I am having a really hard time with repeated spam emails being sent to my AOL address book looking as if I sent them. First go round, I found them in my outgoing box also, as I had auto add turned on in my aol sw. Turned that off and blocked all email addys and ip addys in the details of the emails sent. That stopped. They started again and this time none were showing in my sent box, but I am copied in the sends as well. So, I get the emails too from myself, to myself. In the details yahoo accounts are mostly what are showing before the diversion to my aol acct. I have run all the virus software I can find, Malware, Pest patrol, Adaware, Registry Repair, etc. I cannot stop it. I am stumped to the point of closing my AOL acct and I have so much business and bills etc tied to this acct it is a nightmare. I have had this screen name since 1996. Where do I turn? AOL does not give a crap. Is there a place that I can turn that prosecutes these ppl?

Ty so much and yes I do want your help. I need to get to my system I am on my iPad at the moment so I will be back ib a bit to start the process. I have had one person jump me about it and I told him that I feel strongly it is not in my computer but happening fr somewhere else.

Had unexpected guests all day and I am worn out but I am looking forward to dealing with this with you tomorrow. This has been awful. One thing is there a charge and if so, how much? Thank you so much.

Hey,

I am a little bit confused. I recognize that once I started, this will take a minute and I will have to do it when I have more than I have right now. However, when I was doing the first part, the posts below it confused me. Do I skip the parts that are noted to skip?? I did the virus scan, and the temp folder removal and the malware scar, and was getting ready to do the emerg thingy but then I started reading below and it got crazy. Do I send the info to you in a reply, or a new post or etc etc, and do I skip number four...started hyperventilatng..hahaha...I run the malware sw all the time, none of that on here,and anti virus, none of that, and do maintenance emptying temps all the time,but I used your dl to do it. So, do I read ahead and follow suit or do the 8 step and put it all in a reply? Help me Jesus, Lord...my head is spinning....for reals.

logs

Ok, here they are:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6056

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/14/2011 4:11:28 PM
mbam-log-2011-03-14 (16-11-28).txt

Scan type: Quick scan
Objects scanned: 156756
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-14 23:07:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD2500BJKT-00F4T0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\JansWiFi\AppData\Local\Temp\kxlirkoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/28/2009 5:48:40 AM
System Uptime: 3/14/2011 11:20:14 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | N/A | 1801/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 120.564 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 0.76 GiB free.
E: is Removable
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&25FA882E&0&00E0
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&25FA882E&0&00E0
Service: NETw5v32
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_9015104D&REV_01\4&44ADF12&0&00E2
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_9015104D&REV_01\4&44ADF12&0&00E2
Service: RTL8169
.
==== System Restore Points ===================
.
RP832: 3/3/2011 3:49:24 PM - Windows Update
RP833: 3/4/2011 12:03:00 AM - Windows Modules Installer
RP834: 3/4/2011 12:19:05 AM - Installed Licensing Service Install
RP835: 3/4/2011 1:44:40 AM - Windows Update
RP836: 3/4/2011 12:52:57 PM - Windows Update
RP837: 3/4/2011 2:02:07 PM - Installed Licensing Service Install
RP838: 3/5/2011 1:17:27 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
RP839: 3/5/2011 1:18:18 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
RP840: 3/6/2011 7:56:59 PM - Scheduled Checkpoint
RP841: 3/7/2011 6:58:25 PM - Scheduled Checkpoint
RP842: 3/7/2011 7:42:24 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP843: 3/8/2011 12:43:15 PM - Windows Update
RP844: 3/9/2011 3:00:13 AM - Windows Update
RP845: 3/10/2011 9:52:00 AM - Scheduled Checkpoint
RP846: 3/10/2011 2:36:37 PM - Installed Licensing Service Install
RP847: 3/11/2011 11:36:00 AM - Windows Update
RP848: 3/11/2011 11:15:51 PM - Norton 360 Registry Clean
RP849: 3/14/2011 6:10:43 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battery Care Function
BirdChannel-SS7
Bonjour
Cisco Network Magic
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
Color Efex Pro 3.0 Corel Sampler
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro Photo XI
Corel Painter Photo Essentials 4
D3DX10
DAO 3.5
DisplayLink Core Software
Download Updater (AOL LLC)
DSD Direct
DSD Playback Plug-in
DVD Shrink 3.2
eFilm Workstation
EPSON Printer Software
ESET Online Scanner v3
Fanbase
Free Mp3 Wma Converter V 1.81
FreeRIP v3.5
Google Earth
Google Update Helper
Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )
Grouper Screen Saver 1.0
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Image Converter 3
ImageSkill Background Remover 3
InstallIQ Updater
Instant Mode
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6
Junk Mail filter update
LocationFree Player
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESSEFILM)
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network Magic
Norton 360
Norton PC Checkup
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-13-24-01
OpenMG Secure Module 4.7.00
PHOTORECOVERY LE
Pure Networks Platform
QuickBooks Product Listing Service
Quicken Home & Business 2000
QuickTime
Realtek High Definition Audio Driver
Registry Repair Pro
Roxio Easy Media Creator Home
RTC Client API v1.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Setting Utility Series
Simple Start Entice
Smilebox
SonicStage 4.3
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Download Taxi 1.5.0.0
Sony Utilities DLL
SONY VGP-UPR1 (Display Adapter)
SONY VGP-UPR1 (Display Adapter) Utility
Sony Video Shared Library
SSA Benefit Calculator
SupportSoft Assisted Service
Synaptics Pointing Device Driver
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vaio Application Uninstaller
VAIO AV Mode Launcher
VAIO Azure Float Wallpaper
VAIO Camera Capture Utility
VAIO Camera Utility
VAIO Care
VAIO Care Update
VAIO Center Access Bar
VAIO Central
VAIO Content Importer VAIO Content Exporter
VAIO Content Importer / VAIO Content Exporter
VAIO Database Converter 1.0
VAIO Database Converter Ver 1.0
VAIO Entertainment Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Help And Support
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.2
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO OOBE
VAIO Photo 2007
VAIO Power Management
VAIO Productivity Center
VAIO Security Center
VAIO Service Utility
VAIO Startup Control
VAIO Survey
VAIO Teal Whisper Wallpaper
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinDVD for VAIO
WinRAR archiver
Wireless Switch Setting Utility
YouTube Downloader 2.7
YouTube Downloader Toolbar v4.1
.
==== Event Viewer Messages From Past Week ========
.
3/9/2011 11:29:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
3/7/2011 7:44:26 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2011 7:42:02 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/14/2011 4:20:07 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is JANCOMPAQ.
3/14/2011 3:56:36 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
3/14/2011 3:43:32 PM, Error: Service Control Manager [7034] - The DisplayLink Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 11:22:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
3/14/2011 11:22:16 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/14/2011 11:20:38 PM, Error: EventLog [6008] - The previous system shutdown at 11:19:07 PM on 3/14/2011 was unexpected.
3/14/2011 11:14:31 PM, Error: netbt [4321] - The name "MSHOME :1d" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
3/13/2011 5:53:06 PM, Error: Service Control Manager [7022] - The Windows Event Collector service hung on starting.
3/13/2011 5:50:49 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
3/13/2011 5:40:52 PM, Error: netbt [4311] - Initialization failed because the driver device could not be created. Use the string "0013E82E9A1D" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
3/11/2011 12:29:15 PM, Error: EventLog [6008] - The previous system shutdown at 12:26:41 PM on 3/11/2011 was unexpected.
3/10/2011 8:14:25 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
3/10/2011 8:09:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ProtexisLicensing service to connect.
3/10/2011 8:09:45 AM, Error: Service Control Manager [7000] - The ProtexisLicensing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/10/2011 8:06:32 AM, Error: EventLog [6008] - The previous system shutdown at 8:04:14 AM on 3/10/2011 was unexpected.
3/10/2011 8:01:51 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by JansWiFi at 23:44:14.31 on Mon 03/14/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.322 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Merge Healthcare\eFilm\Auditor\efAuditorService.exe
C:\Program Files\Merge Healthcare\eFilm\efPMNT.exe
C:\Program Files\Merge Healthcare\eFilm\efServer.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k LPDService
c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\Merge Healthcare\eFilm\efDM.exe
C:\Program Files\Merge Healthcare\eFilm\efDBM.exe
c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Common Files\AOL\1299202552\ee\aolsoftware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Users\JansWiFi\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\janswifi\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2009-11-8 13424]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-15 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110314.001\IDSvix86.sys [2011-3-14 353912]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-31 20376]
R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-8-18 443752]
R2 efAuditorService.exe;eFilm Audit Service;c:\program files\merge healthcare\efilm\auditor\efAuditorService.exe [2009-2-11 24576]
R2 eFilmProcessManagerNT;eFilmProcessManagerNT;c:\program files\merge healthcare\efilm\efPMNT.exe [2009-2-11 20480]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-9-4 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1405384]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2009-11-10 36404]
R2 MSSQL$SQLEXPRESSEFILM;SQL Server (SQLEXPRESSEFILM);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-9-29 120248]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.4.131\ccSvcHst.exe [2010-9-29 126392]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-1-3 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
R2 VisualizationServicesRemotingService;Visualization Services Remoting Service;c:\program files\merge healthcare\efilm\visualization services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [2009-2-11 20480]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2009-11-8 287856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-13 102448]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15232]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-5-3 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-5-3 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-5-3 31104]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-2 48688]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]
RUnknown SampleCollector;SampleCollector; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-21 136176]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2009-8-28 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2009-8-28 67760]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-9 4232704]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-9-4 21504]
S3 slsService;slsService;c:\program files\merge healthcare\efilm\slsService.exe [2008-10-28 70656]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2009-8-28 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2009-8-28 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2009-8-28 1089536]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-9-4 11264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-14 15:05:59 -------- d-----w- c:\program files\iPod
2011-03-14 15:05:11 -------- d-----w- c:\program files\iTunes
2011-03-14 04:05:32 -------- d-----w- c:\users\janswifi\appdata\roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
2011-03-13 04:30:47 -------- d-----w- c:\program files\ESET
2011-03-11 16:41:40 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0ebb36d8-414c-4f05-8174-d089aa2b23b5}\mpengine.dll
2011-03-10 13:18:47 -------- d-----w- c:\windows\system32\Adobe
2011-03-10 13:15:26 -------- d-----w- c:\program files\Fanbase
2011-03-09 01:11:19 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 01:11:18 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 01:11:18 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 01:11:18 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 01:11:12 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 01:11:12 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 00:40:40 -------- d-----w- c:\program files\Bonjour
2011-03-05 18:20:49 -------- d-----w- c:\program files\Pure Networks
2011-03-05 18:18:17 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-03-05 18:17:21 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-03-05 18:17:16 -------- d-----w- c:\program files\common files\Pure Networks Shared
2011-03-05 18:16:58 -------- d-----w- c:\progra~2\Pure Networks
2011-03-04 23:37:40 -------- d-----w- c:\users\janswifi\appdata\local\Smilebox
2011-03-04 23:37:09 -------- d-----w- c:\users\janswifi\appdata\roaming\Smilebox
2011-03-04 19:08:27 -------- d-----w- c:\program files\VAIO Startup
2011-03-04 14:38:00 88576 ----a-w- c:\windows\system32\tlntsess.exe
2011-03-04 14:38:00 71168 ----a-w- c:\windows\system32\telnet.exe
2011-03-04 05:05:33 -------- d-----w- c:\windows\system32\0409
2011-03-04 05:05:25 -------- d-----w- c:\windows\system32\inetsrv
2011-03-04 05:05:20 -------- d-----w- C:\inetpub
2011-03-04 01:38:43 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-03-04 01:35:42 -------- d-----w- c:\program files\common files\AOL
2011-03-04 01:35:41 -------- d-----w- c:\program files\common files\aolshare
2011-03-04 01:35:41 -------- d-----w- c:\program files\AOL Desktop 9.6
2011-03-01 17:34:53 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-01 17:34:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-25 14:42:24 -------- d-----w- C:\unused AOLs to get off desktop
2011-02-24 21:58:02 128104 ----a-r- c:\windows\system32\drivers\WimFltr.sys
.
==================== Find3M ====================
.
2011-03-15 03:20:54 264 ----a-w- c:\windows\system32\winsusrm.dll
2011-03-05 18:20:06 8892928 ----a-w- c:\progra~2\atscie.msi
2011-03-04 23:33:09 5954 ----a-w- c:\windows\system32\KGyGaAvL.sys
2011-03-04 23:19:02 952 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 11:19:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-13 11:19:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:45:23.69 ===============

EMails are going out as if from me every single day. It is out of control. FYI, I have not been able to use system restore in some time. Nor will my cd player read home made cds, that probably is not related, but thought that I would throw that in just in case.

Hi, for what it is worth, my SR will not work, even though it is turned on. It never can finish, says it has some type of error, which it does not specify. As for the AOL account, I have changed the password repeatedly, and the emails are sent out whenever the conputer is off. I think that they are being generated elsewhere and being sent via redirect or diverting. I hesitate on closing the account since it is tied to so many billing accounts and other things, it would cause major issues for me unless I could figure all that out and got to all the accounts in question and change the emails there. I have had the email account over ten years. I have my own email name in my addy book so I get the spam email as well. They all only have one hyperlink in them selling viagra or something like that. Also, they only send them to a couple or three ppl at a time so as not to be flagged as spam. I do think that whether my account is open or not may not matter, but I defer to you to tell me this. It will cause a major problem to close it. I wonder if there is a way to just deactivate it for this period? I hate AOL, they are nonresponsive to issues.

I am still waiting to hear fr you...

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

I am sorry, I have run the ESET three times. It creates a file in my program files that has a log.txt after I run it but it has nothing there. However, the scan comes back good with no virus' found, it comes back clean. I do not know what else to do. I cannot imagine what I am going wrong. I turn the virus protection, all aspects of it, off, go to your link, click on it, check and uncheck the boxes you specify. After the undated files run, the scan runs. But at the end there is never a copy to clip board anything. Just a finish button and an offer to either buy the sw or sign up for the trial. Then nothing. I have no idea what else to do. However, it shows clean. I humbly await your next steps and I am going to run traces on the ip addys and turn some of these aholes into their providers as well. They have not sent anything from my address in a couple of days. Maybe they have moved on. As I understand it, their whole intention is to make money, and if no one is biting, they do move on.

*******************************************************************************
Still working on the ESET. But, here is the combofix


ComboFix 11-03-16.06 - JansWiFi 03/17/2011 16:55:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.829 [GMT -4:00]
Running from: c:\users\JansWiFi\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\birdchannel-ss7\BirdChannel-SS7.exe
c:\programdata\pswi_preloaded.exe
c:\users\JansWiFi\AppData\Local\Temp\c3a0df6204f043d2b503e7f4082b58f6\filesys.dll
c:\users\JansWiFi\AppData\Local\Temp\c3a0df6204f043d2b503e7f4082b58f6\http.dll
c:\users\JansWiFi\videos\AdbeRdr930_en_US.exe
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 21:10 . 2011-03-17 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 14:59 . 2011-02-23 14:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4A52A0C-9616-4FA1-9D52-C8DBD9AF3EC4}\mpengine.dll
2011-03-14 15:05 . 2011-03-14 15:05 -------- d-----w- c:\program files\iPod
2011-03-14 15:05 . 2011-03-14 15:07 -------- d-----w- c:\program files\iTunes
2011-03-14 04:05 . 2011-03-14 04:05 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
2011-03-13 04:30 . 2011-03-13 04:30 -------- d-----w- c:\program files\ESET
2011-03-10 13:18 . 2011-03-10 13:18 -------- d-----w- c:\windows\system32\Adobe
2011-03-10 13:15 . 2011-03-10 13:15 -------- d-----w- c:\program files\Fanbase
2011-03-10 12:51 . 2011-03-10 13:04 -------- d-----w- c:\programdata\NOS
2011-03-09 01:11 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 01:11 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 01:11 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 01:11 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 01:11 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 01:11 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 00:40 . 2011-03-08 00:40 -------- d-----w- c:\program files\Bonjour
2011-03-05 18:20 . 2011-03-05 18:20 -------- d-----w- c:\program files\Pure Networks
2011-03-05 18:18 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-03-05 18:17 . 2009-07-07 19:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-03-05 18:17 . 2011-03-05 18:17 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2011-03-05 18:16 . 2011-03-05 18:37 -------- d-----w- c:\programdata\Pure Networks
2011-03-04 23:37 . 2011-03-05 03:25 -------- d-----w- c:\users\JansWiFi\AppData\Local\Smilebox
2011-03-04 23:37 . 2011-03-04 23:46 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\Smilebox
2011-03-04 19:08 . 2011-03-04 19:08 -------- d-----w- c:\program files\VAIO Startup
2011-03-04 14:38 . 2009-06-10 09:43 88576 ----a-w- c:\windows\system32\tlntsess.exe
2011-03-04 14:38 . 2009-06-10 09:43 71168 ----a-w- c:\windows\system32\telnet.exe
2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- c:\windows\system32\0409
2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- C:\inetpub
2011-03-04 01:38 . 2011-02-01 20:02 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\AOL
2011-03-04 01:35 . 2011-03-04 01:39 -------- d-----w- c:\program files\AOL Desktop 9.6
2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\aolshare
2011-03-01 17:34 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-25 14:42 . 2011-02-25 14:43 -------- d-----w- C:\unused AOLs to get off desktop
2011-02-24 21:58 . 2007-05-18 06:31 128104 ----a-r- c:\windows\system32\drivers\WimFltr.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 13:10 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-05 18:20 . 2011-01-31 21:53 8892928 ----a-w- c:\programdata\atscie.msi
2011-03-04 23:19 . 2010-09-10 15:28 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-20 16:37 . 2011-02-09 04:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 04:34 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 04:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 04:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 04:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 04:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 04:34 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 04:34 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 04:34 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 04:34 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 04:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 04:34 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 04:34 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 04:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 04:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 04:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 04:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 04:34 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 04:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 04:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 04:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 04:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 04:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 04:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 04:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 04:34 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 04:34 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 04:34 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 11:19 . 2011-01-13 11:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-13 11:19 . 2011-01-13 11:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-08 08:47 . 2011-02-09 02:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 02:25 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 02:25 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 02:11 . 2010-12-30 02:11 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-28 15:55 . 2011-01-12 13:53 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 23:09 . 2010-12-14 17:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-14 17:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2010-7-11 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-04-24 00:19 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
backup=c:\windows\pss\Click to DVD Automatic Mode Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:\documents and settings\JansWiFi\Desktop\Registry Repair Pro.lnk
backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2011-01-13 11:19 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-08 21:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-08 21:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
2006-10-17 07:01 143360 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBNA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1299202552\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-07-03 14:05 154136 ------w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-07-03 14:10 141848 ------w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2010-07-07 11:20 1008128 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-04-17 02:06 321656 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 07:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-26 15:28 137752 ------w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
2007-01-31 04:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-06 18:18 4423680 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-06 18:18 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-01-22 07:13 312640 ----a-w- c:\users\JansWiFi\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SONY VGP-UPR1 (Display Adapter)]
2008-08-28 23:10 233472 ----a-w- c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-08 02:38 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-03-06 22:22 36864 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2007-04-02 23:49 411768 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORecommender]
2010-11-19 13:57 204152 ----a-w- c:\program files\Sony\VAIO Recommender\VAIORecommender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2007-03-14 00:13 2322432 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2006-12-07 00:08 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eFilmProcessManagerNT;eFilmProcessManagerNT;c:\program files\Merge Healthcare\eFilm\efPMNT.exe [2009-02-11 20480]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
R3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 75952]
R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [2007-01-26 67760]
R3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 slsService;slsService;c:\program files\Merge Healthcare\eFilm\slsService.exe [2008-10-28 70656]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2008-08-18 13424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110316.001\IDSvix86.sys [2010-11-09 353912]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2008-08-18 443752]
S2 efAuditorService.exe;eFilm Audit Service;c:\program files\Merge Healthcare\eFilm\Auditor\efAuditorService.exe [2009-02-11 24576]
S2 mrtRate;mrtRate; [x]
S2 MSSQL$SQLEXPRESSEFILM;SQL Server (SQLEXPRESSEFILM);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-12-15 120248]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-01-03 11032]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S2 VisualizationServicesRemotingService;Visualization Services Remoting Service;c:\program files\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [2009-02-11 20480]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2008-08-18 287856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-11 102448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 43904]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\Sony\Image Converter 3\menu.htm
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2739981327-1961966216-2112046628-1005\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6028)
c:\program files\Pure Networks\Network Magic\nmspce2.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Common Files\Pure Networks Shared\Platform\11.2.09195.1.nmcorePS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Merge Healthcare\eFilm\efServer.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Merge Healthcare\eFilm\efDM.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Merge Healthcare\eFilm\efDBM.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AOL Desktop 9.6\waol.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files\AOL Desktop 9.6\shellmon.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
.
**************************************************************************
.
Completion time: 2011-03-17 17:38:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-17 21:37
.
Pre-Run: 127,398,892,544 bytes free
Post-Run: 127,624,909,824 bytes free
.
- - End Of File - - 928239E5247A07E1974D465852EE50E4


****************************************************************
Ok, I ran the ESET program and it did not give me the option at the end to copy to any clip board. It did create a file in my programs, and a log and it says there were no viruses found. When I tried ot run it again, to see why, it will not run it again, throws an error up saying it has run a scan within the past 24 and will not again. So, did I do something wrong? I will cut and paste that log if you like. I am stumped. Please do not think I am an ***** but please be aware that I do have MS and it affects me a lot cognitively. I have gone from a great career in financial planning to being cognitively disabled and as frustrating and troubling as this may be to you, it is more so to me. It is embarassing to even post this and know it is probably something that I did wrong. I will go to the next one.

would it help you to see the details header of one of the emails? They are all different but they are all seemingly from Yahoo accts.
*************************************************
oh and I did delete all the av programs except for norton360. I am running the sw you requested now, emailing you fr my iBad, since the 2nd out.

******************************************
Gotcha....edit

Yes, I am running them...when it rains, it pours. I received notice that the state is auditing us for 2008 and 2009...Why? Just to be Aholes? umm hmm. I do think so. So, I have been in a tizzy finding that crap as they said we have only x number of days to get it to them, and I cannot get turbo tax to download 08 and for some reason the return is not in my paper work. I am having that GD problem where no matter what I do, when I am on IE, I get the request to dl flash player over and over. I have jninstalled it, reinstalled it, purged, cleaned, used the uninstaller that you are pointed to at the Vista page, nothing works and I think that is why I cannot open the turbo tax forms as they are in pdf form and it is messing up as well. I have uninstalled that one and reinsttaled it but I do not know if it will work again or not. I am telling you, I want to open a vein. Todays priorities: fax geek squad papers to Allstate to try to get my desk top replaced and get off of this lap top. do your thing and then work on the audit. do you have any extra hemlock?

**Bobbye

For some reason, Karpesky will not run. It updated but when it tried to run, it stopped with a message about needing constant internet connection. So I went directly to the internet site and clicked to the free online virus scan and it said that it is on the process of being improved, I guess it is not available right now. It was not available to use, it would not allow a click. I spoke with AOLs fraud division. I don't know if you have ever heard of this but they said that a person will get your password and sign on to your email online. Then not sign out. Long as they do not sign out, regardless of the fact that you change your password, they have access to your acct. They send the emails and immediately delete them from your out box. I am a little skeptical, but they did something that would break any online open connection and reset everything. I still want to pursue this. What would I do about Kaspersky? Do you want me to wait a day or so and try again?
**********************************************************************************************

unforfunately, I have had to be gone all day today to a baby shower then a childs birthday party so I hope to get on it tonight. I have just not been able to work on it yet, but I will tonight or in the morning. When it rains it pours...I have the audits for my income taxes also for 2008 and 2009...for the state of all things. That is really the dark side of hell.


Bobbye

I am going to reply only to be sure you see this since I have so much info in the other reply from editing and I will ony edit this one going forward to add info to you and will reply to provide log info or other info as we discussed.

In the past week, I did discover how to remove the pop up that I was getting to down load flash player, by diabling UAC. I just want you to know that because that will not show in the information you are seeing because I ran and posted the combofix info five days ago.

Hey, I don't think that I do the right thing with the edit because you do not seem to see it. The kaspersky was being updated and would not run. I will try again. The message was something like, look for the new and better online scan. Also, AOL did a thing where they went in and made sure no one could have opened my acct via the web and not closed it thereby making my password changes of no consequence to them. But, they did it at noon to oneish on the 29th and one spam went out to three ppl around 3 and no more have since. Could that have been in the works somehow? I am hoping against hope.

here is the message that I get when I try to get to the online scanner through IE

Detect viruses on your computer with Kaspersky’s Online Virus Scanner. Our scanner searches your computer for the latest threats and lets you know which files are infected!

The Kaspersky Online Virus Scanner is being updated and improved!

But you don’t have to wait to protect your computer. Scan, detect and remove malware with a FREE 30-day trial of our latest, most advanced security protection.

If I try to click on your hyper link, I cannot even open the site. it fails. I have no idea what to do. I counted 400 emails that were sent from my account last August when I could see them in my sent box. They were all crazy. When I caught it, and stopped them by blocks, etc. they stopped util this past Feb and they are sending a hyper link to a virus now and nothing is in my outbox and maybe 100+ have gone.

What now?