Pop Ups and Sound Files

[ForestFire0]

I was using the install and change tool and there was a program "RON tool cpmsky" with no size or publisher info. When I try to uninstall it, it asks for a verification code which wants me to type the letters and numbers displayed above the text box. When I type the code and choose continue, the dialog box closes but nothing else happens. How can I get rid of this program?

[ForestFire0]

I am frequently getting pop ups that have the title "RON ads by cpmsky" even when I don't have any browser windows open. I also have had sound files that are of someone talking about buy.com or something. There's a program in the uninstall/remove windows tool with the title RON tool cpmsky with no publisher or size information. When I try to uninstall it, it asks if I'm sure and warns me my computer may not run the same as before. I chose yes, and it wants me to type in a series of 7 letters and numbers displayed above the text box as an uninstall validation. I do and it closes the box but nothing happens. If I type it wrong, it doesn't close the box and says the code is invalid.

Also, when I log in, two "iexplore" processes start without any internet explorer windows opening.

also, sorry for not making a new post, I couldn't figure out how to edit the first one.

[tetonbob]

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a

Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

[ForestFire0]

I had finished the steps before posting. I guess I should have mentioned that. The program still is functioning, but I haven't had any sound files play.

[tetonbob]

If you've finished the steps, where are the logs from Panda ActiveScan and HijackThis? Post them, please.

[ForestFire0]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:28 PM, on 10/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: cpmsky browser enhancer - {f2f277de-21dc-74d6-aa1f-c7567e02fd83} - C:\Windows\system32\iihurbqgxrcsxyy.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [mfggtvkfewqqc] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\iihurbqgxrcsxyy.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RtkHDMIService - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11868 bytes


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-05 21:43:26
PROTECTIONS: 3
MALWARE: 31
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3903.0 No No
McAfee Internet Security Suite 2007 8.1 No No
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@tribalfusion[3].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@yadro[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@azjmp[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@advertising[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@media.adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@adultfriendfinder[4].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@did-it[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atwola[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@enhance[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\sam@adserver.easyad[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location �!�p�]
s5

;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �!�p�]
s5

;===================================================================================================================================================================================
;===================================================================================================================================================================================

[tetonbob]

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Open HijackThis by right clicking on it, and selecting Run As Administrator.

Click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: cpmsky browser enhancer - {f2f277de-21dc-74d6-aa1f-c7567e02fd83} - C:\Windows\system32\iihurbqgxrcsxyy.dll
O4 - HKLM\..\Run: [mfggtvkfewqqc] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\iihurbqgxrcsxyy.dll"


Close HijackThis now.

---------------------------------------------------------------------------------------------

Using Windows Explorer, or Windows Search, locate and delete this file (if it still exists):

C:\Windows\system32\iihurbqgxrcsxyy.dll


Let me know if you have any troubles with that.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

• Download RSIT by random/random and save it to your desktop.
• Right click on RSIT.exe and select Run As Administrator to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
  
• Please attach info.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\rsit\info.txt
   

3. Click Upload.

---------------------------------------------------------------------------------------------

[ForestFire0]

Thank you very much for your help

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-10-07 20:04:10
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 111 GB (61%) free of 182 GB
Total RAM: 3069 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:12 PM, on 10/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sam\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RtkHDMIService - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11143 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{56C630EA-F80D-415E-933A-8FB08C21CAD8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-02 652784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-29 6111232]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2008-02-22 122880]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2008-04-03 317280]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AML"=C:\Program Files\Sony\VAIO Launcher\AML.exe [2008-03-26 1093632]
"VAIOMyMemCenter"=C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [2008-02-29 679936]
"VWLASU"=C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [2008-02-19 24576]
"SmartWiHelper"=C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [2008-06-27 77824]
"VAIORegistration"=C:\Program Files\Sony\First Experience\WelcomeLauncher.exe [2007-10-17 20480]
"VAIOSurvey"=C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe [2007-07-20 577536]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2008-05-15 98304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-10-07 20:04:10 ----D---- C:\rsit
2008-10-07 19:43:55 ----D---- C:\Program Files\CCleaner
2008-10-07 19:42:43 ----D---- C:\Program Files\Totally Free Burner
2008-10-07 19:15:34 ----D---- C:\Program Files\uTorrent
2008-10-07 19:15:21 ----D---- C:\Users\Sam\AppData\Roaming\uTorrent
2008-10-05 21:52:11 ----D---- C:\Program Files\Trend Micro
2008-10-05 21:45:22 ----AD---- C:\ProgramData\TEMP
2008-10-05 21:45:15 ----D---- C:\Program Files\SpywareBlaster
2008-10-05 20:44:25 ----D---- C:\Program Files\Panda Security
2008-10-05 20:42:15 ----D---- C:\Users\Sam\AppData\Roaming\Mozilla
2008-10-05 20:42:09 ----D---- C:\Program Files\Mozilla Firefox
2008-10-05 16:09:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-05 16:09:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-02 22:17:18 ----D---- C:\Users\Sam\AppData\Roaming\Google
2008-10-02 22:16:18 ----D---- C:\ProgramData\Google Updater
2008-10-02 22:16:18 ----D---- C:\Program Files\Google
2008-09-28 16:31:04 ----HD---- C:\ProgramData\CanonBJ
2008-09-28 15:20:51 ----D---- C:\Users\Sam\AppData\Roaming\PeerNetworking
2008-09-27 22:28:33 ----D---- C:\Program Files\Paint.NET
2008-09-25 22:30:27 ----A---- C:\Windows\system32\javaws.exe
2008-09-25 22:30:27 ----A---- C:\Windows\system32\javaw.exe
2008-09-25 22:30:26 ----A---- C:\Windows\system32\java.exe
2008-09-23 17:54:56 ----D---- C:\ProgramData\Citrix
2008-09-23 17:40:18 ----D---- C:\Users\Sam\AppData\Roaming\McAfee
2008-09-18 22:39:11 ----A---- C:\Windows\system32\dunzip32.dll
2008-09-18 22:37:45 ----D---- C:\Program Files\Common Files\McAfee
2008-09-18 22:37:44 ----D---- C:\Program Files\McAfee
2008-09-17 21:16:33 ----A---- C:\Windows\system32\wups2.dll
2008-09-17 21:16:33 ----A---- C:\Windows\system32\wucltux.dll
2008-09-17 21:16:33 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-17 21:16:33 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-17 21:16:17 ----A---- C:\Windows\system32\wups.dll
2008-09-17 21:16:17 ----A---- C:\Windows\system32\wudriver.dll
2008-09-17 21:16:17 ----A---- C:\Windows\system32\wuapi.dll
2008-09-17 21:16:10 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-17 21:16:10 ----A---- C:\Windows\system32\wuapp.exe
2008-09-13 18:57:07 ----A---- C:\Windows\system32\pngfilt.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\msls31.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\mshtmler.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\mshtmled.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\ieui.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\iernonce.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\corpol.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\advpack.dll
2008-09-13 18:57:07 ----A---- C:\Windows\system32\admparse.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\PrivacIE.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\msrating.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\licmgr10.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\inseng.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\imgutil.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\iesetup.dll
2008-09-13 18:57:06 ----A---- C:\Windows\system32\ieapfltr.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\webcheck.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\occache.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\mstime.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\msfeeds.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\ieaksie.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\ieakeng.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\dxtrans.dll
2008-09-13 18:57:05 ----A---- C:\Windows\system32\dxtmsft.dll
2008-09-13 18:57:04 ----A---- C:\Windows\system32\ieakui.dll
2008-09-13 18:57:03 ----A---- C:\Windows\system32\WinFXDocObj.exe
2008-09-13 18:57:03 ----A---- C:\Windows\system32\wextract.exe
2008-09-13 18:57:03 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2008-09-13 18:57:03 ----A---- C:\Windows\system32\SetDepNx.exe
2008-09-13 18:57:03 ----A---- C:\Windows\system32\PDMSetup.exe
2008-09-13 18:57:03 ----A---- C:\Windows\system32\msfeedssync.exe
2008-09-13 18:57:03 ----A---- C:\Windows\system32\ieUnatt.exe
2008-09-13 18:57:02 ----A---- C:\Windows\system32\url.dll
2008-09-13 18:57:02 ----A---- C:\Windows\system32\iedkcs32.dll
2008-09-13 18:57:01 ----A---- C:\Windows\system32\jscript.dll
2008-09-13 18:57:01 ----A---- C:\Windows\system32\iertutil.dll
2008-09-13 18:57:01 ----A---- C:\Windows\system32\ie4uinit.exe
2008-09-13 18:57:00 ----A---- C:\Windows\system32\mshta.exe
2008-09-13 18:57:00 ----A---- C:\Windows\system32\iexpress.exe
2008-09-13 18:57:00 ----A---- C:\Windows\system32\iepeers.dll
2008-09-13 18:57:00 ----A---- C:\Windows\system32\icardie.dll
2008-09-13 18:56:59 ----A---- C:\Windows\system32\wininet.dll
2008-09-13 18:56:59 ----A---- C:\Windows\system32\urlmon.dll
2008-09-13 18:56:58 ----A---- C:\Windows\system32\mshtml.dll
2008-09-13 18:56:58 ----A---- C:\Windows\system32\ieframe.dll
2008-09-10 14:40:24 ----D---- C:\Users\Sam\AppData\Roaming\Sony Corporation
2008-09-10 10:03:45 ----A---- C:\Windows\system32\GEARAspi.dll
2008-09-10 10:03:28 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 10:03:28 ----D---- C:\Program Files\iTunes
2008-09-10 10:03:28 ----D---- C:\Program Files\iPod
2008-09-10 10:02:16 ----D---- C:\Program Files\Bonjour
2008-09-10 10:00:44 ----D---- C:\Program Files\QuickTime
2008-09-09 17:46:40 ----A---- C:\Windows\system32\tzres.dll
2008-09-09 17:45:02 ----A---- C:\Windows\system32\msshooks.dll
2008-09-09 17:45:02 ----A---- C:\Windows\system32\msscb.dll
2008-09-09 17:45:00 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-09 17:45:00 ----A---- C:\Windows\system32\propdefs.dll
2008-09-09 17:45:00 ----A---- C:\Windows\system32\msstrc.dll
2008-09-09 17:45:00 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-09 17:45:00 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-09 17:45:00 ----A---- C:\Windows\system32\msshsq.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\wsepno.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\propsys.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\offfilt.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-09 17:44:59 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-09 17:44:58 ----A---- C:\Windows\system32\tquery.dll
2008-09-09 17:44:58 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-09 17:44:58 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-09 17:44:58 ----A---- C:\Windows\system32\mssvp.dll
2008-09-09 17:44:58 ----A---- C:\Windows\system32\mssrch.dll
2008-09-09 17:44:58 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-09 17:44:58 ----A---- C:\Windows\system32\mssph.dll
2008-09-09 17:44:58 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-09 17:11:45 ----D---- C:\Users\Sam\AppData\Roaming\ArcSoft
2008-09-09 16:48:54 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-09 16:48:54 ----A---- C:\Windows\system32\dataclen.dll
2008-09-09 16:48:53 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 16:48:48 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-09 16:48:46 ----A---- C:\Windows\system32\gameux.dll
2008-09-09 16:48:45 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-09 16:48:43 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 16:41:11 ----D---- C:\ProgramData\AOL OCP
2008-09-09 16:41:11 ----D---- C:\ProgramData\AOL
2008-09-09 16:40:57 ----D---- C:\Program Files\Common Files\AOL
2008-09-09 14:32:10 ----D---- C:\Temp
2008-09-09 14:30:21 ----D---- C:\Users\Sam\AppData\Roaming\Wizards of the Coast
2008-09-09 14:29:58 ----D---- C:\Program Files\Wizards of the Coast
2008-09-09 14:29:21 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield
2008-09-09 13:36:32 ----D---- C:\Users\Sam\AppData\Roaming\LimeWire
2008-09-09 13:33:59 ----D---- C:\Users\Sam\AppData\Roaming\InterVideo
2008-09-09 12:41:31 ----D---- C:\Program Files\LimeWire
2008-09-09 11:32:34 ----D---- C:\Program Files\Apple Software Update
2008-09-09 11:31:32 ----D---- C:\ProgramData\McAfee
2008-09-09 11:19:12 ----D---- C:\Users\Sam\AppData\Roaming\Apple Computer
2008-09-09 11:18:02 ----D---- C:\ProgramData\Apple Computer
2008-09-09 11:17:07 ----D---- C:\ProgramData\Roxio
2008-09-09 11:17:04 ----D---- C:\Users\Sam\AppData\Roaming\Roxio
2008-09-09 11:17:01 ----D---- C:\ProgramData\Apple
2008-09-09 11:17:01 ----D---- C:\Program Files\Common Files\Apple
2008-09-09 11:02:40 ----D---- C:\ProgramData\FLEXnet
2008-09-09 11:02:15 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-09 11:02:13 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-09 11:02:05 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-09 11:01:30 ----D---- C:\Users\Sam\AppData\Roaming\Corel
2008-09-09 11:01:18 ----A---- C:\Windows\system32\psisdecd.dll
2008-09-09 11:01:18 ----A---- C:\Windows\system32\EncDec.dll
2008-09-09 11:01:07 ----D---- C:\Windows\Intuit
2008-09-09 10:59:15 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-09 10:59:14 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-09 10:59:14 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-09 10:59:13 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-09 10:59:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-09 10:59:09 ----A---- C:\Windows\system32\shell32.dll
2008-09-09 10:59:07 ----A---- C:\Windows\system32\es.dll
2008-09-09 10:59:01 ----A---- C:\Windows\system32\fsquirt.exe
2008-09-09 10:58:48 ----A---- C:\Windows\system32\wshext.dll
2008-09-09 10:58:48 ----A---- C:\Windows\system32\wscript.exe
2008-09-09 10:58:48 ----A---- C:\Windows\system32\vbscript.dll
2008-09-09 10:58:48 ----A---- C:\Windows\system32\scrrun.dll
2008-09-09 10:58:48 ----A---- C:\Windows\system32\scrobj.dll
2008-09-09 10:58:48 ----A---- C:\Windows\system32\cscript.exe
2008-09-09 10:58:47 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-09 10:58:46 ----A---- C:\Windows\system32\quartz.dll
2008-09-09 10:53:34 ----D---- C:\Users\Sam\AppData\Roaming\Macromedia
2008-09-09 10:53:34 ----D---- C:\Users\Sam\AppData\Roaming\Adobe
2008-09-09 10:53:14 ----D---- C:\Users\Sam\AppData\Roaming\ATI
2008-09-09 10:52:45 ----D---- C:\Users\Sam\AppData\Roaming\Identities
2008-09-09 10:52:30 ----SD---- C:\Users\Sam\AppData\Roaming\Microsoft
2008-09-09 10:52:30 ----D---- C:\Users\Sam\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2008-10-07 20:04:10 ----D---- C:\Windows\Temp
2008-10-07 20:02:51 ----D---- C:\Windows\Prefetch
2008-10-07 20:01:40 ----D---- C:\Windows\System32
2008-10-07 20:01:40 ----D---- C:\Windows\inf
2008-10-07 20:01:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-07 19:47:00 ----D---- C:\Windows\Debug
2008-10-07 19:47:00 ----D---- C:\Windows
2008-10-07 19:43:55 ----RD---- C:\Program Files
2008-10-05 21:45:22 ----HD---- C:\ProgramData
2008-10-05 20:46:56 ----D---- C:\Windows\system32\drivers
2008-10-04 20:16:48 ----D---- C:\Windows\system32\Tasks
2008-10-02 22:16:58 ----SHD---- C:\Windows\Installer
2008-10-02 22:16:57 ----HD---- C:\Config.Msi
2008-09-30 18:23:12 ----RSD---- C:\Windows\Fonts
2008-09-30 18:23:12 ----D---- C:\Windows\twain_32
2008-09-30 18:23:12 ----D---- C:\Program Files\Common Files
2008-09-30 18:22:28 ----SHD---- C:\System Volume Information
2008-09-30 17:52:08 ----D---- C:\Windows\system32\catroot
2008-09-30 17:51:33 ----D---- C:\Windows\system
2008-09-27 22:30:32 ----RSD---- C:\Windows\assembly
2008-09-27 22:30:19 ----D---- C:\Windows\winsxs
2008-09-27 22:28:30 ----D---- C:\Windows\system32\catroot2
2008-09-26 13:33:56 ----RD---- C:\Users
2008-09-25 22:30:26 ----D---- C:\Program Files\Java
2008-09-23 18:07:20 ----SD---- C:\Windows\Downloaded Program Files
2008-09-18 22:37:54 ----D---- C:\Windows\Tasks
2008-09-18 21:40:50 ----D---- C:\Windows\rescache
2008-09-18 21:25:44 ----SHD---- C:\$Recycle.Bin
2008-09-18 19:25:11 ----HD---- C:\Windows\system32\GroupPolicy
2008-09-18 16:35:52 ----D---- C:\Windows\system32\en-US
2008-09-17 21:32:54 ----D---- C:\Windows\system32\NDF
2008-09-13 19:00:22 ----D---- C:\Program Files\Internet Explorer
2008-09-13 19:00:21 ----D---- C:\Windows\system32\WDI
2008-09-13 19:00:21 ----D---- C:\Windows\system32\migration
2008-09-13 19:00:21 ----D---- C:\Windows\PolicyDefinitions
2008-09-13 19:00:17 ----D---- C:\Windows\AppPatch
2008-09-13 18:56:34 ----D---- C:\Windows\SoftwareDistribution
2008-09-13 16:51:49 ----D---- C:\Program Files\Sony
2008-09-13 15:59:34 ----D---- C:\ProgramData\Microsoft Help
2008-09-13 15:58:13 ----D---- C:\Program Files\Common Files\microsoft shared
2008-09-13 12:47:04 ----D---- C:\ProgramData\Sony Corporation
2008-09-13 12:44:29 ----SD---- C:\ProgramData\Microsoft
2008-09-10 10:03:44 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-09 23:45:42 ----D---- C:\Windows\Microsoft.NET
2008-09-09 20:46:03 ----D---- C:\Windows\ehome
2008-09-09 20:45:57 ----D---- C:\Program Files\Windows Mail
2008-09-09 14:29:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-09 14:21:59 ----D---- C:\Windows\system32\LogFiles
2008-09-09 11:28:23 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-09-09 11:14:39 ----D---- C:\ProgramData\Napster
2008-09-09 11:14:35 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-09-09 11:13:48 ----D---- C:\Windows\system32\restore
2008-09-09 11:04:07 ----D---- C:\Program Files\Adobe
2008-09-09 11:00:56 ----D---- C:\ProgramData\Intuit
2008-09-09 11:00:56 ----D---- C:\Program Files\Common Files\Intuit

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2008-04-22 10216]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-01-24 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-01-24 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-22 164400]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-30 17408]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-12 3537408]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-28 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHprint;Microsoft Bluetooth Printer Class; C:\Windows\system32\DRIVERS\bthprint.sys [2008-01-20 29696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-11 81448]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-12-11 99880]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-12-11 28464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-11 17448]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-01-24 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-01-24 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-29 2126688]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-20 49664]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-04-15 68096]
R3 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2008-04-15 46592]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-04-27 142624]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-12-16 9344]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-01-24 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-03-26 298496]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-05-26 128104]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-12 663552]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 815104]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-02 168432]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 466944]
R2 RtkHDMIService;RtkHDMIService; C:\Windows\RtkAudioService.exe [2008-04-29 98304]
R2 uCamMonitor;CamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-09 104960]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2008-05-15 182112]
R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-05-27 411488]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2008-04-02 184320]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2008-04-02 147456]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-01-24 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2008-04-02 279848]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-02 654848]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2007-11-28 53248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2007-11-28 53248]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-04 104288]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-03-04 350048]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-03-04 63328]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2007-11-28 77824]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-04-02 73728]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]

-----------------EOF-----------------

[tetonbob]

RON tool cpmsky is not in the uninstall list. It should also then be gone from your Uninstall Programs applet.

Have the popups and sounds stopped?

[ForestFire0]

Yes, they have. It's fantastic. Thank you

[tetonbob]

Great.

Uninstall the following via the Uninstall Programs Panel:

Java(TM) SE Runtime Environment 6

These is outdated, and a security risk by having it installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should. It also takes up valuable space on your hard disk

Leave Java(TM) 6 Update 7 alone, as it is the most recent.

---------------------------------------------------------------------------------------------


Your logs appear clean.You should be good to go. We still have a few items to address.

Clear & Reset System Restore's Cache

• Press the Windows key + R
  
• Type or copy/paste control sysdm.cpl,,4 & press Enter
  
• Click on Continue
  
• Under Automatic Restore points
  • Uncheck (untick) all the boxes under Create restore points automatically on the selected disks section.
  • Click Turn System Restore Off.
  • Click Apply
  
  Turn System Restore back on now.
  
  
• Check (tick) all the boxes under Create restore points automatically on the selected disks section.
• Click OK.

Update Windows

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ .


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
  
  .
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[ForestFire0]

Thanks again

[tetonbob]

You're quite welcome.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.