number of days to get it to them, and I cannot get turbo tax to download 08 and for some reason the return is not in my paper work. I am having that GD problem where no matter what I do, when I am on IE, I get the request to dl flash player over and over. I have jninstalled it, reinstalled it, purged, cleaned, used the uninstaller that you are pointed to at the Vista page, nothing works and I think that is why I cannot open the turbo tax forms as they are in pdf form and it is messing up as well. I have uninstalled that one and reinsttaled it but I do not know if it will work again or not. I am telling you, I want to open a vein. Todays priorities: fax geek squad papers to Allstate to try to get my desk top replaced and get off of this lap top. do your thing and then work on the audit. do you have any extra hemlock?
--------------------------------------------------------------------------------
Last edited by seeknpeace; 5 Days Ago at 06:29 PM.. Reason: add info
