Spam emails sent fr my AOL acct originating fr Yahoo

By seeknpeace
Mar 12, 2011
  1. I am having a really hard time with repeated spam emails being sent to my AOL address book looking as if I sent them. First go round, I found them in my outgoing box also, as I had auto add turned on in my aol sw. Turned that off and blocked all email addys and ip addys in the details of the emails sent. That stopped. They started again and this time none were showing in my sent box, but I am copied in the sends as well. So, I get the emails too from myself, to myself. In the details yahoo accounts are mostly what are showing before the diversion to my aol acct. I have run all the virus software I can find, Malware, Pest patrol, Adaware, Registry Repair, etc. I cannot stop it. I am stumped to the point of closing my AOL acct and I have so much business and bills etc tied to this acct it is a nightmare. I have had this screen name since 1996. Where do I turn? AOL does not give a crap. Is there a place that I can turn that prosecutes these ppl?
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    AOL and Yahoo are both web-based emails. So they can be hacked from the internet. It is very difficult to track down this type of hack because it can be perpetuated from outside your computer by a mass mailing bot who sends mail to everyone in an address book. If you happen to be in someone else's address book, that's all it takes to get the mass mail going.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17

    Ty so much and yes I do want your help. I need to get to my system I am on my iPad at the moment so I will be back ib a bit to start the process. I have had one person jump me about it and I told him that I feel strongly it is not in my computer but happening fr somewhere else.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay. Post when ready.
  5. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17

    Had unexpected guests all day and I am worn out but I am looking forward to dealing with this with you tomorrow. This has been awful. One thing is there a charge and if so, how much? Thank you so much.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No problem- take your time.
  7. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17


    I am a little bit confused. I recognize that once I started, this will take a minute and I will have to do it when I have more than I have right now. However, when I was doing the first part, the posts below it confused me. Do I skip the parts that are noted to skip?? I did the virus scan, and the temp folder removal and the malware scar, and was getting ready to do the emerg thingy but then I started reading below and it got crazy. Do I send the info to you in a reply, or a new post or etc etc, and do I skip number four...started hyperventilatng..hahaha...I run the malware sw all the time, none of that on here,and anti virus, none of that, and do maintenance emptying temps all the time,but I used your dl to do it. So, do I read ahead and follow suit or do the 8 step and put it all in a reply? Help me Jesus, head is spinning....for reals.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're making something easy confusing. Just follow the directions, paste the log in next reply. The rest is up to me! You keep all logs, questions and scans for this problem together in this thread!

    I need to see the results of the scans so you paste in the logs from Malwarebytes, GMER and DDS (2 logs for DDS). If you need more than 1 post to paste the logs, that's okay. Just keep it all together here.
  9. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17


    Ok, here they are:

    Malwarebytes' Anti-Malware

    Database version: 6056

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/14/2011 4:11:28 PM
    mbam-log-2011-03-14 (16-11-28).txt

    Scan type: Quick scan
    Objects scanned: 156756
    Time elapsed: 7 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER -
    Rootkit quick scan 2011-03-14 23:07:57
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD2500BJKT-00F4T0 rev.11.01A11
    Running: gmer.exe; Driver: C:\Users\JansWiFi\AppData\Local\Temp\kxlirkoc.sys

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_11-03-05.01)
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/28/2009 5:48:40 AM
    System Uptime: 3/14/2011 11:20:14 PM (0 hours ago)
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | N/A | 1801/200mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 225 GiB total, 120.564 GiB free.
    D: is FIXED (NTFS) - 1 GiB total, 0.76 GiB free.
    E: is Removable
    F: is Removable
    G: is CDROM ()
    ==== Disabled Device Manager Items =============
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Wireless WiFi Link 4965AGN
    Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&25FA882E&0&00E0
    Manufacturer: Intel Corporation
    Name: Intel(R) Wireless WiFi Link 4965AGN
    PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&25FA882E&0&00E0
    Service: NETw5v32
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe FE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_9015104D&REV_01\4&44ADF12&0&00E2
    Manufacturer: Realtek
    Name: Realtek PCIe FE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_9015104D&REV_01\4&44ADF12&0&00E2
    Service: RTL8169
    ==== System Restore Points ===================
    RP832: 3/3/2011 3:49:24 PM - Windows Update
    RP833: 3/4/2011 12:03:00 AM - Windows Modules Installer
    RP834: 3/4/2011 12:19:05 AM - Installed Licensing Service Install
    RP835: 3/4/2011 1:44:40 AM - Windows Update
    RP836: 3/4/2011 12:52:57 PM - Windows Update
    RP837: 3/4/2011 2:02:07 PM - Installed Licensing Service Install
    RP838: 3/5/2011 1:17:27 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
    RP839: 3/5/2011 1:18:18 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
    RP840: 3/6/2011 7:56:59 PM - Scheduled Checkpoint
    RP841: 3/7/2011 6:58:25 PM - Scheduled Checkpoint
    RP842: 3/7/2011 7:42:24 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    RP843: 3/8/2011 12:43:15 PM - Windows Update
    RP844: 3/9/2011 3:00:13 AM - Windows Update
    RP845: 3/10/2011 9:52:00 AM - Scheduled Checkpoint
    RP846: 3/10/2011 2:36:37 PM - Installed Licensing Service Install
    RP847: 3/11/2011 11:36:00 AM - Windows Update
    RP848: 3/11/2011 11:15:51 PM - Norton 360 Registry Clean
    RP849: 3/14/2011 6:10:43 PM - Scheduled Checkpoint
    ==== Installed Programs ======================
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.0.1)
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Battery Care Function
    Cisco Network Magic
    Click to DVD 2.0.05 Menu Data
    Click to DVD 2.6.00
    Color Efex Pro 3.0 Corel Sampler
    Corel MediaOne
    Corel Paint Shop Pro Photo X2
    Corel Paint Shop Pro Photo XI
    Corel Painter Photo Essentials 4
    DAO 3.5
    DisplayLink Core Software
    Download Updater (AOL LLC)
    DSD Direct
    DSD Playback Plug-in
    DVD Shrink 3.2
    eFilm Workstation
    EPSON Printer Software
    ESET Online Scanner v3
    Free Mp3 Wma Converter V 1.81
    FreeRIP v3.5
    Google Earth
    Google Update Helper
    Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )
    Grouper Screen Saver 1.0
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Image Converter 3
    ImageSkill Background Remover 3
    InstallIQ Updater
    Instant Mode
    Intel(R) Graphics Media Accelerator Driver
    InterVideo Register Manager
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    LocationFree Player
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESSEFILM)
    Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Network Magic
    Norton 360
    Norton PC Checkup
    OGA Notifier 2.0.0048.0
    OpenMG Limited Patch 4.7-07-13-24-01
    OpenMG Secure Module 4.7.00
    Pure Networks Platform
    QuickBooks Product Listing Service
    Quicken Home & Business 2000
    Realtek High Definition Audio Driver
    Registry Repair Pro
    Roxio Easy Media Creator Home
    RTC Client API v1.2
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Setting Utility Series
    Simple Start Entice
    SonicStage 4.3
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Download Taxi
    Sony Utilities DLL
    SONY VGP-UPR1 (Display Adapter)
    SONY VGP-UPR1 (Display Adapter) Utility
    Sony Video Shared Library
    SSA Benefit Calculator
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vaio Application Uninstaller
    VAIO AV Mode Launcher
    VAIO Azure Float Wallpaper
    VAIO Camera Capture Utility
    VAIO Camera Utility
    VAIO Care
    VAIO Care Update
    VAIO Center Access Bar
    VAIO Central
    VAIO Content Importer VAIO Content Exporter
    VAIO Content Importer / VAIO Content Exporter
    VAIO Database Converter 1.0
    VAIO Database Converter Ver 1.0
    VAIO Entertainment Center
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Floral Dusk Wallpaper
    VAIO Help And Support
    VAIO Media
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.2
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool
    VAIO Media Registration Tool 6.0
    VAIO Photo 2007
    VAIO Power Management
    VAIO Productivity Center
    VAIO Security Center
    VAIO Service Utility
    VAIO Startup Control
    VAIO Survey
    VAIO Teal Whisper Wallpaper
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebEx Support Manager for Internet Explorer
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinDVD for VAIO
    WinRAR archiver
    Wireless Switch Setting Utility
    YouTube Downloader 2.7
    YouTube Downloader Toolbar v4.1
    ==== Event Viewer Messages From Past Week ========
    3/9/2011 11:29:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    3/7/2011 7:44:26 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/7/2011 7:42:02 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/14/2011 4:20:07 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is JANCOMPAQ.
    3/14/2011 3:56:36 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    3/14/2011 3:43:32 PM, Error: Service Control Manager [7034] - The DisplayLink Service service terminated unexpectedly. It has done this 1 time(s).
    3/14/2011 11:22:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
    3/14/2011 11:22:16 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/14/2011 11:20:38 PM, Error: EventLog [6008] - The previous system shutdown at 11:19:07 PM on 3/14/2011 was unexpected.
    3/14/2011 11:14:31 PM, Error: netbt [4321] - The name "MSHOME :1d" could not be registered on the interface with IP address The computer with the IP address did not allow the name to be claimed by this computer.
    3/13/2011 5:53:06 PM, Error: Service Control Manager [7022] - The Windows Event Collector service hung on starting.
    3/13/2011 5:50:49 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
    3/13/2011 5:40:52 PM, Error: netbt [4311] - Initialization failed because the driver device could not be created. Use the string "0013E82E9A1D" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
    3/11/2011 12:29:15 PM, Error: EventLog [6008] - The previous system shutdown at 12:26:41 PM on 3/11/2011 was unexpected.
    3/10/2011 8:14:25 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    3/10/2011 8:09:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ProtexisLicensing service to connect.
    3/10/2011 8:09:45 AM, Error: Service Control Manager [7000] - The ProtexisLicensing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/10/2011 8:06:32 AM, Error: EventLog [6008] - The previous system shutdown at 8:04:14 AM on 3/10/2011 was unexpected.
    3/10/2011 8:01:51 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    ==== End Of File ===========================

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by JansWiFi at 23:44:14.31 on Mon 03/14/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.322 [GMT -4:00]
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
    C:\Program Files\Sony\VAIO Care\VCSpt.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Merge Healthcare\eFilm\Auditor\efAuditorService.exe
    C:\Program Files\Merge Healthcare\eFilm\efPMNT.exe
    C:\Program Files\Merge Healthcare\eFilm\efServer.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Windows\System32\svchost.exe -k LPDService
    c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\AOL Desktop 9.6\waol.exe
    C:\Program Files\Merge Healthcare\eFilm\efDM.exe
    C:\Program Files\Merge Healthcare\eFilm\efDBM.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton 360\Engine\\ccSvcHst.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\Norton PC Checkup\Engine\\SymcPCCULaunchSvc.exe
    C:\Program Files\Norton PC Checkup\Engine\\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Norton PC Checkup\Engine\\ccSvcHst.exe
    C:\Program Files\Norton 360\Engine\\ccSvcHst.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AOL Desktop 9.6\shellmon.exe
    C:\Program Files\Common Files\AOL\1299202552\ee\aolsoftware.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\System32\svchost.exe -k swprv
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://
    mDefault_Page_URL = hxxp://
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\\coIEPlg.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
    mRun: [<NO NAME>]
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\janswifi\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\\CoIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    ============= SERVICES / DRIVERS ===============
    R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2009-11-8 13424]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-15 64288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110314.001\IDSvix86.sys [2011-3-14 353912]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-31 20376]
    R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-8-18 443752]
    R2 efAuditorService.exe;eFilm Audit Service;c:\program files\merge healthcare\efilm\auditor\efAuditorService.exe [2009-2-11 24576]
    R2 eFilmProcessManagerNT;eFilmProcessManagerNT;c:\program files\merge healthcare\efilm\efPMNT.exe [2009-2-11 20480]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-9-4 21504]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1405384]
    R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2009-11-10 36404]
    R2 MSSQL$SQLEXPRESSEFILM;SQL Server (SQLEXPRESSEFILM);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 N360;Norton 360;c:\program files\norton 360\engine\\ccSvcHst.exe [2010-2-2 117640]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\\SymcPCCULaunchSvc.exe [2010-9-29 120248]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\\ccSvcHst.exe [2010-9-29 126392]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-1-3 11032]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
    R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
    R2 VisualizationServicesRemotingService;Visualization Services Remoting Service;c:\program files\merge healthcare\efilm\visualization services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [2009-2-11 20480]
    R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2009-11-8 287856]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-13 102448]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15232]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-5-3 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-5-3 43904]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-5-3 31104]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-2 48688]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]
    RUnknown SampleCollector;SampleCollector; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-21 136176]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2009-8-28 75952]
    S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2009-8-28 67760]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-9 4232704]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-9-4 21504]
    S3 slsService;slsService;c:\program files\merge healthcare\efilm\slsService.exe [2008-10-28 70656]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2009-8-28 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2009-8-28 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2009-8-28 1089536]
    S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-9-4 11264]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    =============== Created Last 30 ================
    2011-03-14 15:05:59 -------- d-----w- c:\program files\iPod
    2011-03-14 15:05:11 -------- d-----w- c:\program files\iTunes
    2011-03-14 04:05:32 -------- d-----w- c:\users\janswifi\appdata\roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
    2011-03-13 04:30:47 -------- d-----w- c:\program files\ESET
    2011-03-11 16:41:40 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0ebb36d8-414c-4f05-8174-d089aa2b23b5}\mpengine.dll
    2011-03-10 13:18:47 -------- d-----w- c:\windows\system32\Adobe
    2011-03-10 13:15:26 -------- d-----w- c:\program files\Fanbase
    2011-03-09 01:11:19 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 01:11:18 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 01:11:18 177664 ----a-w- c:\windows\system32\
    2011-03-09 01:11:18 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 01:11:12 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 01:11:12 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-08 00:40:40 -------- d-----w- c:\program files\Bonjour
    2011-03-05 18:20:49 -------- d-----w- c:\program files\Pure Networks
    2011-03-05 18:18:17 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2011-03-05 18:17:21 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
    2011-03-05 18:17:16 -------- d-----w- c:\program files\common files\Pure Networks Shared
    2011-03-05 18:16:58 -------- d-----w- c:\progra~2\Pure Networks
    2011-03-04 23:37:40 -------- d-----w- c:\users\janswifi\appdata\local\Smilebox
    2011-03-04 23:37:09 -------- d-----w- c:\users\janswifi\appdata\roaming\Smilebox
    2011-03-04 19:08:27 -------- d-----w- c:\program files\VAIO Startup
    2011-03-04 14:38:00 88576 ----a-w- c:\windows\system32\tlntsess.exe
    2011-03-04 14:38:00 71168 ----a-w- c:\windows\system32\telnet.exe
    2011-03-04 05:05:33 -------- d-----w- c:\windows\system32\0409
    2011-03-04 05:05:25 -------- d-----w- c:\windows\system32\inetsrv
    2011-03-04 05:05:20 -------- d-----w- C:\inetpub
    2011-03-04 01:38:43 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
    2011-03-04 01:35:42 -------- d-----w- c:\program files\common files\AOL
    2011-03-04 01:35:41 -------- d-----w- c:\program files\common files\aolshare
    2011-03-04 01:35:41 -------- d-----w- c:\program files\AOL Desktop 9.6
    2011-03-01 17:34:53 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-03-01 17:34:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-25 14:42:24 -------- d-----w- C:\unused AOLs to get off desktop
    2011-02-24 21:58:02 128104 ----a-r- c:\windows\system32\drivers\WimFltr.sys
    ==================== Find3M ====================
    2011-03-15 03:20:54 264 ----a-w- c:\windows\system32\winsusrm.dll
    2011-03-05 18:20:06 8892928 ----a-w- c:\progra~2\atscie.msi
    2011-03-04 23:33:09 5954 ----a-w- c:\windows\system32\KGyGaAvL.sys
    2011-03-04 23:19:02 952 --sha-w- c:\progra~2\KGyGaAvL.sys
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-13 11:19:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-01-13 11:19:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    ============= FINISH: 23:45:23.69 ===============
  10. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17

    EMails are going out as if from me every single day. It is out of control. FYI, I have not been able to use system restore in some time. Nor will my cd player read home made cds, that probably is not related, but thought that I would throw that in just in case.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You should not attempt to do a System Restore while I'm helping to clean the system. It could reinfect the system. I'll have you check the status of SR later- it might be turned off. We'll skip the CD problem for now.
    As for the email problem, I suggest you close the current email account, set up a new email account and generate a new password for it. If it was hacked from the outside, it's not going to get better.
    You have 3 antivirus programs running:
    Norton 360 (Norton Removal Tool)
    McAfee Security scan. (McAfee Removal)
    Lavasoft Ad-Watch Live! Anti-Virus
    This makes the system more vulnerable, not less. Please get this down to one AV program. I have left. Reboot the computer when finished
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Download Combofix from HERE or HERE
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  12. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17

    Hi, for what it is worth, my SR will not work, even though it is turned on. It never can finish, says it has some type of error, which it does not specify. As for the AOL account, I have changed the password repeatedly, and the emails are sent out whenever the conputer is off. I think that they are being generated elsewhere and being sent via redirect or diverting. I hesitate on closing the account since it is tied to so many billing accounts and other things, it would cause major issues for me unless I could figure all that out and got to all the accounts in question and change the emails there. I have had the email account over ten years. I have my own email name in my addy book so I get the spam email as well. They all only have one hyperlink in them selling viagra or something like that. Also, they only send them to a couple or three ppl at a time so as not to be flagged as spam. I do think that whether my account is open or not may not matter, but I defer to you to tell me this. It will cause a major problem to close it. I wonder if there is a way to just deactivate it for this period? I hate AOL, they are nonresponsive to issues.
  13. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17

    I am still waiting to hear fr you...


    I am sorry, I have run the ESET three times. It creates a file in my program files that has a log.txt after I run it but it has nothing there. However, the scan comes back good with no virus' found, it comes back clean. I do not know what else to do. I cannot imagine what I am going wrong. I turn the virus protection, all aspects of it, off, go to your link, click on it, check and uncheck the boxes you specify. After the undated files run, the scan runs. But at the end there is never a copy to clip board anything. Just a finish button and an offer to either buy the sw or sign up for the trial. Then nothing. I have no idea what else to do. However, it shows clean. I humbly await your next steps and I am going to run traces on the ip addys and turn some of these aholes into their providers as well. They have not sent anything from my address in a couple of days. Maybe they have moved on. As I understand it, their whole intention is to make money, and if no one is biting, they do move on.

    Still working on the ESET. But, here is the combofix

    ComboFix 11-03-16.06 - JansWiFi 03/17/2011 16:55:31.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.829 [GMT -4:00]
    Running from: c:\users\JansWiFi\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    ((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
    2011-03-17 21:10 . 2011-03-17 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-15 14:59 . 2011-02-23 14:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4A52A0C-9616-4FA1-9D52-C8DBD9AF3EC4}\mpengine.dll
    2011-03-14 15:05 . 2011-03-14 15:05 -------- d-----w- c:\program files\iPod
    2011-03-14 15:05 . 2011-03-14 15:07 -------- d-----w- c:\program files\iTunes
    2011-03-14 04:05 . 2011-03-14 04:05 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
    2011-03-13 04:30 . 2011-03-13 04:30 -------- d-----w- c:\program files\ESET
    2011-03-10 13:18 . 2011-03-10 13:18 -------- d-----w- c:\windows\system32\Adobe
    2011-03-10 13:15 . 2011-03-10 13:15 -------- d-----w- c:\program files\Fanbase
    2011-03-10 12:51 . 2011-03-10 13:04 -------- d-----w- c:\programdata\NOS
    2011-03-09 01:11 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 01:11 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 01:11 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 01:11 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\
    2011-03-09 01:11 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 01:11 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-08 00:40 . 2011-03-08 00:40 -------- d-----w- c:\program files\Bonjour
    2011-03-05 18:20 . 2011-03-05 18:20 -------- d-----w- c:\program files\Pure Networks
    2011-03-05 18:18 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2011-03-05 18:17 . 2009-07-07 19:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
    2011-03-05 18:17 . 2011-03-05 18:17 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
    2011-03-05 18:16 . 2011-03-05 18:37 -------- d-----w- c:\programdata\Pure Networks
    2011-03-04 23:37 . 2011-03-05 03:25 -------- d-----w- c:\users\JansWiFi\AppData\Local\Smilebox
    2011-03-04 23:37 . 2011-03-04 23:46 -------- d-----w- c:\users\JansWiFi\AppData\Roaming\Smilebox
    2011-03-04 19:08 . 2011-03-04 19:08 -------- d-----w- c:\program files\VAIO Startup
    2011-03-04 14:38 . 2009-06-10 09:43 88576 ----a-w- c:\windows\system32\tlntsess.exe
    2011-03-04 14:38 . 2009-06-10 09:43 71168 ----a-w- c:\windows\system32\telnet.exe
    2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- c:\windows\system32\0409
    2011-03-04 05:05 . 2011-03-04 05:05 -------- d-----w- C:\inetpub
    2011-03-04 01:38 . 2011-02-01 20:02 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
    2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\AOL
    2011-03-04 01:35 . 2011-03-04 01:39 -------- d-----w- c:\program files\AOL Desktop 9.6
    2011-03-04 01:35 . 2011-03-04 01:38 -------- d-----w- c:\program files\Common Files\aolshare
    2011-03-01 17:34 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-25 14:42 . 2011-02-25 14:43 -------- d-----w- C:\unused AOLs to get off desktop
    2011-02-24 21:58 . 2007-05-18 06:31 128104 ----a-r- c:\windows\system32\drivers\WimFltr.sys
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2011-03-10 13:10 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-05 18:20 . 2011-01-31 21:53 8892928 ----a-w- c:\programdata\atscie.msi
    2011-03-04 23:19 . 2010-09-10 15:28 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2011-01-20 16:37 . 2011-02-09 04:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-09 04:34 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-09 04:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-09 04:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-09 04:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08 . 2011-02-09 04:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07 . 2011-02-09 04:34 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-09 04:34 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-09 04:34 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-09 04:34 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-09 04:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-09 04:34 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-09 04:34 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-09 04:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-09 04:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-09 04:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-09 04:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-09 04:34 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24 . 2011-02-09 04:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-09 04:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-09 04:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-09 04:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:14 . 2011-02-09 04:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:12 . 2011-02-09 04:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-09 04:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-09 04:34 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44 . 2011-02-09 04:34 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44 . 2011-02-09 04:34 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-13 11:19 . 2011-01-13 11:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-01-13 11:19 . 2011-01-13 11:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-01-08 08:47 . 2011-02-09 02:25 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28 . 2011-02-09 02:25 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57 . 2011-02-09 02:25 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-30 02:11 . 2010-12-30 02:11 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-12-28 15:55 . 2011-01-12 13:53 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-20 23:09 . 2010-12-14 17:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-12-14 17:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote Table Of Contents.onetoc2 [2010-7-11 3656]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-04-24 00:19 98304 ------w- c:\windows\System32\VESWinlogon.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
    @="FSFilter Activity Monitor"
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
    backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk]
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
    backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
    [HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
    backup=c:\windows\pss\Click to DVD Automatic Mode Launcher.lnk.Startup
    [HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    [HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
    path=c:\documents and settings\JansWiFi\Desktop\Registry Repair Pro.lnk
    backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
    [HKLM\~\startupfolder\C:^Users^JansWiFi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
    path=c:\users\JansWiFi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler.lnk
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2011-01-13 11:19 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
    2008-08-08 21:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    2008-08-08 21:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
    2006-10-17 07:01 143360 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBNA.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1299202552\ee\aolsoftware.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-07-03 14:05 154136 ------w- c:\windows\System32\hkcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-07-03 14:10 141848 ------w- c:\windows\System32\igfxtray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
    2010-07-07 11:20 1008128 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    2007-04-17 02:06 321656 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
    2009-07-08 07:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
    2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-06-26 15:28 137752 ------w- c:\windows\System32\igfxpers.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
    2007-01-31 04:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-04-06 18:18 4423680 ----a-w- c:\windows\RtHDVCpl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-04-06 18:18 1822720 ----a-w- c:\windows\SkyTel.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
    2011-01-22 07:13 312640 ----a-w- c:\users\JansWiFi\AppData\Roaming\Smilebox\SmileboxTray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SONY VGP-UPR1 (Display Adapter)]
    2008-08-28 23:10 233472 ----a-w- c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-03-08 02:38 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
    2007-03-06 22:22 36864 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
    2007-04-02 23:49 411768 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORecommender]
    2010-11-19 13:57 204152 ----a-w- c:\program files\Sony\VAIO Recommender\VAIORecommender.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
    2007-03-14 00:13 2322432 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
    2006-12-07 00:08 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 eFilmProcessManagerNT;eFilmProcessManagerNT;c:\program files\Merge Healthcare\eFilm\efPMNT.exe [2009-02-11 20480]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
    R3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 75952]
    R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [2007-01-26 67760]
    R3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 slsService;slsService;c:\program files\Merge Healthcare\eFilm\slsService.exe [2008-10-28 70656]
    R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
    R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
    R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
    R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2008-08-18 13424]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110316.001\IDSvix86.sys [2010-11-09 353912]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
    S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2008-08-18 443752]
    S2 efAuditorService.exe;eFilm Audit Service;c:\program files\Merge Healthcare\eFilm\Auditor\efAuditorService.exe [2009-02-11 24576]
    S2 mrtRate;mrtRate; [x]
    S2 MSSQL$SQLEXPRESSEFILM;SQL Server (SQLEXPRESSEFILM);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\\ccSvcHst.exe [2009-08-22 117640]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\\SymcPCCULaunchSvc.exe [2010-12-15 120248]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\\ccSvcHst.exe [2009-08-24 126392]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-01-03 11032]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 187792]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
    S2 VisualizationServicesRemotingService;Visualization Services Remoting Service;c:\program files\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [2009-02-11 20480]
    S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2008-08-18 287856]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-11 102448]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
    S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 73472]
    S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 43904]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    rsmsvcs REG_MULTI_SZ ntmssvc
    ipripsvc REG_MULTI_SZ iprip
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    Contents of the 'Scheduled Tasks' folder
    2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
    2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 10:59]
    ------- Supplementary Scan -------
    uStart Page = hxxp://
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Transfer by Image Converter 3 - c:\program files\Sony\Image Converter 3\menu.htm
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
    AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files:
    "ImagePath"="\"c:\program files\Norton 360\Engine\\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\\diMaster.dll\" /prefetch:1"
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\\diMaster.dll\" /prefetch:1"
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-2739981327-1961966216-2112046628-1005\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
    @Denied: (C D) (Everyone)
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'Explorer.exe'(6028)
    c:\program files\Pure Networks\Network Magic\nmspce2.dll
    c:\program files\Pure Networks\Network Magic\nmrsrc.dll
    c:\program files\Common Files\Pure Networks Shared\Platform\11.2.09195.1.nmcorePS.dll
    ------------------------ Other Running Processes ------------------------
    c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
    c:\program files\Sony\VAIO Care\VCSpt.exe
    c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
    c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    c:\program files\Merge Healthcare\eFilm\efServer.exe
    c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
    c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Merge Healthcare\eFilm\efDM.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Merge Healthcare\eFilm\efDBM.exe
    c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\Sony\VAIO Power Management\SPMgr.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\AOL Desktop 9.6\waol.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Sony\VAIO Care\listener.exe
    c:\program files\AOL Desktop 9.6\shellmon.exe
    c:\program files\Sony\VAIO Care\VCsystray.exe
    Completion time: 2011-03-17 17:38:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-17 21:37
    Pre-Run: 127,398,892,544 bytes free
    Post-Run: 127,624,909,824 bytes free
    - - End Of File - - 928239E5247A07E1974D465852EE50E4

    Ok, I ran the ESET program and it did not give me the option at the end to copy to any clip board. It did create a file in my programs, and a log and it says there were no viruses found. When I tried ot run it again, to see why, it will not run it again, throws an error up saying it has run a scan within the past 24 and will not again. So, did I do something wrong? I will cut and paste that log if you like. I am stumped. Please do not think I am an ***** but please be aware that I do have MS and it affects me a lot cognitively. I have gone from a great career in financial planning to being cognitively disabled and as frustrating and troubling as this may be to you, it is more so to me. It is embarassing to even post this and know it is probably something that I did wrong. I will go to the next one.

    would it help you to see the details header of one of the emails? They are all different but they are all seemingly from Yahoo accts.
    oh and I did delete all the av programs except for norton360. I am running the sw you requested now, emailing you fr my iBad, since the 2nd out.


    Yes, I am running them...when it rains, it pours. I received notice that the state is auditing us for 2008 and 2009...Why? Just to be Aholes? umm hmm. I do think so. So, I have been in a tizzy finding that crap as they said we have only x number of days to get it to them, and I cannot get turbo tax to download 08 and for some reason the return is not in my paper work. I am having that GD problem where no matter what I do, when I am on IE, I get the request to dl flash player over and over. I have jninstalled it, reinstalled it, purged, cleaned, used the uninstaller that you are pointed to at the Vista page, nothing works and I think that is why I cannot open the turbo tax forms as they are in pdf form and it is messing up as well. I have uninstalled that one and reinsttaled it but I do not know if it will work again or not. I am telling you, I want to open a vein. Todays priorities: fax geek squad papers to Allstate to try to get my desk top replaced and get off of this lap top. do your thing and then work on the audit. do you have any extra hemlock?
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you have something to add, please use the Edit feature to include it in your prior reply. I get email feedback for every reply.

    No, I don't want the email header. There is nothing I can do about it. The only thing I can do is look for malware on your system. If infection is found in emails, it will show on one of the logs.

    I understand the complications of giving up a long time email account. AOL had most of us chained to them for years. When I left them years ago and wrote to cancel and close my account, they threatened to give my email address to someone else. You will not get any help from them.

    IF you want my help in this matter, you need to go ahead with he scans. The logs will give me information that my help me help you. If you aren't going to do this, I will free up the time to help others.

    Have you don't anything about the multiple AV programs?
    Have you run the Eset scan?
    Have you run Combofix?

    I can help you troubleshoot the System Restore settings later. at this point, you should not be attempting to use the feature.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I also waited a week to hear from you. Closed due to inactivity.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thread being reopened at member's request. Edit function was used to input the logs and they did not show when the thread was closed.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Take any McAfee and Registry Repair process off of Startup menu> Uninstall any McAfee or Registry Repair entry in Add/Remove> Use Windows Explorer to access My Computer> Local Drive(C)> Programs> right click> Delete on the program folders.
    Sony Software Bundled with VAIO Computers: The applications listed HERE are currently identified as having compatibility issues after installing the Windows Vista operating system.
    Digsby InstallQ:> When it sounds too good to be true, it isn't! This process is insidious. Please see the information HERE about junk software and what this program does and will attempt.
    The following are being loaded from the Registry at Startup, the running in the background. None of these need to start on boot. Please tell if if you 1. Still use -or-2. No longer use:
    This does not mean you cannot use these programs or apps and it doesn't uninstall them. But none need to start on boot and run in the background.
    C:\unused AOLs to get off desktop> either delete or move to appropriate folders.
    You are using Telnet (2009): c:\windows\system32\telnet.exe. See this for WHY you shouldn't be using it!
    Please see if you can run this online virus scan:
    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
  18. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17


    For some reason, Karpesky will not run. It updated but when it tried to run, it stopped with a message about needing constant internet connection. So I went directly to the internet site and clicked to the free online virus scan and it said that it is on the process of being improved, I guess it is not available right now. It was not available to use, it would not allow a click. I spoke with AOLs fraud division. I don't know if you have ever heard of this but they said that a person will get your password and sign on to your email online. Then not sign out. Long as they do not sign out, regardless of the fact that you change your password, they have access to your acct. They send the emails and immediately delete them from your out box. I am a little skeptical, but they did something that would break any online open connection and reset everything. I still want to pursue this. What would I do about Kaspersky? Do you want me to wait a day or so and try again?

    unforfunately, I have had to be gone all day today to a baby shower then a childs birthday party so I hope to get on it tonight. I have just not been able to work on it yet, but I will tonight or in the morning. When it rains it pours...I have the audits for my income taxes also for 2008 and 2009...for the state of all things. That is really the dark side of hell.


    I am going to reply only to be sure you see this since I have so much info in the other reply from editing and I will ony edit this one going forward to add info to you and will reply to provide log info or other info as we discussed.

    In the past week, I did discover how to remove the pop up that I was getting to down load flash player, by diabling UAC. I just want you to know that because that will not show in the information you are seeing because I ran and posted the combofix info five days ago.
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That's fine. How are you doing with Kaspersky.
  20. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17

    Hey, I don't think that I do the right thing with the edit because you do not seem to see it. The kaspersky was being updated and would not run. I will try again. The message was something like, look for the new and better online scan. Also, AOL did a thing where they went in and made sure no one could have opened my acct via the web and not closed it thereby making my password changes of no consequence to them. But, they did it at noon to oneish on the 29th and one spam went out to three ppl around 3 and no more have since. Could that have been in the works somehow? I am hoping against hope.

    here is the message that I get when I try to get to the online scanner through IE

    Detect viruses on your computer with Kaspersky’s Online Virus Scanner. Our scanner searches your computer for the latest threats and lets you know which files are infected!

    The Kaspersky Online Virus Scanner is being updated and improved!

    But you don’t have to wait to protect your computer. Scan, detect and remove malware with a FREE 30-day trial of our latest, most advanced security protection.

    If I try to click on your hyper link, I cannot even open the site. it fails. I have no idea what to do. I counted 400 emails that were sent from my account last August when I could see them in my sent box. They were all crazy. When I caught it, and stopped them by blocks, etc. they stopped util this past Feb and they are sending a hyper link to a virus now and nothing is in my outbox and maybe 100+ have gone.

    What now?
  21. seeknpeace

    seeknpeace TS Rookie Topic Starter Posts: 17


    What the hell is this??? Twenty of these popped up on my desk top as individual texts

    # A fatal error has been detected by the Java Runtime Environment:
    # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x068d3f88, pid=7460, tid=4664
    # JRE version: 6.0_22-b04
    # Java VM: Java HotSpot(TM) Client VM (17.1-b03 mixed mode, sharing windows-x86 )
    # Problematic frame:
    # C [jp2iexp.dll+0x3f88]
    # If you would like to submit a bug report, please visit:
    # The crash happened outside the Java Virtual Machine in native code.
    # See problematic frame for where to report the bug.

    --------------- T H R E A D ---------------

    Current thread (0x075d9800): JavaThread "main" [_thread_in_native, id=4664, stack(0x02f30000,0x03130000)]

    siginfo: ExceptionCode=0xc0000005, reading address 0x00000001

    EAX=0x00000001, EBX=0x3410a250, ECX=0x0024d658, EDX=0x0312d00c
    ESP=0x0312cfec, EBP=0x0312cff8, ESI=0x00000000, EDI=0x075d9800
    EIP=0x068d3f88, EFLAGS=0x00010246

    Top of Stack: (sp=0x0312cfec)
    0x0312cfec: 0312d00c 3410a250 00000001 0312d038
    0x0312cffc: 09189f47 075d9918 0312d040 07139e90
    0x0312d00c: 00000000 075d9f18 fffffffe 0312d018
    0x0312d01c: 3410a250 0312d04c 34113058 00000000
    0x0312d02c: 3410a250 00000000 0312d048 0312d074
    0x0312d03c: 09182f07 34112a68 09188286 07139e90
    0x0312d04c: 00000000 3219a6a8 0312d054 3410a1bf
    0x0312d05c: 0312d07c 34113058 00000000 3410a1d0

    Instructions: (pc=0x068d3f88)
    0x068d3f78: 33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
    0x068d3f88: 8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14

    Stack: [0x02f30000,0x03130000], sp=0x0312cfec, free space=7f30312cb20k
    Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
    C [jp2iexp.dll+0x3f88]
    j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
    j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
    j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
    j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
    j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
    j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
    j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
    j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
    j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$
    v ~StubRoutines::call_stub
    V [jvm.dll+0xf3a9c]
    V [jvm.dll+0x186591]
    V [jvm.dll+0xf3b1d]
    V [jvm.dll+0xfd5af]
    V [jvm.dll+0x1003a7]
    C [jp2iexp.dll+0x178d]
    C [jp2iexp.dll+0x8670]
    C [jp2iexp.dll+0x7b42]
    C [USER32.dll+0x1fd72]
    C [USER32.dll+0x1fe4a]
    C [USER32.dll+0x2018d]
    C [USER32.dll+0x2022b]
    C [IEFRAME.dll+0xf1b83]
    C [IEFRAME.dll+0x111ac6]
    C [iertutil.dll+0x140150]
    C [IEFRAME.dll+0xffe03]
    C [kernel32.dll+0x4d0e9]
    C [ntdll.dll+0x416c3]
    C [ntdll.dll+0x41696]

    Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
    j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
    j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
    j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
    j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
    j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
    j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
    j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
    j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
    j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$
    v ~StubRoutines::call_stub

    --------------- P R O C E S S ---------------

    Java Threads: ( => current thread )
    0x0c02bc00 JavaThread "JRE Heartbeat Thread" [_thread_blocked, id=5232, stack(0x0cd60000,0x0ce60000)]
    0x0c035c00 JavaThread "JRE Worker Thread" [_thread_blocked, id=6312, stack(0x0c3a0000,0x0c4a0000)]
    0x0c035800 JavaThread "JRE Output Reader Thread" [_thread_in_native, id=7384, stack(0x0cb60000,0x0cc60000)]
    0x0c035000 JavaThread "JRE Output Reader Thread" [_thread_in_native, id=5184, stack(0x0c9a0000,0x0caa0000)]
    0x0c034c00 JavaThread "Thread-0" [_thread_in_native, id=356, stack(0x0c800000,0x0c900000)]
    0x0c033000 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=7028, stack(0x0b8b0000,0x0b9b0000)]
    0x090fd000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=8040, stack(0x0bef0000,0x0bff0000)]
    0x090c7800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3520, stack(0x0bb30000,0x0bc30000)]
    0x090bfc00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=4260, stack(0x0b9d0000,0x0bad0000)]
    0x090bec00 JavaThread "Attach Listener" daemon [_thread_blocked, id=7684, stack(0x0b7a0000,0x0b8a0000)]
    0x090bbc00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=7592, stack(0x0b4f0000,0x0b5f0000)]
    0x090b2400 JavaThread "Finalizer" daemon [_thread_blocked, id=6936, stack(0x0b630000,0x0b730000)]
    0x090b1000 JavaThread "Reference Handler" daemon [_thread_blocked, id=1576, stack(0x0b360000,0x0b460000)]
    =>0x075d9800 JavaThread "main" [_thread_in_native, id=4664, stack(0x02f30000,0x03130000)]

    Other Threads:
    0x090af800 VMThread [stack: 0x0b220000,0x0b320000] [id=8108]
    0x090d0c00 WatcherThread [stack: 0x0bdd0000,0x0bed0000] [id=7480]

    VM state:not at safepoint (normal execution)

    VM Mutex/Monitor currently owned by a thread: None

    def new generation total 4928K, used 1371K [0x32100000, 0x32650000, 0x32ba0000)
    eden space 4416K, 31% used [0x32100000, 0x32256e78, 0x32550000)
    from space 512K, 0% used [0x32550000, 0x32550000, 0x325d0000)
    to space 512K, 0% used [0x325d0000, 0x325d0000, 0x32650000)
    tenured generation total 10944K, used 0K [0x32ba0000, 0x33650000, 0x34100000)
    the space 10944K, 0% used [0x32ba0000, 0x32ba0000, 0x32ba0200, 0x33650000)
    compacting perm gen total 12288K, used 710K [0x34100000, 0x34d00000, 0x38100000)
    the space 12288K, 5% used [0x34100000, 0x341b1a18, 0x341b1c00, 0x34d00000)
    ro space 10240K, 51% used [0x38100000, 0x3862baf8, 0x3862bc00, 0x38b00000)
    rw space 12288K, 54% used [0x38b00000, 0x391976d8, 0x39197800, 0x39700000)

    Dynamic libraries:
    0x00a30000 - 0x00ae8000 C:\Program Files\Internet Explorer\iexplore.exe
    0x76f70000 - 0x77098000 C:\Windows\system32\ntdll.dll
    0x75640000 - 0x7571c000 C:\Windows\system32\kernel32.dll
    0x76580000 - 0x76646000 C:\Windows\system32\ADVAPI32.dll
    0x76ae0000 - 0x76ba3000 C:\Windows\system32\RPCRT4.dll
    0x767d0000 - 0x7686d000 C:\Windows\system32\USER32.dll
    0x76a00000 - 0x76a4b000 C:\Windows\system32\GDI32.dll
    0x76240000 - 0x762ea000 C:\Windows\system32\msvcrt.dll
    0x76bd0000 - 0x76c29000 C:\Windows\system32\SHLWAPI.dll
    0x75720000 - 0x76231000 C:\Windows\system32\SHELL32.dll
    0x76680000 - 0x767c5000 C:\Windows\system32\ole32.dll
    0x76870000 - 0x76980000 C:\Windows\system32\urlmon.dll
    0x77130000 - 0x771bd000 C:\Windows\system32\OLEAUT32.dll
    0x763c0000 - 0x76576000 C:\Windows\system32\iertutil.dll
    0x76c30000 - 0x76d4a000 C:\Windows\system32\WININET.dll
    0x771c0000 - 0x771c3000 C:\Windows\system32\Normaliz.dll
    0x76bb0000 - 0x76bce000 C:\Windows\system32\IMM32.DLL
    0x762f0000 - 0x763b8000 C:\Windows\system32\MSCTF.dll
    0x76a80000 - 0x76a89000 C:\Windows\system32\LPK.DLL
    0x76980000 - 0x769fd000 C:\Windows\system32\USP10.dll
    0x74380000 - 0x7451e000 C:\Windows\WinSxS\\comctl32.dll
    0x6f6d0000 - 0x70015000 C:\Windows\system32\IEFRAME.dll
    0x755a0000 - 0x755a7000 C:\Windows\system32\PSAPI.DLL
    0x740d0000 - 0x7410d000 C:\Windows\system32\OLEACC.dll
    0x770b0000 - 0x77123000 C:\Windows\system32\comdlg32.dll
    0x66dc0000 - 0x66df1000 C:\Program Files\Internet Explorer\IEShims.dll
    0x74680000 - 0x746bf000 C:\Windows\system32\uxtheme.dll
    0x754d0000 - 0x754e4000 C:\Windows\system32\Secur32.dll
    0x76a50000 - 0x76a7d000 C:\Windows\system32\WS2_32.dll
    0x770a0000 - 0x770a6000 C:\Windows\system32\NSI.dll
    0x74e50000 - 0x74e69000 C:\Windows\system32\iphlpapi.dll
    0x74e80000 - 0x74eb5000 C:\Windows\system32\dhcpcsvc.DLL
    0x750f0000 - 0x7511c000 C:\Windows\system32\DNSAPI.dll
    0x74e70000 - 0x74e77000 C:\Windows\system32\WINNSI.DLL
    0x74e20000 - 0x74e42000 C:\Windows\system32\dhcpcsvc6.DLL
    0x63d80000 - 0x64938000 C:\Windows\system32\MSHTML.dll
    0x74cd0000 - 0x74cd8000 C:\Windows\system32\VERSION.dll
    0x76de0000 - 0x76f6a000 C:\Windows\system32\setupapi.dll
    0x65450000 - 0x654fb000 C:\Windows\system32\d2d1.dll
    0x64fc0000 - 0x650c8000 C:\Windows\system32\DWrite.dll
    0x67050000 - 0x670d0000 C:\Windows\system32\dxgi.dll
    0x73130000 - 0x7313c000 C:\Windows\system32\dwmapi.dll
    0x749b0000 - 0x749eb000 C:\Windows\system32\rsaenh.dll
    0x74780000 - 0x747ad000 C:\Windows\system32\WINTRUST.dll
    0x74f50000 - 0x75042000 C:\Windows\system32\CRYPT32.dll
    0x750b0000 - 0x750c2000 C:\Windows\system32\MSASN1.dll
    0x754f0000 - 0x7550e000 C:\Windows\system32\USERENV.dll
    0x76650000 - 0x76679000 C:\Windows\system32\imagehlp.dll
    0x67f30000 - 0x67f5c000 C:\Windows\system32\d3d10_1.dll
    0x67e60000 - 0x67e9a000 C:\Windows\system32\d3d10_1core.dll
    0x622d0000 - 0x6234e000 C:\Windows\system32\D3D10Level9.dll
    0x10000000 - 0x10026000 C:\Windows\system32\dlumd32.dll
    0x04710000 - 0x0498c000 C:\Windows\system32\igdumd32.dll
    0x76d50000 - 0x76dd4000 C:\Windows\system32\CLBCatQ.DLL
    0x64940000 - 0x64972000 C:\Program Files\Internet Explorer\ieproxy.dll
    0x70df0000 - 0x70e43000 C:\Windows\System32\actxprxy.dll
    0x75440000 - 0x7546c000 C:\Windows\system32\apphelp.dll
    0x69bd0000 - 0x69c2e000 C:\Program Files\Norton 360\Engine\\coIEPlg.dll
    0x71230000 - 0x712b7000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCP80.dll
    0x72ab0000 - 0x72b4b000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll
    0x6ae10000 - 0x6ae92000 C:\Program Files\Norton 360\Engine\\ccL80U.dll
    0x72480000 - 0x724f4000 C:\Windows\system32\RICHED20.DLL
    0x6ca00000 - 0x6cbb8000 C:\Program Files\Norton 360\Engine\\SYMHTML.DLL
    0x732e0000 - 0x73365000 C:\Windows\WinSxS\\COMCTL32.dll
    0x74110000 - 0x74142000 C:\Windows\system32\WINMM.dll
    0x667a0000 - 0x667b1000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    0x74540000 - 0x745e3000 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\MSVCR90.dll
    0x6d380000 - 0x6d40e000 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\MSVCP90.dll
    0x66d70000 - 0x66d80000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    0x6b050000 - 0x6b067000 C:\Program Files\Norton 360\Engine\\ccVrTrst.dll
    0x69380000 - 0x6938c000 C:\Program Files\Norton 360\Engine\\EFACli.dll
    0x6afb0000 - 0x6aff0000 C:\Program Files\Norton 360\Engine\\ccSet.dll
    0x6ad80000 - 0x6ada6000 C:\Program Files\Norton 360\Engine\\ccIPC.dll
    0x69d90000 - 0x69e3b000 C:\Program Files\Norton 360\Engine\\coUICtlr.dll
    0x69e40000 - 0x69f16000 C:\Program Files\Norton 360\Engine\\coWPPlg.dll
    0x740b0000 - 0x740c5000 C:\Windows\system32\Cabinet.dll
    0x72ce0000 - 0x72d40000 C:\Windows\system32\WINHTTP.dll
    0x67620000 - 0x67697000 C:\Program Files\Norton 360\Engine\\isDataPr.dll
    0x69f70000 - 0x69fe3000 C:\Program Files\Norton 360\Engine\\IVPlugin.dll
    0x66da0000 - 0x66dae000 C:\Program Files\Norton 360\Engine\\FFPrefs.dll
    0x6a0f0000 - 0x6a21a000 C:\Program Files\Norton 360\Engine\\rf.dll
    0x727b0000 - 0x727f2000 C:\Windows\system32\WINSPOOL.DRV
    0x67210000 - 0x6722c000 C:\Windows\system32\oledlg.dll
    0x64f30000 - 0x64f48000 C:\Windows\system32\OLEPRO32.DLL
    0x6acf0000 - 0x6ad36000 C:\Program Files\Norton 360\Engine\\ccGEvt.dll
    0x6a2a0000 - 0x6a2d1000 C:\Program Files\Norton 360\Engine\\coParse.dll
    0x6bf40000 - 0x6bf5a000 C:\Program Files\Norton 360\Engine\\IPSBHO.DLL
    0x06ba0000 - 0x06c6e000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110325.002\Scxpx86.dll
    0x75380000 - 0x753df000 C:\Windows\system32\SXS.DLL
    0x74950000 - 0x74971000 C:\Windows\system32\NTMARTA.DLL
    0x76a90000 - 0x76ad9000 C:\Windows\system32\WLDAP32.dll
    0x750d0000 - 0x750e1000 C:\Windows\system32\SAMLIB.dll
    0x70070000 - 0x700ba000 C:\Windows\system32\RASAPI32.dll
    0x70110000 - 0x70124000 C:\Windows\system32\rasman.dll
    0x75300000 - 0x75376000 C:\Windows\system32\NETAPI32.dll
    0x6dfa0000 - 0x6dfd1000 C:\Windows\system32\TAPI32.dll
    0x703b0000 - 0x703bc000 C:\Windows\system32\rtutils.dll
    0x74d70000 - 0x74d77000 C:\Windows\system32\credssp.dll
    0x74b70000 - 0x74bb6000 C:\Windows\system32\schannel.dll
    0x71070000 - 0x71076000 C:\Windows\system32\sensapi.dll
    0x74c60000 - 0x74c9b000 C:\Windows\system32\mswsock.dll
    0x74920000 - 0x74925000 C:\Windows\System32\wshtcpip.dll
    0x70a20000 - 0x70a50000 C:\Windows\system32\MLANG.dll
    0x736e0000 - 0x737d4000 C:\Windows\system32\windowscodecs.dll
    0x67780000 - 0x6778c000 C:\Windows\system32\ImgUtil.dll
    0x61910000 - 0x6197c000 C:\Windows\system32\ieapfltr.dll
    0x65180000 - 0x6533b000 C:\Windows\System32\jscript9.dll
    0x67ee0000 - 0x67eeb000 C:\Windows\system32\msimtf.dll
    0x73c10000 - 0x73ccb000 C:\Windows\system32\PROPSYS.dll
    0x6aff0000 - 0x6b02e000 C:\Program Files\Norton 360\Engine\\ccsubeng.dll
    0x74cc0000 - 0x74cc5000 C:\Windows\System32\wship6.dll
    0x74010000 - 0x7401f000 C:\Windows\system32\NLAapi.dll
    0x71010000 - 0x7101f000 C:\Windows\system32\napinsp.dll
    0x70fd0000 - 0x70fe2000 C:\Windows\system32\pnrpnsp.dll
    0x71000000 - 0x71008000 C:\Windows\System32\winrnr.dll
    0x70f70000 - 0x70f95000 C:\Program Files\Bonjour\mdnsNSP.dll
    0x72e80000 - 0x72e86000 C:\Windows\system32\rasadhlp.dll
    0x068d0000 - 0x068ee000 C:\Program Files\Java\jre6\bin\jp2iexp.dll
    0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\MSVCR71.dll
    0x733f0000 - 0x733f7000 C:\Windows\system32\wsock32.dll
    0x6d7f0000 - 0x6da97000 C:\PROGRA~1\Java\jre6\bin\client\jvm.dll
    0x6d7a0000 - 0x6d7ac000 C:\PROGRA~1\Java\jre6\bin\verify.dll
    0x6d320000 - 0x6d33f000 C:\PROGRA~1\Java\jre6\bin\java.dll
    0x6d280000 - 0x6d288000 C:\PROGRA~1\Java\jre6\bin\hpi.dll
    0x6d7e0000 - 0x6d7ef000 C:\PROGRA~1\Java\jre6\bin\zip.dll
    0x6d420000 - 0x6d426000 C:\Program Files\Java\jre6\bin\jp2native.dll
    0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
    0x6d600000 - 0x6d613000 C:\Program Files\Java\jre6\bin\net.dll

    VM Arguments:
    jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -XX:MaxDirectMemorySize=64m
    java_command: <unknown>
    Launcher Type: generic

    Environment Variables:
    CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\
    PATH=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel

    --------------- S Y S T E M ---------------

    OS: Windows Vista Build 6002 Service Pack 2

    CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 13, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

    Memory: 4k page, physical 2086592k(547552k free), swap 4420244k(1797404k free)

    vm_info: Java HotSpot(TM) Client VM (17.1-b03) for windows-x86 JRE (1.6.0_22-b04), built on Sep 15 2010 00:56:36 by "java_re" with MS VC++ 7.1 (VS2003)

    time: Thu Mar 31 00:20:57 2011
    elapsed time: 0 seconds
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Remove all of the addons in the browser and add them back one at a time to find the offender.

    Check the Event Viewer for Error messages that corresponds the the Fatal Error message. Errors are time coded.

    If the problem continues, please post in the Windows BSOD forum.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...